To set up Azure as the Identity Provider for Celona Orchestrator (CSO), follow these steps:
Step 1: Add Celona Orchestrator as a Custom Application in Azure
Login to Azure Portal:
Go to the Azure Portal.
Create a New Enterprise Application:
Navigate to Enterprise Applications > New Application > Create Your Own Application.
Provide a name (e.g., "Celona Orchestrator") and click Create.
Step 2: Configure Single Sign-On
Select Single Sign-On Method:
In the new application’s settings, select Single sign-on.
Choose SAML as the SSO method.
Upload SP Metadata from CSO:
Upload the SP Metadata file downloaded from the CSO (Admin Settings > SSO Settings > Service Provider).
Step 3: Configure User Attributes & Claims
Define Attributes in the SAML Token:
Navigate to the User Attributes & Claims section.
Ensure all the attributes are configured
Step 4: Assign Users or Groups to the Application
Navigate to the Application:
Go to the Users and Groups tab under the application.
Map Group Names in Azure:
Use Azure AD groups to define roles. Example:
CELONA_Admin→ Maps to Admin role in CSO.CELONA_Observer→ Maps to Observer role in CSO.CELONA_Installer→ Maps to Installer role in CSO.
Assign Access:
Assign users or groups that require access to CSO.
Step 5: Configure Group Claims for Role Mapping (Optional)
Enable Group Claims:
Navigate to the Attributes & Claims section.
Add a new claim for authzRole.
Populate this claim based on Azure AD groups.
Step 6: Test and Validate Configuration
Access the SSO Launch URL from CSO:
Use:
https://<cso-fqdn>/v1/api/ssogw/saml/login/alias/<customer_alias_value>
Login Flow:
Ensure redirection to the Azure login page.
After successful login, verify that the user is provisioned and assigned the correct CSO role.
To complete the SSO configuration, follow the steps in the SSO Configuration Guide for IT Admins.
Azure Documentation Links
By completing these steps, Azure will be configured as the Identity Provider for CSO. Ensure role mappings are tested thoroughly for proper user access management.