Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?

Enable Nextcloud SAML Login using AzureAD

Create an Enterprise App for Nextcloud

  1. Open the Azure admin portal - https://portal.azure.com
  2. Open Azure Active Directory > Enterprise applications
  3. Click the + New application link at the top
  4. Search for "Azure AD SAML Toolkit" in the gallery
  5. Click on "Azure AD SAML Toolkit"
  6. Enter "Nextcloud" in the Name and click the Add button
  7. When the app opens click on "Single sign-on"
  8. Click the pencil icon on the Basic SAML Configuration
  9. Fill in the required fields:
  10. Save the settings
  11. Download the Federation Metadata XML under the SAML Signing Certificate section

Configure Nextcloud

  1. Enable the "SSO & SAML authentication" app in Nextcloud

  2. Navigate to the "SSO & SAML authentication" configuration page ( Settings > SSO & SAML authentication )

  3. Optionally enable "Allow the use of multiple user back-ends"

  4. Under General

  5. Identity Provider Data (show optional Identity Provider settings)

    • Identifier of the IdP entity => Azure AD Identifier from section 4 of the Azure App

    • URL Target of the IdP where the SP will send the Authentication Request Message => Login URL from section 4 of the Azure App

    • URL Location of the IdP where the SP will send the SLO Request => Logout URL from section 4 of the Azure App

    • Public X.509 certificate of the IdP => extract the X509Certificate from the Federation Metadata XML

      PS C:\> ([xml](Get-Content -Path .\Nextcloud.xml)).EntityDescriptor.Signature.KeyInfo.X509Data.X509Certificate | Set-Clipboard
  6. Attribute Mapping

  7. Make note of the direct login URL, typically https://nextcloud.domain.com/login?direct=1

Note: If you use the Nextcloud container you may have to include index.php in your URLs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment