Login
      Contents x
      Connecting Microsoft Entra ID
        • Print
        • PDF
        Contents

        Connecting Microsoft Entra ID

          • Print
          • PDF
          Article Summary

          Available in Classic and VPC

          This document describes how to connect a Microsoft Entra ID to a NAVER Cloud Platform account.
          Microsoft Entra ID is the new name for Azure Active Directory. With a Microsoft Entra ID account, you can log in to NAVER Cloud Platform’s console and use the services of NAVER Cloud Platform with the granted permissions.

          The following is the sequence of connecting a NAVER Cloud Platform account and a Microsoft Entra ID account:
          1. Download metadata from Microsoft Entra ID
          2. Register external IdP information on NAVER Cloud Platform
          3. Make authentication settings on Microsoft Entra ID
          4. Make authentication settings on NAVER Cloud Platform
          5. Verify connection

          1. Download metadata from Microsoft Entra ID

          To download metadata from Microsoft Entra ID, do the following:

          1. Log into Microsoft Entra ID and click Microsoft Entra Management Center > Microsoft Entra ID, application > Enterprise application.
          2. At the top-left on the screen, click New application > Make your own application. Enter the name of the app to use and click [Combine other applications that are not in the gallery]
          3. To the left on the screen, click Single Sign-On > SAML.
          4. Click the download link from 3. SAML certificate > Federation metadata xml.
          5. Confirm the file downloaded to the user’s PC.

          2. Register external IdP information on NAVER Cloud Platform

          The following describes how to register external IdP information on NAVER Cloud Platform.

          1. Click the environment you are using in the Region menu and Platform menu of NAVER Cloud Platform console.
          2. Click Services > Management & Governance > Ncloud Single Sign-On, in that order.
          3. In the Tenant menu, click the [Register External IdP] button.
          4. In Metadata, paste in the metadata information downloaded from 1. Download metadata from Microsoft Entra ID, and then click [Save].
            • The sub-information will be entered automatically.
          5. Change Protocol Binding to HTTP-POST.
          6. Click the [Register] button.

          3. Make authentication settings on Microsoft Entra ID

          This section describes how to add an SAML application, add users to connect to NAVER Cloud Platform and make authentication settings on Microsoft Entra ID.

          Add SAML 2.0 application

          To add an SAML 2.0 application on Microsoft Entra ID, do the following:

          1. Log into Microsoft Entra ID and click Microsoft Entra Management Center > Microsoft Entra ID, application > Enterprise application.
          2. To the left on the screen, click Singel Sign-On > 1. Basic SAML configuration > [Edit]
          3. In identifier(entity ID), enter the Issuer URL information copied from Copy SAML information for connection.
          4. In Reply URL, enter the Assertion Consumer URL (ACS URL) information copied from Copy SAML information for connection.
          5. In Log in URL, enter the Login URL information copied from Copy SAML information for connection.
          6. Click the [Save] button.
          7. After assigning users to the application, configure the Attribute Mapping.

          Copy SAML integration information

          To integrate Ncloud Single Sign-On service and IdP, you need the Assertion Consumer Service (ACS) URL information, which is the endpoint to receive the SAML response from IdP, and the Issuer URL information to identify the IdP.

          The following describes how to confirm the ACS URL and Issuer URL of NAVER Cloud Platform.

          1. Click the environment you are using in the Region menu and Platform menu of NAVER Cloud Platform console.
          2. Click Services > Management & Governance > Ncloud Single Sign-On, in that order.
          3. Copy the following information from the External IdP Metadata section in the Tenant menu.
            • Assertion Consumer Service (ACS) URL
            • Issuer URL
            • Login URL

          Add users on Microsoft Entra ID

          To add users on Microsoft Entra ID, do the following:

          1. Log into Microsoft Entra ID and click Microsoft Entra ID Management Center > Microsoft Entra ID, user > All users.
          2. At the top-left on the screen, click + New user > Create new user or Invite external user.
            • For example, you can create a new user within an organization or invite an external user for collaboration.
            • For a new user, you can use the organization’s domain without change. For an external user, you can use the domain of the outside organization, but you need the approval from the invitee to be able to add the invitee as a user.
          3. In Basics and Attributes steps, enter user information and click [Next].
          4. To add a newly added user to a desired group, add the user to the group and click [Review+Create] in the Assign step.
            • To leave the user unassigned to any group, click [Review+ Create] without selecting any group.
          5. In All users, check the information of the added users.

