{"id":25803,"date":"2022-07-08T09:40:06","date_gmt":"2022-07-08T09:40:06","guid":{"rendered":"https:\/\/cloud-cod.com\/?p=25803"},"modified":"2022-07-11T09:51:44","modified_gmt":"2022-07-11T09:51:44","slug":"testing-azure-ad-aviatrix-openvpn-saml-integration","status":"publish","type":"post","link":"https:\/\/cloud-cod.com\/index.php\/2022\/07\/08\/testing-azure-ad-aviatrix-openvpn-saml-integration\/","title":{"rendered":"Azure AD + Aviatrix OpenVPN SAML integration"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"25803\" class=\"elementor elementor-25803\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-265f22a elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"265f22a\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-9248134\" data-id=\"9248134\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-5208310 elementor-widget elementor-widget-heading\" data-id=\"5208310\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.17.0 - 01-11-2023 *\/\n.elementor-heading-title{padding:0;margin:0;line-height:1}.elementor-widget-heading .elementor-heading-title[class*=elementor-size-]>a{color:inherit;font-size:inherit;line-height:inherit}.elementor-widget-heading .elementor-heading-title.elementor-size-small{font-size:15px}.elementor-widget-heading .elementor-heading-title.elementor-size-medium{font-size:19px}.elementor-widget-heading .elementor-heading-title.elementor-size-large{font-size:29px}.elementor-widget-heading .elementor-heading-title.elementor-size-xl{font-size:39px}.elementor-widget-heading .elementor-heading-title.elementor-size-xxl{font-size:59px}<\/style><h2 class=\"elementor-heading-title elementor-size-default\">Testing Azure AD + Aviatrix OpenVPN SAML integration<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-f63ad85 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"f63ad85\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-0e6f748\" data-id=\"0e6f748\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-49b43f6 elementor-widget elementor-widget-text-editor\" data-id=\"49b43f6\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.17.0 - 01-11-2023 *\/\n.elementor-widget-text-editor.elementor-drop-cap-view-stacked .elementor-drop-cap{background-color:#69727d;color:#fff}.elementor-widget-text-editor.elementor-drop-cap-view-framed .elementor-drop-cap{color:#69727d;border:3px solid;background-color:transparent}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap{margin-top:8px}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap-letter{width:1em;height:1em}.elementor-widget-text-editor .elementor-drop-cap{float:left;text-align:center;line-height:1;font-size:50px}.elementor-widget-text-editor .elementor-drop-cap-letter{display:inline-block}<\/style>\t\t\t\t<p>The following article describes how set up Azure AD + Aviatrix OpenVPN SAML integration.\u00a0\u00a0<span style=\"color: var( --e-global-color-text ); font-family: var( --e-global-typography-text-font-family ), Sans-serif; font-weight: var( --e-global-typography-text-font-weight ); font-size: 0.875rem;\">There are 3 possible SAML integration options provided by Aviatrix:<\/span><\/p><p>&#8211; Option #1 &#8211; Users and Profile Associations done by Aviatrix Controller<\/p><p>&#8211; Option #2 &#8211; Users in IDP (e.g. Azure AD) but the Profile Associations done by Aviatrix Controller<\/p><p>&#8211; Option #3 &#8211; Users and Profile Associations done by IDP (e.g. Azure AD).<\/p><p>The last option is the one described below<span style=\"color: var( --e-global-color-text ); font-family: var( --e-global-typography-text-font-family ), Sans-serif; font-weight: var( --e-global-typography-text-font-weight ); font-size: 0.875rem;\">.<\/span><\/p><p><span style=\"color: var( --e-global-color-text ); font-family: var( --e-global-typography-text-font-family ), Sans-serif; font-weight: var( --e-global-typography-text-font-weight ); font-size: 0.875rem;\">\u00a0<\/span><span style=\"color: var( --e-global-color-text ); font-family: var( --e-global-typography-text-font-family ), Sans-serif; font-weight: var( --e-global-typography-text-font-weight ); font-size: 0.875rem;\">The diagram below shows the Lab setup:<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9a6d64d elementor-widget elementor-widget-image\" data-id=\"9a6d64d\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.17.0 - 01-11-2023 *\/\n.elementor-widget-image{text-align:center}.elementor-widget-image a{display:inline-block}.elementor-widget-image a img[src$=\".svg\"]{width:48px}.elementor-widget-image img{vertical-align:middle;display:inline-block}<\/style>\t\t\t\t\t\t\t\t\t<figure