Next Cloud SAML Single Sign-on (SSO)

This topic describes how to configure NextCloud for SSO using CyberArk Identity .

NextCloud is an open source external storage provider.

Supported SSO methods

You can configure the following SSO methods:

Method Description
IdP-initiated SAML SSO Configure SSO to enable your users to access SparkPost through the CyberArk Identity User Portal.
SP-initiated SAML SSO Configure SSO to enable your users to access SparkPost directly form the web application.

Before you begin

Before you begin, make sure you have the following prerequisites:

  • You have a NextCloud domain:

    https://nextcloud. [your-domain-name].com

  • You have created a NextCloud admin and users for SSO

Configure CyberArk Identity SSO for NextCloud

Step 1: Add the NextCloud app to the Identity Administration portal

  1. Go to Admin Portal > Apps > Web Apps and select Add Web Apps.

  2. In the app catalog window, search for the NexCloud app and select Add. Confirm that you want to add the application.

  3. Close the app catalog window to go to the NextCloud app configuration page.

Step 2: Enable Single Sign-on in your NextCloud app

  1. Go to the Trust tab in the application pane.

  2. Enter the following values::

    Element Description
    SP Entity ID or Issuer

    https://nextcloud.yourdomain.com/index.php/apps/user_saml/metadata

    Example: https://nextcloud.cyberark.com/index.php/apps/user_saml/metadata
    ACS URL

    https://nextcloud. [your-domain-name].com

    Example: https://nextcloud.cyberark.com

    NameID

    Select emailAdress

Step 3: Enable SAML in NextCloud

  1. Log in to your NextCloud web interface as an admin.

  2. Go to User icon > Apps and select Download and enable for SSO & SAML Authentication. Install the downloaded app.

  3. From the SSO & Authentication app, go to Administration > SSO & SAML authentication and select Add identify provider

  4. Enter the following values:

    Element Value

    General

    Attribute to map the UID to

    UID

    Optional display name of the identity provider

    CyberArk

    Identity provider data

    IdP issuer ID

    Copy and paste from CyberArk Identity > Add web apps > Trust tab

    IdP SSO URL

    Copy and paste from CyberArk Identity > Add web apps > Trust tab

Step 4: Test configuration

This is an optional step to test the configuration.

  1. Go to CyberArk Identity > Add web apps > Permissions and select Add

  2. Search for and select your test user. Select Save.

  3. Sign in to the CyberArk User portal as this user. You should see the deployed NextCloud app.