Microsoft Entra ID integrations

Available in Classic and VPC

This section describes how to integrate a Microsoft Entra ID with a NAVER Cloud Platform account.
Microsoft Entra ID is the new name for Azure Active Directory. With a Microsoft Entra ID account, you can log in to the NAVER Cloud Platform console and use the services of NAVER Cloud Platform with the granted permissions.

The sequence of integrating a NAVER Cloud Platform account and a Microsoft Entra ID account is as follows:
1. Download metadata from Microsoft Entra ID.
2. Register external IdP information from NAVER Cloud Platform.
3. Configure Microsoft Entra ID authentication.
4. Configure NAVER Cloud Platform authentication.
5. Verify integrations.

1. Download metadata from Microsoft Entra ID

To download metadata from Microsoft Entra ID:

Log in to Microsoft Entra ID and navigate to Microsoft Entra management center > Microsoft Entra ID, application > Enterprise application.
In the top left of the interface, click New application > Make your own application. Enter the name of the app to use and click [Combine other applications that are not in the gallery].
On the left side of the interface, navigate to Single Sign-On > SAML.
3. Click the download link from SAML certificate > Federation metadata xml.
Confirm the file downloaded to the user's PC.

2. Register external IdP information from NAVER Cloud Platform

To register external IdP information from NAVER Cloud Platform:

From the NAVER Cloud Platform console, navigate to > Services > Management & Governance > Ncloud Single Sign-On.
In the Tenant menu, click [Register external IdP].
In the Metadata item, paste the metadata information downloaded from 1. Download metadata from Microsoft Entra ID, then click the [Save].
- The sub-information will be entered automatically.
Change the Protocol Binding item to HTTP-POST.
Click the [Register].

3. Configure Microsoft Entra ID authentication

This section describes how to add an SAML application, add users to be integrated with NAVER Cloud Platform, and make authentication settings on Microsoft Entra ID.

Add SAML 2.0 application

To add an SAML 2.0 application in Microsoft Entra ID:

Log in to Microsoft Entra ID and navigate to Microsoft Entra management center > Microsoft Entra ID, application > Enterprise application.
On the left side of the interface, click Singel Sign-On > 1. Basic SAML configuration > [Edit].
In Identifier (entity ID), enter the issuer URL information copied from Copy SAML integration information.
In Reply URL, enter the assertion consumer URL (ACS URL) information copied from Copy SAML integration information.
In Login URL, enter the login URL information copied from Copy SAML integration information.
Click the [Save].
After assigning users to the application, configure attribute mapping.
- For more information about how to add users, see Add Microsoft Entra ID users.
- For more information about how to assign users to an application, see Assign users to an application.
- For more information about how to configure attribute mapping, see Configure attribute mapping.

Copy SAML integration information

To integrate Ncloud Single Sign-On and IdP, you need the Assertion Consumer Service (ACS) URL information, which is the endpoint to receive the SAML response from IdP, and the Issuer URL information to identify the IdP.

To confirm the ACS URL and Issuer URL of NAVER Cloud Platform:

From the NAVER Cloud Platform console, navigate to > Services > Management & Governance > Ncloud Single Sign-On.
In the External IdP metadata component of the Tenant menu, copy the following information:
- Assertion Consumer Service (ACS) URL
- Issuer URL
- Login URL

Add Microsoft Entra ID users

To add users in Microsoft Entra ID:

Log in to Microsoft Entra ID and navigate to Microsoft Entra ID management center > Microsoft Entra ID, User > All users.
In the top left of the interface, click + New user > Create new user or Invite external user.
- You can create a new user within an organization or invite an external user for collaboration.
- For a new user, you can use the organization's domain without change. For an external user, you can use the domain of the outside organization, but you need the approval from the invitee to be able to add the invitee as a user.
In the Basics and Properties steps, enter user information and click [Next].
To add a newly added user to a desired group, add the user to the group and click [Review+create] in the Assign step.
- To leave the user unassigned to any group, click [Review+create] without selecting any group.
In All users, check the information of the added users.

Assign users to an application

To assign users to an application on Microsoft Entra ID:

Log in to Microsoft Entra ID and click Microsoft Entra ID management center > Microsoft Entra ID, Application > Enterprise application.
Click the application created and then click 1. Assign user or group.
Click [Add user/group] in the top left of the interface.
Click User > No item selected, select users to assign and click [Select].
Once the users have been added, click [Assign].

Configure attribute mapping

To map user profiles of Microsoft Entra ID with those of Ncloud Single Sign-On, this defines the user property information to be forwarded from Microsoft Entra ID to NAVER Cloud Platform.

Note

This guide describes the user property information primarily used in authentication, which are FirstName, LastName, and Email.

To define user property on Microsoft Entra ID:

Log in to Microsoft Entra ID and navigate to Microsoft Entra management center > Microsoft Entra ID, application > Enterprise application.
Click the application you created.
On the left side of the interface, click Single Sign-On > 2. Features and claims > [Edit].
To receive the necessary FirstName, LastName, and Email values for authentication, enter the fields.
Click the [Save].

4. Configure NAVER Cloud Platform authentication

This section describes how to register the Entra ID account to be integrated on NAVER Cloud Platform's console and then map user profiles.

Configure attribute mapper

To link user property information set on Microsoft Entra ID to user property information on the Ncloud Single Sign-On service:

From the NAVER Cloud Platform console, navigate to > Services > Management & Governance > Ncloud Single Sign-On.
Click the Tenant menu.
Click the [Attribute mapper].
When the attribute mapper interface appears, enter the registered content in Configure attribute mapping in External IdP parameter.
In sync mode, set the user profile update method.
- None: Do not update user profile.
- Import: Update user profiles only at first login.
- Force: Update the user profile at every login.
Click the [Save].

Add SSO user

You need to create an SSO user in the Ncloud Single Sign-On service using the email information of the user created in the Add Microsoft Entra ID users step.

To add an SSO user in Ncloud Single Sign-On on NAVER Cloud Platform:

From the NAVER Cloud Platform console, navigate to > Services > Management & Governance > Ncloud Single Sign-On.
Click External IdP login > Users > [Create user].
For the login ID, enter the email address of the user created in Add Microsoft Entra ID users, and then click [Create].

Note

For more information about how to create an SSO user in Ncloud Single Sign-On, see Users.

5. Verify integrations

To verify if the Microsoft Entra ID account and NAVER Cloud Platform account are integrated:

From the NAVER Cloud Platform console, navigate to > Services > Management & Governance > Ncloud Single Sign-On.
Copy the Login URL from the Tenant menu, then access the URL.
- The SSO role switch interface appears.
Click the [Console access] or [API access] on the SSO role switch interface.
- Depending on the access type set for the logged-in SSO user, the [Console access] or [API Gateway access] button appears.
Click Services > Management & Governance > Ncloud Single Sign-On > External IdP login > User.
Click the [Profile] tab in the details of the logged-in SSO user, then check if the user profile has been updated.