This document will detail the process to configure the Deep Freeze Cloud so that users can log into the Deep Freeze Cloud site using credentials from Azure as an identity provider.
This document assumes that the person configuring Deep Freeze Cloud is familiar with Azure and has already configured the appropriate user credentials in their environment and that they have signed up for a Deep Freeze Cloud Account.
- Log into your Azure Portal
- Navigate to the Azure Active Directory and select the Tennant that you are going to configure with the Deep Freeze Cloud is selected.
- In the Action pane on the left, click Enterprise Applications under Manage.
- Click 'New Application.'
- On the next screen, click 'Create your own application'.
- Specify a name for the application. Select the option to 'Integrate any other application you don't find in the gallery' and click Create.Once the application is added, Azure will load the Application Overview page.
- On the Application Overview screen, click on 'Setup single sign on' under Getting Started.
- On the Single Sign-on screen, click on SAML.
- On the SAML-based Sign-on screen, Edit the User Attributes & Claims to remove existing Claims and Add the Claims below:
- Under SAML Signing Certificate click Add a Certificate.
- On the SAML Signing Certificate screen, click New Certificate, specify the Notification Email Address and click Save.
- Once the certificate changes are saved, make the certificate Active.
- Once the certificate is made Active, close the SAML Signing Certificate screen to return to the SAML-based Sign-on screen.
- Under SAML Signing Certificate, Click Download to download the Federation Metadata XML.
- Log in to the Deep Freeze Cloud Console and navigate to SAML Integration under User Management.
- Select the Upload IdP Metadata radio button. Click Browse to select the XML file downloaded in step 14.
- Once the XML is uploaded, click Next.
- Click Next on the Service Provider Configuration screen.
- On the Settings screen, configure the Login Domain name and default permissions and click Save.
- On the Service Provider Configuration screen, copy the Audience URI.
- Switch to the Azure Portal. Edit the Basic SAML Configuration.
- Paste the Audience URI copied in step 20 under 'Identifier (Entity ID)'.
- Copy the Assertion Consumer URL from Deep Freeze Cloud Console and Paste it under 'Reply URL (Assertion Consumer Service URL)' on the Basic SAML Configuration screen on Azure Portal.
- Copy the SAML Login URL from Deep Freeze Cloud Console and Paste it under 'Sign on URL' on the Basic SAML Configuration screen on Azure Portal.
- Click Save to save the Basic SAML Configuration.
- In the Action pane on the left, click Users and Groups under Manage.
- On the Users and Groups screen, click Add User.
- On the Add Assignment, click on Users to display the list of all users. Select the desired users from the list and click Select.
- Once the users are selected, click Assign.
- Configuration is complete, users with access should now be able to log into the Deep Freeze Cloud using their credentials from Azure and the logon domain configured in step 19 by expanding the Sign In Options and selecting Login with SAML from the choices presented.
Note: Sometimes the Identifier (Entity ID) setting is not saved when the Basic SAML Configuration is saved. Please review the Basic SAML Configuration Settings before proceeding. If this setting is not saved, please perform step 22 again.