class=\"wp-caption\">\n\t\t\t\t\t\t\t\t\t\t\t<a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/diagram.png\" data-elementor-open-lightbox=\"yes\" data-elementor-lightbox-title=\"OpenVPN with Azure AD in Aviatrix - Users and Profile Associations in IDP\" data-elementor-lightbox-description=\"OpenVPN with Azure AD in Aviatrix - Users and Profile Associations in IDP\" data-e-action-hash=\"#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MjU4MDUsInVybCI6Imh0dHBzOlwvXC9jbG91ZC1jb2QuY29tXC93cC1jb250ZW50XC91cGxvYWRzXC8yMDIyXC8wN1wvZGlhZ3JhbS5wbmcifQ%3D%3D\">\n\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"768\" height=\"1041\" src=\"https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/diagram-768x1041.png\" class=\"attachment-medium_large size-medium_large wp-image-25805\" alt=\"OpenVPN with Azure AD in Aviatrix - Users and Profile Associations in IDP\" srcset=\"https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/diagram-768x1041.png 768w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/diagram-221x300.png 221w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/diagram-756x1024.png 756w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/diagram.png 1098w\" sizes=\"auto, (max-width: 768px) 100vw, 768px\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t<figcaption class=\"widget-image-caption wp-caption-text\">OpenVPN with Azure AD in Aviatrix - Users and Profile Associations in IDP<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-decc14a elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"decc14a\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-60c9331\" data-id=\"60c9331\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-d7dce4d elementor-widget elementor-widget-toggle\" data-id=\"d7dce4d\" data-element_type=\"widget\" data-widget_type=\"toggle.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.17.0 - 01-11-2023 *\/\n.elementor-toggle{text-align:left}.elementor-toggle .elementor-tab-title{font-weight:700;line-height:1;margin:0;padding:15px;border-bottom:1px solid #d5d8dc;cursor:pointer;outline:none}.elementor-toggle .elementor-tab-title .elementor-toggle-icon{display:inline-block;width:1em}.elementor-toggle .elementor-tab-title .elementor-toggle-icon svg{margin-inline-start:-5px;width:1em;height:1em}.elementor-toggle .elementor-tab-title .elementor-toggle-icon.elementor-toggle-icon-right{float:right;text-align:right}.elementor-toggle .elementor-tab-title .elementor-toggle-icon.elementor-toggle-icon-left{float:left;text-align:left}.elementor-toggle .elementor-tab-title .elementor-toggle-icon .elementor-toggle-icon-closed{display:block}.elementor-toggle .elementor-tab-title .elementor-toggle-icon .elementor-toggle-icon-opened{display:none}.elementor-toggle .elementor-tab-title.elementor-active{border-bottom:none}.elementor-toggle .elementor-tab-title.elementor-active .elementor-toggle-icon-closed{display:none}.elementor-toggle .elementor-tab-title.elementor-active .elementor-toggle-icon-opened{display:block}.elementor-toggle .elementor-tab-content{padding:15px;border-bottom:1px solid #d5d8dc;display:none}@media (max-width:767px){.elementor-toggle .elementor-tab-title{padding:12px}.elementor-toggle .elementor-tab-content{padding:12px 10px}}.e-con-inner>.elementor-widget-toggle,.e-con>.elementor-widget-toggle{width:var(--container-widget-width);--flex-grow:var(--container-widget-flex-grow)}<\/style>\t\t<div class=\"elementor-toggle\">\n\t\t\t\t\t\t\t<div class=\"elementor-toggle-item\">\n\t\t\t\t\t<div id=\"elementor-tab-title-2261\" class=\"elementor-tab-title\" data-tab=\"1\" role=\"button\" aria-controls=\"elementor-tab-content-2261\" aria-expanded=\"false\">\n\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-toggle-icon elementor-toggle-icon-left\" aria-hidden=\"true\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-toggle-icon-closed\"><i class=\"fas fa-caret-right\"><\/i><\/span>\n\t\t\t\t\t\t\t\t<span class=\"elementor-toggle-icon-opened\"><i class=\"elementor-toggle-icon-opened fas fa-caret-up\"><\/i><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t<a class=\"elementor-toggle-title\" tabindex=\"0\">Step 1 - Configure Azure Active Directory, Application, SAML<\/a>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<div id=\"elementor-tab-content-2261\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"1\" role=\"region\" aria-labelledby=\"elementor-tab-title-2261\"><p>Aviatrix docs:\u00a0<a href=\"https:\/\/docs.aviatrix.com\/HowTos\/SAML_Integration_Azure_AD_IdP.html\" target=\"_blank\" rel=\"noopener\">https:\/\/docs.aviatrix.com\/HowTos\/SAML_Integration_Azure_AD_IdP.html<\/a><\/p><p><b>Active Directory<\/b><\/p><ul><li>Go to Azure Active Directory<\/li><li>Make sure the Users and Groups are created<\/li><\/ul><p><b>Application