Azure SSO and External Storage Access

Support intro

Sorry to hear you’re facing problems :slightly_frowning_face:

help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:

example

Or for longer, use three backticks above and below the code snippet:

longer
example
here

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can :heart:

Nextcloud version (eg, 23.0.4): 23.0.4
Operating system and version (eg, Ubuntu 20.04): Ubuntu 20.04
Apache or nginx version (eg, Apache 2.4.25): nginx 1.19.4
PHP version (eg, 7.4): 7.4
SSO & Saml Authentication App version : 5.0

The issue you are facing:
When using the SSO & Saml Authentication app users cannot access external storage SMB/cifs connected with “login credentials in database”

Is this the first time you’ve seen this error? (Y/N):Y

Steps to replicate it:

  1. User signs in with SSO
  2. User home page appears, but they do not have access to external storage

This is an existing nextcloud install. We have ldap to an on prem AD and the external storage works perfectly with that setup.

I added SSO via Azure AD following this: https://medium.com/@ntrussell/enable-nextcloud-sso-authentication-through-microsoft-azure-active-directory-saml-abe37d735cd

An SSO user appears in the Active Users as a separate account from their ldap account, so there are 2 accounts. The SSO Account does not authenticate to the external storage, and does not appear to bring along the user’s groups so I can apply group access to the external storage.

The external storage are network shares that users have varying degrees of access to, so we need to use the user’s credentials to access the external storage.

Is it possible to do this? Or am I stuck with ldap and a 2fa app?

Thank you.