This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Solarwinds SAML to Azure AD

  1. Go to portal.azure.com and create a non-gallery enterprise app
  2. After giving your app a name and creating the app on the next page go to the single sign-on link and choose SAML
  3. In SAML Settings
    1. Under Basic SAML Configuration set the following values
      1. Identifier (Entity ID) - URL of your Solarwinds instance - like - https://solarwinds.my-company.com
      2. Reply URL (Assertion Consumer Service URL) - link to the SAML login page - like - https://solarwinds.my-company.com/Orion/SamlLogin.aspx
      3. Leave everything else as is
    2. Under User Attributes & Claims
      1. Leave all user attributes as is
      2. Add a group claim
        1. Choose Security groups
        2. Change Source Attribute to sAMAccountName - this will limit the groups you can use to on prem only
        3. Customize the name of the group claim to OrionGroups
      3. Save all the settings
  4. Under SAML Signing Certificate
    1. Click the download link next to Certificate (base64) - save this somewhere easy to get to (do not install on your computer if asked) - you will need to open with a text editor like VS Code in order to copy the contents into a text field during the Solarwinds SAML set up
  5. Under Set up {Name of your Enterprise App}
    1. Copy the Login URL link
    2. Copy Azure AD Identifier Link and save for later
  6. Go into the Solarwinds Admin setting and choose SAML Configuration
  7. Set the Orion Web Console External URL to the URL of your Solarwinds instance - like - https://solarwinds.my-company.com - click next
  8. Under Edit Identity Provider
    1. Set Identity Provider Name  to something like 'Azure AD'
    2. Set SSO Target URL to the link you copied in step 5.1 - the Login URL from the Azure enterprise application setup
    3. Set Issuer URI to the link you copied in step 5.2 - the Azure AD Identifier from the Azure enterprise application setup
    4. In the X.509 Signing Certificate field you will copy the contents of the certificate file you downloaded step 4.1 - include all text (including the BEGIN CERTIFICATE and END CERTIFICATE lines).
  9. Save your configuration
  10. The last step is to add users that can login.  You will need to assign users/groups or both to the Azure AD Enterprise Application before they can authenticate to against Azure and get routed back to the Solarwinds app
    1. Go to portal.azure.com -> enterprise applications -> users and groups
    2. Click Add user
      1. Add users and groups
  11. Go in to your Solarwinds instance
    1. All settings -> Manage Accounts
    2. Add your SAML individual users or groups - the name that you enter here must match the username or group name exactly as in Azure AD
  12. That’s it

Parents
  • FWIW, 

    I had similar issues.  Adding single users worked fine but groups would always fail.  After some trial and error, I was able to get the groups to work by changing the group claim from "Security Groups" to "Groups Assigned to the Application".

    The groups were created as security groups, so I'm not sure why it wasn't working outside of maybe a timeout or something.

    Adding my .02 in case it helps anyone 

Reply
  • FWIW, 

    I had similar issues.  Adding single users worked fine but groups would always fail.  After some trial and error, I was able to get the groups to work by changing the group claim from "Security Groups" to "Groups Assigned to the Application".

    The groups were created as security groups, so I'm not sure why it wasn't working outside of maybe a timeout or something.

    Adding my .02 in case it helps anyone 

Children
No Data