creation<\/b><\/p><ul><li>Go to Azure Active Directory -&gt; Enterprise Applications and select New Application<\/li><\/ul><p>\u00a0<\/p><figure style=\"width: 200px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step1.png\"><img loading=\"lazy\" decoding=\"async\" title=\"Enterprise Application creation in Azure - step 1\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step1-200x300.png\" alt=\"Enterprise Application creation in Azure - step 1\" width=\"200\" height=\"300\" \/><\/a><figcaption class=\"wp-caption-text\">Enterprise Application creation in Azure &#8211; step 1<\/figcaption><\/figure><div><figure id=\"attachment_25807\" aria-describedby=\"caption-attachment-25807\" style=\"width: 300px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step2.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-25807\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step2-300x265.png\" alt=\"Enterprise Application creation in Azure - step 2\" width=\"300\" height=\"265\" srcset=\"https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step2-300x265.png 300w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step2-1024x904.png 1024w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step2-768x678.png 768w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step2.png 1207w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><figcaption id=\"caption-attachment-25807\" class=\"wp-caption-text\">Enterprise Application creation in Azure &#8211; step 2<\/figcaption><\/figure><div><p>\u00a0<\/p><ul><li>Choose \u201cCreate your application<\/li><\/ul><figure id=\"attachment_25808\" aria-describedby=\"caption-attachment-25808\" style=\"width: 300px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step3.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-25808\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step3-300x194.png\" alt=\"Enterprise Application creation in Azure - step 3\" width=\"300\" height=\"194\" srcset=\"https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step3-300x194.png 300w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step3.png 659w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><figcaption id=\"caption-attachment-25808\" class=\"wp-caption-text\">Enterprise Application creation in Azure &#8211; step 3<\/figcaption><\/figure><\/div><p>\u00a0<\/p><ul><li>Provide the name of your application and click on \u201cCreate\u201d<\/li><\/ul><p>\u00a0<\/p><figure id=\"attachment_25809\" aria-describedby=\"caption-attachment-25809\" style=\"width: 300px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step4.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-25809\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step4-300x257.png\" alt=\"Enterprise Application creation in Azure - step 4\" width=\"300\" height=\"257\" srcset=\"https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step4-300x257.png 300w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step4-768x657.png 768w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step4.png 784w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><figcaption id=\"caption-attachment-25809\" class=\"wp-caption-text\">Enterprise Application creation in Azure &#8211; step 4<\/figcaption><\/figure><div>\u00a0<\/div><div><strong>Users\/Groups Assignment<\/strong><\/div><ul><li>Go to the Application you created and choose \u201cUsers and Groups\u201d. Click on \u201cAdd user\/group\u201d<\/li><\/ul><p>\u00a0<\/p><figure id=\"attachment_25810\" aria-describedby=\"caption-attachment-25810\" style=\"width: 300px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step5.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-25810\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step5-300x210.png\" alt=\"Enterprise Application creation in Azure - step 5\" width=\"300\" height=\"210\" srcset=\"https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step5-300x210.png 300w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step5-768x537.png 768w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step5.png 901w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><figcaption id=\"caption-attachment-25810\" class=\"wp-caption-text\">Enterprise Application creation in Azure &#8211; step 5<\/figcaption><\/figure><p>\u00a0<\/p><ul><li>Select the users\/groups you want to be assigned<\/li><li>Click on \u201cAssign\u201d<\/li><\/ul><p>\u00a0<\/p><p><strong>Single Sign-On Configuration<\/strong><\/p><ul><li>Go to \u201cSingle sign-on\u201d and select \u201cSAML\u201d<\/li><\/ul><p>\u00a0<\/p><figure id=\"attachment_25811\" aria-describedby=\"caption-attachment-25811\" style=\"width: 300px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step6.