Skip to Content

Integrate SAML Authentication in Ezeelogin GUI using Microsoft Azure SSO and Azure Active Directory

326  admin November 30, 2021  Security Features

Note: SAML is an authentication mechanism for web applications. It’s based on web protocols and it cannot be used for user authentication over SSH.

 

Configure  Microsoft Azure SSO SAML based Authentication  in Ezeelogin GUI 

  1.  Login into Microsoft Azure account and Create an Active Directory service.

    Azure AD

  2. Add Users in AD. This user in turn would authenticate into the Ezeelogin GUI
    To create user in AD , click on User tab >>  New user >>  Provide the user name , Name, Password, etc, and click create. 
    SAML users


  3. Create an Enterprise Application.
    Click on Enterprise applications 



    Click on All applications >> New application 


    Click on Create your own application >> Provide the name for your application >> Check  Integrate any other application you don't find in the gallery(Non-gallery) >> Create.



  4. Add Users into the Enterprise Application eztest
    SAML Users

    SAML Users



  5. Configure Single Sign On ( SAML )
    Single Sign On



  6. Login into Ezeelogin GUI to fetch details from the SAML tab.

    If you want to add an existing user in ezeelogin to authenticate with SSO, Add the user with exact username, email address  as follows. (Ezeelogin will verify with the email address of the users by default)



  7. Add in users in your Azure AD Directory into Ezeelogin GUI. Make sure the email id entered in GUI  is identical with the one in SAML. In this case '[email protected]'


  8.  Enable Auto Create User from Ezeelogin GUI -> Settings -> General -> Security -> Enable Auto Create User

 

9. Set Web Panel Authentication to SAML Under Settings->General->Authentication




10. Login into the Ezeelogin  GUI and you would be prompted with the Microsoft Azure Login Page where you would need to enter the login credentials to be authenticated into the Ezeelogin Application.


SSO Login

11. Finally, logged into the Ezeelogin GUI using SAML Authentication.


12. After logging  into the GUI, you  need to reset the password and security code of the saml user under Account>Password in order to ssh to the Ezsh shell

13. After resetting the password and security code you can ssh to the Ezsh shell (using Terminal or putty)with the saml username as shown below in the screenshot

14.  If you are SSH ing with 2FA  enabled  using Putty or Terminal it would prompt you to enter the 2FA codes, The 2FA  step can be disabled for SAML Authentication under Settings > Two Factor Authentication> Skip Two Factor Authentication for SAML.The user will be able to ssh without being prompted for the 2FA codes only if the user is  logged into the webpanel , otherwise if the user is not logged into the webpanel it would prompt for the 2FA codes.

16. It is recommended to use the webssh shell for the SAML authentication. The webssh shell is more convenient as the user would not have to open an ssh client such as putty/terminal and enter the username/password and 2FA codes. Using the webssh, the user can ssh from the webpanel itself and 2fa will not be prompted if you have enabled the Skip Two factor Authentication for SAML.


Set up webssh console in Ezeelogin and ssh via browser

Saml authentication is not supported for slave  if the URL is IP based.If you want to authenticate  slave using saml you have to use domain name

 
Rating: 5 (1 Votes)