Overview
This document will detail the process to configure the Deep Freeze Cloud so that users can log into the Deep Freeze Cloud site using credentials from Azure as an identity provider.
Requirements
This document assumes that the person configuring Deep Freeze Cloud is familiar with Azure and has already configured the appropriate user credentials in their environment and that they have signed up for a Deep Freeze Cloud Account.
Configuration Process
Login to https://admin.google.com
Navigate to the Apps -> SAML Apps.
Add App by Clicking on the Add App -> Add custom SAML app as shown in the figure below;
Add the App Name (say Deep Freeze Cloud) on the next screen and click on the continue button as shown in the figure below;
Download Idp Metadata from the next screen by clicking on the “DOWNLOAD METADATA” button as shown in the figure below and click on the continue button below in that screen.
Now log in into the Deep Freeze Cloud server using your existing credentials for SuperAdmin users.
Go to the “USER MANAGEMENT” menu from the top right corner.
Click on the “SAML Integration” option.
At the “Identity Provider Setup” tab, Upload Idp Metadata that you have downloaded in step #5. And click on the next button.
Do not modify anything at the “Attribute Mapping” tab as we are using all the default attributes for the selected tab. Click on the next button here.
At the Settings tab, enter the Login Domain name of your choice and select the user's role of your choice.
Click on the Save button at the top right. Doing this will show the Service Provider Configuration of the Deep Freeze Cloud server for your Organization.
Copy the Assertion Consumer URL from the Deep Freeze Cloud server and paste at ACS URL textbox in the Google admin console as shown in the figure below.
Copy the Audience URI from the Deep Freeze Cloud console and Paste into the Entity ID text box in the Google Admin console as shown in the figure below;
Click on the continue button below in the Google Admin console to go to the Attribute mapping tab as shown below;
Click on the ADD MAPPING button, and add three attributes i.e user.email, user.firstName, and user.lastName as shown in the figure below;
These three attributes are compulsory. Click on the finish button below as shown in the above figure.
Now Deep Freeze Cloud app will be displayed in the Google Admin console as shown in the figure below and we need to add user access to this app;
Click on the User access to provide access to this app as shown in the figure above.
Select the organization unit from the left and enable service status to “ON for everyone” in that OU. Click on the SAVE button. This will enable access to the app “Deep Freeze Cloud” to all users in that OU.
Note: This change takes a maximum up to 24 hours to propagate to all the users as mentioned in the above figure.
Now all setup is completed. Below is the final screenshot for the Deep Freeze Cloud SAML app created at the Google Admin console;
Adam Zilliax
Comments