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-25811\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step6-300x113.png\" alt=\"Enterprise Application creation in Azure - step 6\" width=\"300\" height=\"113\" srcset=\"https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step6-300x113.png 300w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step6-1024x385.png 1024w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step6-768x289.png 768w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step6-1536x577.png 1536w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step6-2048x769.png 2048w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><figcaption id=\"caption-attachment-25811\" class=\"wp-caption-text\">Enterprise Application creation in Azure &#8211; step 6<\/figcaption><\/figure><p>\u00a0<\/p><ul><li>\u201cEdit\u201d the field called \u201c1 \u2013 Basic SAML Configuration\u201d<\/li><\/ul><p>\u00a0<\/p><div><figure id=\"attachment_25812\" aria-describedby=\"caption-attachment-25812\" style=\"width: 300px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step7.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-25812\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step7-300x161.png\" alt=\"Enterprise Application creation in Azure - step 7\" width=\"300\" height=\"161\" srcset=\"https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step7-300x161.png 300w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step7-1024x548.png 1024w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step7-768x411.png 768w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step7.png 1428w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><figcaption id=\"caption-attachment-25812\" class=\"wp-caption-text\">Enterprise Application creation in Azure &#8211; step 7<\/figcaption><\/figure><\/div><p>\u00a0<\/p><ul><li>Fill in the following fields<\/li><\/ul><p>\u00a0<\/p><figure id=\"attachment_25813\" aria-describedby=\"caption-attachment-25813\" style=\"width: 251px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step8.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-25813\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step8-251x300.png\" alt=\"Enterprise Application creation in Azure - step 8\" width=\"251\" height=\"300\" srcset=\"https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step8-251x300.png 251w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step8-857x1024.png 857w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step8-768x918.png 768w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step8.png 1118w\" sizes=\"auto, (max-width: 251px) 100vw, 251px\" \/><\/a><figcaption id=\"caption-attachment-25813\" class=\"wp-caption-text\">Enterprise Application creation in Azure &#8211; step 8<\/figcaption><\/figure><div><p>\u00a0<\/p><p><strong>Identifier (Entity ID<\/strong>) \u2013 it will be your Controller IP or DNS Name of the Aviatrix Controller if you use just one Application, e.g. <a href=\"https:\/\/a.b.c.d\">https:\/\/a.b.c.d<\/a> (a.b.c.d is a Public IP of your Aviatrix Controller) or DNS Name, e.g. <a href=\"https:\/\/mycontroller.com\">https:\/\/mycontroller.com<\/a> . However, if you use multiple applications you have to put some additional string at the end (unique per application), e.g. <a href=\"https:\/\/a.b.c.d\/app2\">https:\/\/a.b.c.d\/app2<\/a><\/p><p><strong>Reply URL<\/strong> \u2013 in a format of <a href=\"https:\/\/a.b.c.d\/flask\/saml\/sso\/%3cyourAviatrixEndpointName\">https:\/\/a.b.c.d\/flask\/saml\/sso\/&lt;yourAviatrixEndpointName<\/a>&gt;<\/p><p><strong>Sign on URL<\/strong> \u2013 in a format of <a href=\"https:\/\/a.b.c.d\/flask\/saml\/login\/%3cyourAviatrixEndpointName\">https:\/\/a.b.c.d\/flask\/saml\/login\/&lt;yourAviatrixEndpointName<\/a>&gt;<\/p><p>Please keep in mind that at this point the Aviatrix Endpoint is not created yet. Though you might specify the name of it in Azure configuration. \u201csamlendpoint1\u201d is the name I have chosen.<\/p><p>\u00a0<\/p><ul><li>\u201cEdit\u201d the field called \u201c2 \u2013 Attributes &amp; Claims\u201d<\/li><\/ul><p>The goal is to have the Users and Profile Association done by IDP = Azure AD and pass them to Aviatrix Controller as attributes. Therefore we must adjust the attributes we are going to send to Aviatrix Controller.<\/p><p>\u00a0<\/p><figure id=\"attachment_25814\" aria-describedby=\"caption-attachment-25814\" style=\"width: 300px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step9.