Office 365, Azure AD SSO?

Hello all,

our company is using Nextcloud 11 on a CentOS 6 system, which I did not setup myself. Currently Nextcloud verifies against an on premises LDAP. I am charged with the task to make this work with Office 365 Azure AD Single Sign On. After some research on the web, I am confused more than before and would be grateful if you could give me some definite answers.

The goal is to disable LDAP in the long run and - if possible - to let only Azure AD handle everything via SSO. Is that possible, or does Nextcloud need an on premises directory service in any case?

Thank you in advance.
InRi

Regarding Azure AD there has also been a feature request:

So I don’t think there is a working solution already. I found this one for wordpress, perhaps you can do something similar for Nextcloud:

Yes, I saw several of such posts, where people tried to make this work with Azure AD. Then again, the manual states that it should be possible to do it with any IDP that supports SAML 2.0 for example. That discrepancy between the manual and user experience is what is confusing me so much.

In the meantime I was told, that Nextcloud does not depend on LDAP or another on premises AD per se (remember I did not set it up myself, and have little experience with it). That helps a bit, but only in theory. At the moment I cannot find the things Nextcloud is expecting from the IDP. They are either not present in Azure AD or are called differently than in Nextclouds SSO settings. I am stuck here and had hoped for some help from experienced users.

However, it seems no one has it working yet.

Nevertheless thank you for the Wordpress hint. I will keep my eyes open. :slight_smile:

@InRi Just curious – did you find a solution for authentication with Office 365/Azure AD for Nextcloud?

All, after many months and headache trying to solve this issue for my company’s Nextcloud instance, I decided to write a guide once I figured out the successful configuration. Below is a link to a step by step guide for configuring the Nextcloud SSO & SAML authentication app for Microsoft’s Azure AD. Hope it is helpful…

@naterussellrpcs Thanks, this is an amazing write-up! :blush: I’m glad you made it work

A curious question: Do you think the Azure AD signing certificate is renewed every once in a while? That would mean, it needs to rolled-over manually within the Nextcloud settings, but I guess that’s a matter of seconds for an admin…

Cool! What about the iOS, Android and Desktop Clients? Did you get them to work as well?