Single Sign-On access with MontyCloud DAY2

MontyCloud DAY2 now offers Single Sign-On (SSO) access for Enterprises that rely on Identity providers (IDP). With this feature, customers can enable secure, reliable, and compliant centralized management of users and user access to the DAY2 platform. In this blog, Sri Santhanam shares how you can easily establish the integration between Azure Active Directory and MontyCloud DAY2 to configure single sign-on access in 5 simple steps.

– Sabrinath S. Rao

Overview

Customers can now connect their Azure Active Directory (AD) to MontyCloud DAY2. Users can now sign in using their Azure AD credentials to deploy, operate and manage their cloud applications.  This makes it easier for administrators to provide a frictionless enterprise sign-in experience with single-click access to the DAY2 platform.

Supported Configurations

MontyCloud DAY2 now supports the following SSO configurations.

• DAY2 application (SaaS Service provider) initiated logins
• SAML 2.0 for Azure Active Directory
• Just-in-time user provisioning

DAY2 supports all stages of the Single Sign-On (SSO) Configuration lifecycle including options to Create, Update, Delete and Enable/Disable configurations.

For a step by step walk through please check out – How to integrate with Azure Active Directory(AD) as identity provider

Prerequisites

1. An active Azure AD subscription.
   If you don’t have a subscription, you can create a free Azure account here.
2. An active MontyCloud DAY2 account with the Full Admin 
   If you don’t have an active account, you can sign-up a free account here.

Configuring Single Sign On

You can configure Single Sign-On (SSO) under the Users & Roles section in the admin area of DAY2 application portal. Click on the Configure SSO action to get started.

In the Configure SSO wizard, enter a friendly name and description for your SSO configuration. Next, download the Metadata file. You will need to upload this file to your Azure AD DAY2 application setup. Alternatively, you can also upload your Azure AD metadata to DAY2.

Domain ownership must be verified using DNS “TXT” records. This ensures that we uphold both your security and that of the DAY2 platform. For each domain that you wish to enable SSO, a single TXT record must be created within your DNS zone file and propagated, to allow the DAY2 platform to complete the ownership verification process.

DAY2 authorization is based on Role Based Access Control (RBAC). By integrating the application roles with the Azure AD application manifest, you can ensure users logged in via SSO are mapped to the right RBAC roles in DAY2.

DAY2 also provides default scope while configuring SSO by adding a user defined Department context to all users in the organization. After this is complete, federated users can start sign-on to DAY2 platform to deploy, manage and operate cloud resources and applications. Administrators can change user’s privileges in the user management dashboard.

Review and validate your SSO configuration and click Enable. After a confirmation message is displayed your organizations IDP users can seamlessly access the DAY2 platform.

You can also edit your SSO configuration for updating your configuration details such as name, description, IDP information including Certificate and SSO domains by using the edit action and through the same configure SSO wizard.

Conclusion

With this DAY2 platform’s SSO integration with Azure Active Directory, now you can:

• Enable secure access for your organizations IDP users to access DAY2 to perform cloud operations
• Enable users to automatically sign-in to DAY2 with their Azure AD accounts
• Manage DAY2 user accounts centrally in the Azure Active Directory portal

Speak to us for any SAML 2.0 Identity provider integration with DAY2 Platform through support@montycloud.com

To learn more about MontyCloud’s DAY2 intelligent Cloud Management Platform, please go to https://www.montycloud.com.