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-25814\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step9-300x237.png\" alt=\"Enterprise Application creation in Azure - step 9\" width=\"300\" height=\"237\" srcset=\"https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step9-300x237.png 300w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step9-1024x810.png 1024w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step9-768x608.png 768w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step9-1536x1215.png 1536w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step9-2048x1620.png 2048w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><figcaption id=\"caption-attachment-25814\" class=\"wp-caption-text\">Enterprise Application creation in Azure &#8211; step 9<\/figcaption><\/figure><\/div><p>\u00a0<\/p><ul><li>Modify the claims so they look as follows (the names are case sensitive):<\/li><\/ul><p>\u00a0<\/p><figure id=\"attachment_25815\" aria-describedby=\"caption-attachment-25815\" style=\"width: 300px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step10.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-25815\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step10-300x193.png\" alt=\"Enterprise Application creation in Azure - step 10\" width=\"300\" height=\"193\" srcset=\"https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step10-300x193.png 300w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step10-1024x660.png 1024w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step10-768x495.png 768w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step10.png 1079w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><figcaption id=\"caption-attachment-25815\" class=\"wp-caption-text\">Enterprise Application creation in Azure &#8211; step 10<\/figcaption><\/figure><div><p>\u00a0<\/p><table><tbody><tr><td width=\"200\">Name<\/td><td width=\"200\">Value<\/td><td width=\"200\">Namespace<\/td><\/tr><tr><td width=\"200\">FirstName<\/td><td width=\"200\">user.givenname<\/td><td width=\"200\">(blank)<\/td><\/tr><tr><td width=\"200\">LastName<\/td><td width=\"200\">user.surname<\/td><td width=\"200\">(blank)<\/td><\/tr><tr><td width=\"200\">Email<\/td><td width=\"200\">user.mail<\/td><td width=\"200\">(blank)<\/td><\/tr><\/tbody><\/table><p>Please notice that there will be one more claim (called Profile) added later.<\/p><\/div><\/div><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<div class=\"elementor-toggle-item\">\n\t\t\t\t\t<div id=\"elementor-tab-title-2262\" class=\"elementor-tab-title\" data-tab=\"2\" role=\"button\" aria-controls=\"elementor-tab-content-2262\" aria-expanded=\"false\">\n\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-toggle-icon elementor-toggle-icon-left\" aria-hidden=\"true\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-toggle-icon-closed\"><i class=\"fas fa-caret-right\"><\/i><\/span>\n\t\t\t\t\t\t\t\t<span class=\"elementor-toggle-icon-opened\"><i class=\"elementor-toggle-icon-opened fas fa-caret-up\"><\/i><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t<a class=\"elementor-toggle-title\" tabindex=\"0\">Step 2 - Configure Aviatrix Controller Gateway and SAML Endpoint<\/a>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<div id=\"elementor-tab-content-2262\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"2\" role=\"region\" aria-labelledby=\"elementor-tab-title-2262\"><ul><li>Log in to your Aviatrix Controller<\/li><li>Go to the \u201cGateway\u201d section and select \u201cCreate New\u201d<\/li><\/ul><figure id=\"attachment_25817\" aria-describedby=\"caption-attachment-25817\" style=\"width: 300px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-25817\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step1-300x171.png\" alt=\"Aviatrix Gateway creation - step 1\" width=\"300\" height=\"171\" srcset=\"https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step1-300x171.png 300w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step1-768x437.png 768w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step1.png 902w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><figcaption id=\"caption-attachment-25817\" class=\"wp-caption-text\">Aviatrix Gateway creation &#8211; step 1<\/figcaption><\/figure><div><p>Remark: you must choose the VNET where the Aviatrix Gateway is going to be deployed. If you do not have such a VNET please go to \u201cUseful Tools\u201d and select \u201cCreate a VPC\u201d.<\/p><figure id=\"attachment_25818\" aria-describedby=\"caption-attachment-25818\" style=\"width: 300px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step2.