          Assign users to the application

          To assign users to an application on Microsoft Entra ID, do the following: 

          1. Log into Microsoft Entra ID and click Microsoft Entra ID Management Center > Microsoft Entra ID, application > Enterprise application.
          2. Click the created application and then 1. Assign user or group.
          3. Click [Add user/group] at the top-left on the screen.
          4. Click User > No item selected, select users to assign and click [Select].
          5. Once the users have been added, click [Assign].

          Configure Attribute Mapping

          To map user profiles of Microsoft Entra ID and the Ncloud Single Sign-On service, you must define user attributes to be transferred from Microsoft Entra ID to NAVER Cloud Platform.

          Note

          This guide explains the user attribute information primarily used in authentication, which are FirstName, LastName, Email.

          To define user attributes on Microsoft Entra ID, do the following:

          1. Log into Microsoft Entra ID and click Microsoft Entra Management Center > Microsoft Entra ID, application > Enterprise application.

          2. Click the created application.

          3. To the left on the screen, click Singel Sign-On > 2. Features and claims > [Edit].

          4. To receive the necessary FirstName, LastName, Email values for authentication, enter the fields.
            sso-entraid_en

          5. Click the [Save] button.

          4. Configure NAVER Cloud Platform authentication

          This section describes how to register an Entra ID account on NAVER Cloud Platform’s console and then map user profiles.

          Configure Attribute Mapper

          To link user attributes set on Microsoft Entra ID to user attributes on the Ncloud Single Sign-On service, do the following:

          1. Click the environment you are using in the Region menu and Platform menu of NAVER Cloud Platform console.
          2. Click Services > Management & Governance > Ncloud Single Sign-On menus, in that order.
          3. Click the Tenant menu.
          4. Click the [Attribute Mapper] button.
          5. When the Attribute Mapper page appears, enter the registered content in Configure Attribute Mapping in External IdP Parameter.
          6. In Sync mode, set the user profile update method.
            • None: the user profile is not updated
            • Import: the user profile is updated only upon first login
            • Force: the user profile is updated at every login
          7. Click the [Save] button.

          Add SSO User

          You need to create an SSO User in the Ncloud Single Sign-On service using the email information of the user created in the Add users on Microsoft Entra ID step.

          The following describes how to add an SSO User in Ncloud Single Sign-On service on NAVER Cloud Platform.

          1. Click the environment you are using in the Region menu and Platform menu of NAVER Cloud Platform console.
          2. Click Services > Management & Governance > Ncloud Single Sign-On menus.
          3. Click External IdP login > Users > [Create User] button.
          4. For the login ID, enter the email address of the user created in Add users on Microsoft Entra ID, and then click [Create]
          Note

          For how to create an SSO User in Ncloud Single Sign-On service, see Users.

          5. Verify integration

          To verify if a Microsoft Entra ID account and a NAVER Cloud Platform account are successfully connected, do the following:

          1. Click the environment you are using in the Region menu and Platform menu of NAVER Cloud Platform console.
          2. Click Services > Management & Governance > Ncloud Single Sign-On, in that order.
          3. Copy the Login URL from the Tenant menu, then access the URL.
            • The SSO role switch page will appear.
          4. Click the [Console access] or [API access] button on the SSO role switch page.
            • Depending on the access type set for the logged-in SSO User, the [Console access] or [API Gateway access] button will appear.
          5. Click the Services > Management & Governance > Ncloud Single Sign-On > External IdP login > User menu.
          6. Click the [Profile] tab in the detailed information of the logged-in SSO User, then check if the user profile has been updated.
          Was this article helpful?
          What's Next
          Change password!
          Changing your password will log you out immediately. Use the new password to log back in.
          Change profile
          Success!
          First name must have atleast 2 characters. Numbers and special characters are not allowed.
          Last name must have atleast 1 characters. Numbers and special characters are not allowed.
          Enter a valid email
          Enter a valid password
          Your profile has been successfully updated.
          Logout