# Setting up Azure AD SAML based authentication for vCloud

## Overview

You have the ability to configure SAML or LDAP based authentication within the vCloud Director portal to allow you to manage your users in your existing Azure AD or Active-Directory on-prem deployment.

This guide will cover how to configure SAML Authentication to Azure AD, to do this you will need the below information/access.

* Administrative access to your vCloud Director Tenant
* Administrative access to your Azure Active-Directory Tenant

## Steps

To configure Azure AD SAML authentication in vCloud Director follow the bellow steps. This will require you to switch between Azure AD and vCloud Director a few times.

Login to your vCloud Director Tenant (the URL should be similar to <https://vdc.syd.mhn.net.au/tenant/contoso>)

![](/files/-MU6QTRgkx-UdDEYUCP3)

Navigate to Administration and then click on "SAML" under the Identity Providers in the menu on the left

![](/files/-MU6QbB5od62IfZQ8RMP)

On the SAML Configuration page click on the URL next to "Metadata", this will download a file we need to upload to Azure AD

![](/files/-MU6QgIsMXoMcA-1z2Rw)

Now that we have the metadata file we can switch to Azure AD

***

Login to <https://portal.azure.com> and login with your Admin credentials

<img src="/files/-MU6Qk--mxyhkLtqif0z" alt="" width="563">

Click the three horizontal lines in the top left of the page and then click on "Microsoft Entra ID"

<figure><img src="/files/JZCfFOEZuVkSk1O5EiH2" alt="" width="207"><figcaption></figcaption></figure>

In the list of items along the left of the page click on Manage > Enterprise Applications

<figure><img src="/files/qVWeb0Gz96Ez3ZUpV3PC" alt="" width="232"><figcaption></figcaption></figure>

Click on "New Application"

<img src="/files/-MU6R-nEwBGt4Y4QGdiQ" alt="" width="563">

Click on "+ Create your own application"

![](/files/-MU6R6gRJY4aFGpnd9qD)

In the little window that opens, name your application (e.g. vCloud Director) and ensure "Integrate any other application you don't find in the gallery" is selected. Click "Create" once done

![](/files/-MU6RC8nhhZb4xZrA8Jl)

On the page that loads click on "Assign Users and Groups" and add the user or group you want to have access. Once done click on "Overview" on the left

![](/files/-MU6RFB0fdlJxQVXZc2H)

<img src="/files/-MU6RKA50_c6i9jf87GV" alt="" width="563">

Click on "2. Set up single sign on"

![](/files/-MU6RMMFeD-tDdweVd2g)

Click on the "SAML" option

![](/files/-MU6RcNrDr6XAbUyYUym)

At the top of the page click on "Upload metadata file" and select the file you downloaded from vCloud Director

<img src="/files/-MU6RiA56EQUsKsC_Fjk" alt="" width="563">

In the window that appears enter your vCloud Tenant URL into the "Sign On URL" field. (e.g. <https://vdc.syd.mhn.net.au/tenant/contoso>), click "Save" at the top once done and close the SAML configuration pane

<img src="/files/-MU6RygEqFY7Nw_HZ96D" alt="" width="375">

Under Attributes & Claims, click Edit

<figure><img src="/files/sKK5Pb3ybKCR4JkYFnbg" alt="" width="563"><figcaption></figcaption></figure>

Click "Add new claim" and create a claim called "Roles" with Source attribute of **user.assignedroles**

<figure><img src="/files/zUp2DAR8DSj6foTTbPJd" alt="" width="563"><figcaption></figcaption></figure>

Click "Add new claim" again and create another claim called "UserName" with Source attribute **user.mail**

<figure><img src="/files/KVllxDrN6YVplUZuzLtB" alt="" width="563"><figcaption></figcaption></figure>

Click "Add a group claim" and select **All groups**, ensure Source attribute is **Group ID**. Tick "Customise the name of the group claim" and set the name to **Groups,** then click Save

<figure><img src="/files/APaRrpJ94SZKeOZ988ry" alt="" width="524"><figcaption></figcaption></figure>

Close the Attributes and claims pane and return to your application

Under the "SAML Signing Certificate" section, click the download button next to "Federation Metadata XML". We need to upload this to vCloud Director

<img src="/files/-MU6S2MB-Oui1_OSQ85n" alt="" width="563">

Now that the Azure AD side is configured we need to go back to vCloud Director and finish the SAML configuration

***

Go back to vCloud and to the section where you downloaded the metadata file. Click on "Edit" on that page

![](/files/-MU6S7K4tUawZXsWG5Ia)

Click on the "Identity Provider" tab at the top of the page, then click the slider to enable the SAML Identity Provider and upload the XML file you downloaded from Azure. Click "SAVE" to apply the settings

<img src="/files/-MU6SHUkjN3cfzy3i5p1" alt="" width="563">

Last step is to give users access, click on either Users or Groups on the left side of the page. Then click on "Import Users" or "Import Groups"

![](/files/-MU6SQnttY0DCsosc246)

Enter the Users (Email address) as they would appear in Azure AD. For groups, use **Group ID** value of the group rather than the name or email address

Select the permission level then click Save

<img src="/files/-MU6S_c9Zh0g1MiO-awP" alt="" width="563">

Now test logging in via SSO in an Incognito window, you should be directed to the Azure Login Portal instead of vCloud Director

![](/files/-MU6Scg4-KRQd7zeYvDM)

If you encounter any issues with this guide please contact our support team at <support@hostednetwork.com.au> or via phone on 1300 781 148&#x20;


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://kb.hostednetwork.com.au/support/services/cloud/infrastructure-as-a-service/administrative-tasks/setting-up-azure-ad-saml-based-authentication-for-vcloud.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.