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-25818\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step2-300x205.png\" alt=\"Aviatrix VNET\/VPC creation\" width=\"300\" height=\"205\" srcset=\"https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step2-300x205.png 300w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step2-1024x700.png 1024w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step2-768x525.png 768w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step2-1536x1051.png 1536w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step2.png 1994w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><figcaption id=\"caption-attachment-25818\" class=\"wp-caption-text\">Aviatrix VNET\/VPC creation<\/figcaption><\/figure><\/div><ul><li>Going back to our Gateway deployment page. The most important fields to select are \u201cVPN Access\u201d, \u201cAdvanced Options\u201d, and \u201cEnable SAML\u201d. You can leave the remaining options as default.<\/li><\/ul><figure id=\"attachment_25819\" aria-describedby=\"caption-attachment-25819\" style=\"width: 211px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step3.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-25819\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step3-211x300.png\" alt=\"Aviatrix Gateway creation - step 2\" width=\"211\" height=\"300\" srcset=\"https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step3-211x300.png 211w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step3-719x1024.png 719w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step3-768x1093.png 768w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step3-1079x1536.png 1079w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step3.png 1231w\" sizes=\"auto, (max-width: 211px) 100vw, 211px\" \/><\/a><figcaption id=\"caption-attachment-25819\" class=\"wp-caption-text\">Aviatrix Gateway creation &#8211; step 2<\/figcaption><\/figure><ul><li>Create an Aviatrix SAML Endpoint. Go to \u201cOPENVPN\u201d -&gt; \u201cAdvanced\u201d and \u201cSAML\u201d Tab. Select \u201cAdd New\u201d.<\/li><\/ul><figure id=\"attachment_25820\" aria-describedby=\"caption-attachment-25820\" style=\"width: 300px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step3b.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-25820\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step3b-300x215.png\" alt=\"Aviatrix SAML Endpoint creation - step 1\" width=\"300\" height=\"215\" srcset=\"https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step3b-300x215.png 300w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step3b-1024x735.png 1024w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step3b-768x552.png 768w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step3b-1536x1103.png 1536w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step3b.png 1969w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><figcaption id=\"caption-attachment-25820\" class=\"wp-caption-text\">Aviatrix SAML Endpoint creation &#8211; step 1<\/figcaption><\/figure><ul><li>Fill in the Endpoint information<\/li><\/ul><div><figure id=\"attachment_25922\" aria-describedby=\"caption-attachment-25922\" style=\"width: 300px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step3c-1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-25922\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step3c-1-300x130.png\" alt=\"Aviatrix SAML Endpoint creation - step 2\" width=\"300\" height=\"130\" srcset=\"https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step3c-1-300x130.png 300w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step3c-1-1024x444.png 1024w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step3c-1-768x333.png 768w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step3c-1-1536x665.png 1536w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step3c-1-2048x887.png 2048w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><figcaption id=\"caption-attachment-25922\" class=\"wp-caption-text\">Aviatrix SAML Endpoint creation &#8211; step 2<\/figcaption><\/figure><p><strong>Endpoint Name<\/strong> \u2013 put the name you have already chosen during SAML configuration in Azure<\/p><p><strong>IDP Metadata Type<\/strong> \u2013 change to Text. You will have to come back to this and Upload the \u201cMetadata XML\u201d file downloaded from Azure (it will be presented in a few steps once the Profile Claim is configured). You can put just random text now.