Synology single-sign-on (SSO) solution
This solution allows users to sign in to any one of your web applications and services while, simultaneously, being able to access any other by that initial sign-in. Thus, Synology acts as the ultimate merge of all your web applications and services in a single sign-in.
Considering the benefits, your subscription to Microsoft Azure allows you to join your Synology NAS as an SSO client to Microsoft Azure Active Directory Domain Services. By this means, you can consider the need of domain controllers on premises’ deployment and management done.
This tutorial will provide you all the information and the step that you will need to join your Synology NAS to Azure AD Domain Services, and how to enable Azure SSO service.
Before you start make sure the operating system of your Synology NAS has been updated to DiskStation Manager (DSM) on the latest version. Make sure an IPSec (Internet Protocol security) VPN (Virtual Private Network) tunnel has been set up between Microsoft Azure Virtual Network and the network where you located your Synology NAS.
Firstly, you need to Enable Microsoft Azure AD Domain Survives
a) On Azure Portal click → all resources → sunology.com → Properties → Look for IP ADDRESS ON VIRTUAL NETWORK
b) Save the IP Address.
Note: You might need to update DNS Server and set up password synchronization on Azure Portal.
Secondly, Join your Synology NAS to Azure AD Domain.
1) Sign into your DSM on Synology NAS as an administrator.
2) Go to Control Panel → Domain/LDAP →Domain
a) Tick the Join Domain Checkbox.
b) Domain: Here, always type SYNOLOGY.COM
c) DNS Server: Enter the Azure AD Domain IP Address.
d) Click APPLY.
3) Once A Window will pop up.
a) Enter the credentials of Azure AD Domain’s Administrator and click Next.
b) Once you read the notes, click OK to start Joining.
c) When the Domain Join is complete, click Finish.
d) Now you can view all the users and groups managed on Azure Active Directory.
Lastly, Enable Azure SSO Service on Synology NAS.
1) Log in to your Microsoft Azure Account.
2) On Azure Portal, go to Azure Active Directory → App Registrations, and click New Application Registration.
3) Once you click on New Application Registration, a window will pop up.
a) Configure the setting and then click Create.
b) Name: Enter the Application’s Name.
c) Application Type: select Web app / API.
d) Sing-on URL: Enter the URL of your Application’s login page. (Synology URL)
4) Once the application is created, it will appear in the list. Then click on it to get all the details you might need.
5) Below Settings, Copy and save the Application ID.
6) Click Settings → Keys.
7) Once you click on Key button, follow the bellow instruction to generate the application key:
a) Set up the key’s Description and duration of validity (expires).
b) Click Save.
c) The key will appear at the VALUE column. Make sure you copy and save the value before exiting the specific page.
8) On Azure Portal go to Azure Active Directory → Properties and copy the Directory ID.
9) Go to DSM Control Panel → Domain/LDAP → SSO Client, then follow the bellow instruction:
a) Tick Enable OpenID Connect SSO Services.
b) Select Azure in the Profile Drop-Down list.
c) Click Edit.
d) Paste the values of Application ID, Keys and Directory ID and enter the Redirect URL of your application’s login page.
10) Click Apply when the configuration is complete.
11) All the active members managed by your Azure Active Directory can now sign into your Synology NAS hosting Application with their credentials. To Sign in with SSO, select Azure SSO Authentication from the drop-down list.
12) Users will see a pop-up window requiring their account credentials.
13) Lastly, users will see a confirmation. Press Accept to sing in.
The implementation has been successfully completed!!!
IBSCY LTD as a gold Microsoft partner in Cyprus and Synology Partner in Cyprus has certified employees that provide excellent IT Services and IT maintenance to all businesses in Cyprus and abroad.