our company is using Nextcloud 11 on a CentOS 6 system, which I did not setup myself. Currently Nextcloud verifies against an on premises LDAP. I am charged with the task to make this work with Office 365 Azure AD Single Sign On. After some research on the web, I am confused more than before and would be grateful if you could give me some definite answers.
The goal is to disable LDAP in the long run and - if possible - to let only Azure AD handle everything via SSO. Is that possible, or does Nextcloud need an on premises directory service in any case?
Yes, I saw several of such posts, where people tried to make this work with Azure AD. Then again, the manual states that it should be possible to do it with any IDP that supports SAML 2.0 for example. That discrepancy between the manual and user experience is what is confusing me so much.
In the meantime I was told, that Nextcloud does not depend on LDAP or another on premises AD per se (remember I did not set it up myself, and have little experience with it). That helps a bit, but only in theory. At the moment I cannot find the things Nextcloud is expecting from the IDP. They are either not present in Azure AD or are called differently than in Nextclouds SSO settings. I am stuck here and had hoped for some help from experienced users.
However, it seems no one has it working yet.
Nevertheless thank you for the Wordpress hint. I will keep my eyes open.
All, after many months and headache trying to solve this issue for my company’s Nextcloud instance, I decided to write a guide once I figured out the successful configuration. Below is a link to a step by step guide for configuring the Nextcloud SSO & SAML authentication app for Microsoft’s Azure AD. Hope it is helpful…
A curious question: Do you think the Azure AD signing certificate is renewed every once in a while? That would mean, it needs to rolled-over manually within the Nextcloud settings, but I guess that’s a matter of seconds for an admin…