<\/p><p><strong>Entity ID<\/strong> \u2013 leave Hostname if you have one Application. Change to Custom if you have multiple Applications (in such a case provide the whole name, e.g. <a href=\"https:\/\/a.b.c.d\/app2\">https:\/\/a.b.c.d\/app2<\/a><\/p><p>Custom SAML Request Template \u2013 must be checked. Copy the following template (<a href=\"https:\/\/docs.aviatrix.com\/HowTos\/SAML_Integration_Azure_AD_IdP.html\">https:\/\/docs.aviatrix.com\/HowTos\/SAML_Integration_Azure_AD_IdP.html<\/a>):<\/p><table><tbody><tr><td width=\"601\"><p><strong>&lt;samlp:AuthnRequest<\/strong> xmlns:samlp=&#8221;urn:oasis:names:tc:SAML:2.0:protocol&#8221; ID=&#8221;$<strong>ID&#8221;<\/strong> Version=&#8221;2.0&#8243; IssueInstant=&#8221;$Time&#8221; Destination=&#8221;$Dest&#8221; ForceAuthn=&#8221;false&#8221; IsPassive=&#8221;false&#8221; ProtocolBinding=&#8221;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST&#8221; AssertionConsumerServiceURL=&#8221;$ACS&#8221;<strong>&gt;<\/strong><\/p><p><strong>&lt;saml:Issuer<\/strong> xmlns:saml=&#8221;urn:oasis:names:tc:SAML:2.0:assertion&#8221;<strong>&gt;<\/strong>$Issuer<\/p><\/td><\/tr><\/tbody><\/table><p>Once done, the SAML Endpoint is created (but still with an incorrect Metadata Text now):<\/p><figure id=\"attachment_25822\" aria-describedby=\"caption-attachment-25822\" style=\"width: 300px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step4.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-25822\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step4-300x78.png\" alt=\"Aviatrix SAML Endpoint creation - step 3\" width=\"300\" height=\"78\" srcset=\"https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step4-300x78.png 300w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step4-1024x265.png 1024w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step4-768x199.png 768w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step4-1536x398.png 1536w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step4-2048x531.png 2048w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><figcaption id=\"caption-attachment-25822\" class=\"wp-caption-text\">Aviatrix SAML Endpoint creation &#8211; step 3<\/figcaption><\/figure><\/div><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<div class=\"elementor-toggle-item\">\n\t\t\t\t\t<div id=\"elementor-tab-title-2263\" class=\"elementor-tab-title\" data-tab=\"3\" role=\"button\" aria-controls=\"elementor-tab-content-2263\" aria-expanded=\"false\">\n\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-toggle-icon elementor-toggle-icon-left\" aria-hidden=\"true\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-toggle-icon-closed\"><i class=\"fas fa-caret-right\"><\/i><\/span>\n\t\t\t\t\t\t\t\t<span class=\"elementor-toggle-icon-opened\"><i class=\"elementor-toggle-icon-opened fas fa-caret-up\"><\/i><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t<a class=\"elementor-toggle-title\" tabindex=\"0\">Step 3 - Configure Profiles in Aviatrix Controller<\/a>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<div id=\"elementor-tab-content-2263\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"3\" role=\"region\" aria-labelledby=\"elementor-tab-title-2263\"><p>Even though the Profiles Association is done by Azure AD, the Profiles themselves are configured and maintained by the Aviatrix Controller. Profiles are controlling the connectivity between VPN Users and constructs (e.g. VM instances) in Azure.<\/p><ul><li>Configure the Profiles you want to have. I will configure one profile (called \u201cDeny-10-113-0-0-16\u201d) that denies the communication to my VNET CIDR (10.113\/16). The other (called \u201cAllow_10-113-0-0-16\u201d) will allow the communication to the CIDR (10.113\/16).<\/li><li>Go to the Aviatrix Controller -&gt; \u201cOPENVPN\u201d -&gt; \u201cProfiles\u201d -&gt; \u201cAdd New\u201d<\/li><\/ul><p>\u00a0<\/p><figure id=\"attachment_25823\" aria-describedby=\"caption-attachment-25823\" style=\"width: 198px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step5.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-25823\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step5-198x300.png\" alt=\"Aviatrix SAML Profile creation - step 1\" width=\"198\" height=\"300\" srcset=\"https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step5-198x300.png 198w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step5-677x1024.png 677w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step5-768x1161.png 768w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step5.png 912w\" sizes=\"auto, (max-width: 198px) 100vw, 198px\" \/><\/a><figcaption id=\"caption-attachment-25823\" class=\"wp-caption-text\">Aviatrix SAML Profile creation &#8211; step 1<\/figcaption><\/figure><p>\u00a0<\/p><ul><li>Create a Profile. The Baseline would be \u201cDeny all\u201d. As a next step, we will specify explicitly what communication is allowed.<\/li><\/ul><p>\u00a0<\/p><div><figure id=\"attachment_25824\" aria-describedby=\"caption-attachment-25824\" style=\"width: 300px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step6.