This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Solarwinds SAML to Azure AD

  1. Go to portal.azure.com and create a non-gallery enterprise app
  2. After giving your app a name and creating the app on the next page go to the single sign-on link and choose SAML
  3. In SAML Settings
    1. Under Basic SAML Configuration set the following values
      1. Identifier (Entity ID) - URL of your Solarwinds instance - like - https://solarwinds.my-company.com
      2. Reply URL (Assertion Consumer Service URL) - link to the SAML login page - like - https://solarwinds.my-company.com/Orion/SamlLogin.aspx
      3. Leave everything else as is
    2. Under User Attributes & Claims
      1. Leave all user attributes as is
      2. Add a group claim
        1. Choose Security groups
        2. Change Source Attribute to sAMAccountName - this will limit the groups you can use to on prem only
        3. Customize the name of the group claim to OrionGroups
      3. Save all the settings
  4. Under SAML Signing Certificate
    1. Click the download link next to Certificate (base64) - save this somewhere easy to get to (do not install on your computer if asked) - you will need to open with a text editor like VS Code in order to copy the contents into a text field during the Solarwinds SAML set up
  5. Under Set up {Name of your Enterprise App}
    1. Copy the Login URL link
    2. Copy Azure AD Identifier Link and save for later
  6. Go into the Solarwinds Admin setting and choose SAML Configuration
  7. Set the Orion Web Console External URL to the URL of your Solarwinds instance - like - https://solarwinds.my-company.com - click next
  8. Under Edit Identity Provider
    1. Set Identity Provider Name  to something like 'Azure AD'
    2. Set SSO Target URL to the link you copied in step 5.1 - the Login URL from the Azure enterprise application setup
    3. Set Issuer URI to the link you copied in step 5.2 - the Azure AD Identifier from the Azure enterprise application setup
    4. In the X.509 Signing Certificate field you will copy the contents of the certificate file you downloaded step 4.1 - include all text (including the BEGIN CERTIFICATE and END CERTIFICATE lines).
  9. Save your configuration
  10. The last step is to add users that can login.  You will need to assign users/groups or both to the Azure AD Enterprise Application before they can authenticate to against Azure and get routed back to the Solarwinds app
    1. Go to portal.azure.com -> enterprise applications -> users and groups
    2. Click Add user
      1. Add users and groups
  11. Go in to your Solarwinds instance
    1. All settings -> Manage Accounts
    2. Add your SAML individual users or groups - the name that you enter here must match the username or group name exactly as in Azure AD
  12. That’s it

Parents
  • Thanks bnpj! The guide was really useful.

    Has anyone has any success in getting SolarWinds to work with Azure groups? For some reason, I cannot get the group based authentication to work using the group name, only the group ID. I assume I need to set something in the OrionGroups claim as I see it list the group ID in the attributes in the SAML log but not the group name. So if I add a SAML group with the Azure group ID it works, but not using the group name. If that makes sense

    This is what I see in the SolarWinds SAML log...

    <Attribute Name="OrionGroups">

            <AttributeValue>af49ae14-133c-xxxxxxx-xxxxxxx</AttributeValue>

            <AttributeValue>12a4edad-cb88-xxxxxxx-xxxxxxx</AttributeValue>

            <AttributeValue>10798acd-8bfc-xxxxxxx-xxxxxxx</AttributeValue> ----> This group ID matches the group in Azure the user is a member of.

            <AttributeValue>2ba35399-d435-xxxxxxx-xxxxxxx</AttributeValue>

            <AttributeValue>e937e6b5-0569-xxxxxxx-xxxxxxx</AttributeValue>

    </Attribute>

Reply
  • Thanks bnpj! The guide was really useful.

    Has anyone has any success in getting SolarWinds to work with Azure groups? For some reason, I cannot get the group based authentication to work using the group name, only the group ID. I assume I need to set something in the OrionGroups claim as I see it list the group ID in the attributes in the SAML log but not the group name. So if I add a SAML group with the Azure group ID it works, but not using the group name. If that makes sense

    This is what I see in the SolarWinds SAML log...

    <Attribute Name="OrionGroups">

            <AttributeValue>af49ae14-133c-xxxxxxx-xxxxxxx</AttributeValue>

            <AttributeValue>12a4edad-cb88-xxxxxxx-xxxxxxx</AttributeValue>

            <AttributeValue>10798acd-8bfc-xxxxxxx-xxxxxxx</AttributeValue> ----> This group ID matches the group in Azure the user is a member of.

            <AttributeValue>2ba35399-d435-xxxxxxx-xxxxxxx</AttributeValue>

            <AttributeValue>e937e6b5-0569-xxxxxxx-xxxxxxx</AttributeValue>

    </Attribute>

Children
No Data