Access to AOD for Greentree and AOD-Apps can be integrated with Azure AD to allow staff to use their Office 365 credentials to access their AOD applications.
Use the steps in this guide to complete the integration of your Azure AD.
Request SAML Integration
Integration between AOD and Azure AD occurs via the SAML protocol. For SAML-based authentication into AOD a customer-specific access URL will be provisioned. To start this process, contact the AOD Support team to initiate the process. Please note the customer-specific URL will be required to complete the next provisioning steps.
Create Application Entry in Azure AD
- Log into Azure AD and navigate to the Enterprise Applications section.
- Under the All Applications section, choose the New Application option
In the browser enter the search term ADC and select the application Citrix ADC.
This used to be Citrix Netscaler.
In the prompt for the Name, enter AOD-Apps and save the application.
Configure Application Access Control (Users and Groups)
- Select the newly created AOD-Apps application from the list of Enterprise Applications by clicking on the AOD-Apps name:
- To control access to the AOD-Apps application, navigate to the Users and groups section and select a group or set of individual accounts to provide access to the application:
- Additionally, you may want to impose access restrictions to the AOD-Apps application based on various security checks. These can be configured via the Conditional Access area of the application:
Configure Application Entry
- In the created application, navigate to the Single Sign-On section and select the option for SAML:
In the section for Basic SAML Configuration enter the URLs below:
Identifier (Entity ID) - https://apac.aod.cloud
Identifier (Entity ID) - https://greentree.io
Reply URL (Assertion Consumer Service URL) - https://apac.aod.cloud/cgi/samlauth
Reply URL (Assertion Consumer Service URL) - https://greentree.io/cgi/samlauth
Sign on URL - https://apac.aod.cloud
Gather Azure Application Details
- In order to complete the Azure AD - AOD integration, a number of details need to be provided to AOD Support team for integration.
- Record the following URLs and send them to firstname.lastname@example.org along with the Base64 version of the Certificate to AOD:
- App Federation Metadata Url
- Login URL
- Azure AD Identifier
- Logout URL
- Application ID
- Object ID