SSO Client
Domain/LDAP SSO Client
If your DiskStation has joined the same domain or LDAP service as the SSO server, you can set your DiskStation as an SSO client. Users can access the services provided by your DiskStation once they log in to the SSO server with their credentials.
Before you start, make sure your DiskStation has joined the same domain or LDAP service as the SSO server.
To set your DiskStation as an SSO client:
- Go to Control Panel > Domain/LDAP > SSO Client.
- Tick the Enable SSO service checkbox.
- Specify the SSO server URL and Application ID in the fields below the checkbox.
Note:
To get the Application ID, choose either of the following mothods:
- Method 1:
- Login to the DSM which runs as the SSO server.
- Add your DiskStation which will serve as the client application to the Application List in SSO Server. For detailed steps, please refer to the Help article for SSO Server > Application List.
- Copy and paste the Application ID allocated by SSO Server once your DiskStation has been added to the SSO server.
- Method 2:
- After entering the SSO server URL*, click Quick Registration beside the Application ID field.
- In the registration box, enter the credentials of an administrator account of the SSO server in Server administrator and Password fields.
- Specify the name of your client application in Application Name field.
- Make sure the Redirect URI refers exactly to the login page of your DiskStation.
- Click OK, and your DiskStation will be added to SSO Server, with the Application ID being filled in automatically.
______
* You are required to enter the identical SSO server URL (either hostname or IP) when configuring every SSO client.
- Click Apply to save your settings.
Note:
- If the SSO server uses HTTPS protocol, the SSO login may be blocked by browsers in default of a trusted certificate.
- When the SSO server is accessed via HTTP protocol, if your DiskStation (set as an SSO client) uses HTTPS connection, users need to configure the settings of their browsers to allow the use of an unsecure connection.
- The IP address of the SSO server in the IPv6 format will not be supported if you have ticked the Improve security with HTTP Content Security Policy (CSP) header checkbox in Control Panel > Security > Security on your DSM.
Azure AD SSO Client
If your DiskStation has joined the Azure AD domain with site-to-site VPN, or the Windows domain which is synchroized to an Azure AD domain, you can set your DiskStation as an Azure SSO client. Users can access the services provided by your DiskStation once they log in to the Azure SSO server with their credentials.
Before you start, make sure your DiskStation has joined the Azure AD domain via VPN or Windows domain which has already synchronized to Azure AD domain.
To set your DiskStation as an Azure SSO client:
- Go to Control Panel > Domain/LDAP > SSO Client.
- Tick the Enable Azure SSO service checkbox.
- Specify the Client ID, Client Secret, Tenant ID, and Redirect URI in the corresponding fields.
- Click Apply to save your settings.
Note:
- For detailed steps to obtain Client ID/Secret and Tenant ID, please refer to the sections below.
- For security reasons, users are obliged to sign in to DSM with Azure SSO through HTTPS.
To obtain the Client ID and Client Secret for an application:
- Sign in to the Azure classic portal with an admin account.
- In ACTIVE DIRECTORY, select the directory where your user accounts are included.
- Go to APPLICATIONS tab, and click ADD at the bottom to add a new application.
- Click Add an application my organization is developing.
- Fill in your application's Name, and select WEB APPLICATION AND/OR WEB API checkbox.
- Fill in SIGN-ON URL. For example, https://yourdomain:port/webman/login.cgi
- Fill in APP ID URI. For example, https://yourdomain:port/
- After the setup is complete, select your application, and you will find the CLIENT ID.
- Add a key and click SAVE. You will then get the CLIENT SECRET in plain text.
To obtain the Tenant ID for an application:
- Repeat the steps 1 to 3 as in the section above.
- In APPLICATIONS tab, select an application and click VIEW ENDPOINTS at the bottom.
- A sequence of ID will display in every text field. Copy and paste the ID into the Tenant ID field.
Note:
- User interface of Microsoft Azure⢠is subject to change without notice.
- For more information on Azure AD mechanism, please refer to the following webpages: