Configuring Microsoft Azure AD SAML Single Sign-On to 0patch Central

If your organization uses Microsoft Azure Active Directory as your Identity Provider, this guide will help you create an Azure AD Enterprise Application for 0patch Central using SAML 2.0.

After the Application is successfully created, your user will be able to use one-click access to 0patch Central from their app dashboard https://myapps.microsoft.com/

Creating a new Application for 0patch Central

1. Make sure to have users created in 0patch Central, and that they're active (not just invited).
2. Log into Azure as administrator.
3. In the Admin Console go to Azure Active Directory -> Enterprise Applications -> "New Application"
   
   
   
   
4. Under "Browse Azure AD Gallery", click "Create your own application". 
   
   
   
   
5. Enter the name for your new application and pick "Integrate any other application you don’t find in the gallery (Non-gallery)". Click "Create".
   
   
   
   
6. In your applications overview, got to "Single sign-on" and select "SAML".
   
   
   
   
7. In another browser tab, login to 0patch Central, go to Account -> Single Sign-On and click the switch button to enable SAML.
   
   
8. In the SAML configuration dialog you’ll need the SAML Assertion Consumer URL and the Audience parameters to finish setting up the Azure App.
   
   
   
   
9. In Azure’s AD’s Enterprise application edit the Basic SAML Configuration. Copy the SAML configuration parameters from 0patch Central to the appropriate fields and click "Save":
   • Audience (EntityID): The intended audience of the SAML assertion. This is the Entity ID of your 0patch Central account.
   • ACS (Consumer) URL: The location where the SAML assertion is sent with a POST operation. This URL is required and serves as the default Assertion Consumer Services (ACS) URL value for your 0patch Central account (Service Provider - SP). This URL is always used for Identity Provider (IdP) initiated sign-on requests.
   • Login URL: This URL is used for Service Provider initiated (Originating from 0patch Central) sign-on requests. Copy the Audience parameter and append "login" (i.e. https://dist.0patch.com/saml/123456789/login).
   • Click "Save".
     
     
     
     
10. In Attribute & Claims settings, edit the "Unique User Identifier (Name ID)" claim. Set the source attribute to "user.mail" and click "Save".
    
    
    
    
11. In the "SAML Certificates" section, download the Base64 encoded certificate, and open the file in a text editor.
    
    
    
    
12. Copy the Base64 encoded certificate into 0patch Central’s SAML Configuration window.
    
    
    
    
13. Copy the Login URL and Azure AD Identifier parameters from your Enterprise application’s settings to 0patch Central’s SAML configuration window and click "CONFIRM". You can edit the configuration in the Single Sign-On tab of 0patch Central Account section.
    
    
    
    
14. After configuring SAML in 0patch Central, return to Azure AD Applications settings to assign your user to the Azure AD application. Go to Users and Groups -> "Add user/group". If you don’t have users in Azure corresponding to your 0patch users, create them.
    
    
    
    
    
    
15. After assigning users to the app, they will find the one-click access to 0patch Central on their app dashboard located at https://myapps.microsoft.com/