Aternity SSO integration with Azure(Azure AD groups)

Categories:
Aternity Server
Solution Number:
S37904
Last Modified:
2023-10-17
Description

Aternity SSO integration with Azure(Azure AD groups). 

Issue
Aternity SSO integration with Azure does not work
Solution

Login to the Azure portal and navigate to the enterprise application which was created for the SSO integration.

 

 

 

 

 

Verifying Basic SAML Configuration

 

 

 

 

Verify Group claim

 

 

 

If the group claim is missing or not added correctly, use the following steps to add the group claim

 

 

Attributes & Claims + Add new clam + Required claim Claim name Unique user dentifier (Name ID) Additional claims Claim rume la.m Columns http:i/schernasxrnlsoap.orVws.'20C5/OS/identity/cLans/gö.••ennamte http•Wschernasxmlsoap.orVws/2005/OS/identty/clahs/name v Advanced settings Got feedback? SAML SAML SAML SAML SAML user.userprincipalname (nameid• user-mail user.givenname user.userpnncipalname user.su

 

 

Group Claims the group clams used by Azure AO to populate SAML tokens "sued to your app Which the should be returned in O None O Al groups O Security groups O Directory roles • Groups assignee to the •p plrat'on Source attribute • croup ID Cl Emit group name for cloud-only grwps O A Advanced options Filter groups Attribute to match Match mth Stnng Customize the name Of the group dairn Name (required) Narnespace (opt.cnal) x

 

 

52 和 ー 、 、 560002P ~ 0 ! 気 物 ー ー ん Nf 切 埓 p あ 00X ョ ロ 引 u 。 ) 聞 町 ” 北 。 る 。 は 新 引 ・ ロ 0 ー 山 ) ・ ー 驪 ー 0 山 ヨ 匸 ] (leuo•d0) 0 d N 町 ) dnOJ6 0 ・ 収 」 凶 ー ・ 4 山 0 0 )

 

 

Federation Metadata XML will added in the Aternity portal

 

SAML Certffcates Token certificate status Thumbprint Expiratnn Notrflca%on Email Metadata Cert16cate (Base64) Cert f.cate (RAW) Federation Metadata XML Verificatbn certificate (optional) Required Act ve "403408B3B%BC7S10877D8EE828SC9SF7663A2 25/02/2026. httpsfflog•mm•crosofton&necorn/e1 b 7a2d9• eada. Dowr*oad Dowr*o.d Edit Edd

 

 

Go to users and groups

 

Aternity I Users and groups Enterpnse Overview Deployment Plan Diagnose and solve problems Manage Add user/group Edit assignment Remove update credentials Columns Got feedback? o The appl•cat.on will .pge.r for assigned users w*hm My Apps. Set •visible to no m properties to prevent this. Assign zers and groups to app-roles for your application here. To create new app-roles for this application use the application registration. First 200 shown to search all users & gro„. Display Name Aternity_users Object Type Role C properties Owr*S Roles and users and groups Single sign-on provisioning Application proxy Self-service

 

Verify from the 'Members' tab the user who is trying to access the Aternity portal is part of the Azure AD group

 

R 巨 ま 、 & ぎ ョ i' ま 1 「 第 5 A 「 三 ty ー u お 「 竺 Members ・ 20 も ョ 2 ョ 「 こ h ま 物 Ad っ ; 一 3 ざ ー 当 X 0 を 当 0 お 当 0 6 ー problems

 

The object ID will be used in the Aternity portal. The object ID of the Azure AD group can be obtained from 'Overview' or 'Properties' tab.

 

O Aternity_users Diagncse and solve problerns Properties '-tenters Owrws Roles and adrn.ngtntc,rs Adrninistratwe units Group m«nbersh.ps Appbcat.ons Licenses Azure role assimments Access Audit logs Bulk operabon S'Qport New support request Got feedback? Aternity_users AT Membership type Source Object •d Created at Direct members 50 Total Group rnemberships 50 user(s) Whdcw•s Server AD 10/07/2023. o Croup(s) O Device(s) Copy to clipboard Oth«ts) Total members 50

 

 

On the Aternity portal, Cogwheel > Integration settings > Security -SSO

 

 

 

Verify the Group Name, Group Attribute and Group Value

 

 

In one of the customer cases, the Azure AD group name was added in the 'Group Value' field. So, the Aternity Azure AD SSO integration was not working. The group value should be the Object ID of the Azure AD group that was copied from the Azure portal.

 

Edit SSO Group Aternity_users G'0u0 G r oup value Ate mtty_users View update

Environment
Aternity EUE
Microsoft Azure
SSO integration
Azure AD groups
Attachments
NOTICE: Riverbed® product names have changed. Please refer to the Product List for a complete list of product names.
Can't find an answer? Create a case