How to configure O365 SAML Authentication for Copaco VMware Cloud.

Summary

You can use your O365 credentials to login to Vcloud Director. This article describribes how you can configure O365 SAML authentication.

Prerequisites

• You need to have an active Copaco VMware Cloud subscription

• You need to have an O365 environment

Start

1. Login to the Vcloud director portal

2. Go to “Administration
   

   

3. click on "SAML" under the Identity Providers in the menu on the left
   

   

4. On the SAML Configuration page click on the URL next to "Metadata", this will download a file we need to upload to Azure AD
   

   

5. Now that we have the metadata file we can switch to Azure AD

6. . Login to https://portal.azure.com and login with your Admin credentials
   

   

7. Go to “Azure Active Directory”
   

   

8. In the list of items along the left of the page click on "Enterprise Applications"
   

   

9. Click on "New Application"
   

   

10. In the little window that opens, name your application (e.g. Copaco Vmware Cloud) and ensure "Integrate any other application you don't find in the gallery" is selected. Click "Create" once done

    

11. On the page that loads click on "Assign Users and Groups" and add the user or group you want to have access. Once done click on "Overview" on the left
    

    

12. Click on " single sign on" → SAML
    

    

13. At the top of the page click on "Upload metadata file" and select the file you downloaded from vCloud Director
    

    

14. select the file you downloaded from vCloud Director
    

    

15. In the window that appears enter your vCloud Tenant URL into the "Sign On URL" field. click "Save" at the top once done
    

    

16. Under the "SAML Signing Certificate" section, click the download button next to "Federation Metadata XML". We need to upload this to vCloud Director
    

    

17. Now that the Azure AD side is configured we need to go back to vCloud Director and finish the SAML configuration

18. Go back to vCloud and to the section where you downloaded the metadata file. Click on "Edit" on that page
    

    

19. Click on the "Identity Provider" tab at the top of the page, then click the slider to enable the SAML Identity Provider and upload the XML file you downloaded from Azure. Click "SAVE" to apply the settings
    

    

20. Now go back to Vcloud director and add the users or groups that are allowed to use SAML

21. In Vcloud go to Administration → users → Import users

    

22. Select SAML as source and enter the username you want to import + the role for every user use a new line

    

23. You can also Import Azure groups. Important here is that you need to use the Azure AD group IDs instead of group names

24. In Vcloud go to Administration → groups → Import groups

    

25. Add the Azure Group IDs. For every group use a new line.

26. Now you can login to Copaco VMware cloud with your Microsoft Account.