- Go to portal.azure.com and create a non-gallery enterprise app
- After giving your app a name and creating the app on the next page go to the single sign-on link and choose SAML
- In SAML Settings
- Under Basic SAML Configuration set the following values
- Identifier (Entity ID) - URL of your Solarwinds instance - like - https://solarwinds.my-company.com
- Reply URL (Assertion Consumer Service URL) - link to the SAML login page - like - https://solarwinds.my-company.com/Orion/SamlLogin.aspx
- Leave everything else as is
- Under User Attributes & Claims
- Leave all user attributes as is
- Add a group claim
- Choose Security groups
- Change Source Attribute to sAMAccountName - this will limit the groups you can use to on prem only
- Customize the name of the group claim to OrionGroups
- Save all the settings
- Under Basic SAML Configuration set the following values
- Under SAML Signing Certificate
- Click the download link next to Certificate (base64) - save this somewhere easy to get to (do not install on your computer if asked) - you will need to open with a text editor like VS Code in order to copy the contents into a text field during the Solarwinds SAML set up
- Under Set up {Name of your Enterprise App}
- Copy the Login URL link
- Copy Azure AD Identifier Link and save for later
- Go into the Solarwinds Admin setting and choose SAML Configuration
- Set the Orion Web Console External URL to the URL of your Solarwinds instance - like - https://solarwinds.my-company.com - click next
- Under Edit Identity Provider
- Set Identity Provider Name to something like 'Azure AD'
- Set SSO Target URL to the link you copied in step 5.1 - the Login URL from the Azure enterprise application setup
- Set Issuer URI to the link you copied in step 5.2 - the Azure AD Identifier from the Azure enterprise application setup
- In the X.509 Signing Certificate field you will copy the contents of the certificate file you downloaded step 4.1 - include all text (including the BEGIN CERTIFICATE and END CERTIFICATE lines).
- Save your configuration
- The last step is to add users that can login. You will need to assign users/groups or both to the Azure AD Enterprise Application before they can authenticate to against Azure and get routed back to the Solarwinds app
- Go to portal.azure.com -> enterprise applications -> users and groups
- Click Add user
- Add users and groups
- Go in to your Solarwinds instance
- All settings -> Manage Accounts
- Add your SAML individual users or groups - the name that you enter here must match the username or group name exactly as in Azure AD
- That’s it