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-25824\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step6-300x88.png\" alt=\"Aviatrix SAML Profile creation - step 2\" width=\"300\" height=\"88\" srcset=\"https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step6-300x88.png 300w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step6-1024x300.png 1024w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step6-768x225.png 768w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step6.png 1500w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><figcaption id=\"caption-attachment-25824\" class=\"wp-caption-text\">Aviatrix SAML Profile creation &#8211; step 2<\/figcaption><\/figure><\/div><p>\u00a0<\/p><ul><li>Edit the Profile and specify what communication is allowed<\/li><\/ul><p>\u00a0<\/p><figure id=\"attachment_25825\" aria-describedby=\"caption-attachment-25825\" style=\"width: 300px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step7.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-25825\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step7-300x173.png\" alt=\"Aviatrix SAML Profile creation - step 3\" width=\"300\" height=\"173\" srcset=\"https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step7-300x173.png 300w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step7.png 762w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><figcaption id=\"caption-attachment-25825\" class=\"wp-caption-text\">Aviatrix SAML Profile creation &#8211; step 3<\/figcaption><\/figure><div><figure id=\"attachment_25860\" aria-describedby=\"caption-attachment-25860\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step8-1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-large wp-image-25860\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step8-1-1024x272.png\" alt=\"Aviatrix SAML Profile creation - step 4\" width=\"800\" height=\"213\" srcset=\"https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step8-1-1024x272.png 1024w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step8-1-300x80.png 300w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step8-1-768x204.png 768w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step8-1-1536x408.png 1536w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step8-1-2048x544.png 2048w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><\/a><figcaption id=\"caption-attachment-25860\" class=\"wp-caption-text\">Aviatrix SAML Profile creation &#8211; step 4<\/figcaption><\/figure><\/div><div>\u00a0<\/div><div>Remember to \u201cSave\u201d and \u201cUpdate\u201d the rules.<\/div><ul><li>Create another Profile. The Baseline would be \u201cAllow all\u201d this time. As a next step, we will specify explicitly what communication is denied.<\/li><\/ul><p>\u00a0<\/p><figure id=\"attachment_25827\" aria-describedby=\"caption-attachment-25827\" style=\"width: 300px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step9.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-25827\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step9-300x82.png\" alt=\"Aviatrix SAML Profile creation - step 4\" width=\"300\" height=\"82\" srcset=\"https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step9-300x82.png 300w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step9-1024x280.png 1024w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step9-768x210.png 768w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step9-1536x420.png 1536w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step9.png 1609w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><figcaption id=\"caption-attachment-25827\" class=\"wp-caption-text\">Aviatrix SAML Profile creation &#8211; step 5<\/figcaption><\/figure><div>\u00a0<\/div><div>Edit the Profile and specify what communication is denied. Remember to set the Action to Deny.<\/div><div>\u00a0<\/div><div><figure id=\"attachment_25828\" aria-describedby=\"caption-attachment-25828\" style=\"width: 300px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step10.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-25828\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step10-300x83.png\" alt=\"Aviatrix SAML Profile creation - step 5\" width=\"300\" height=\"83\" srcset=\"https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step10-300x83.png 300w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step10-1024x282.png 1024w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step10-768x211.png 768w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step10-1536x423.png 1536w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step10-2048x564.png 2048w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><figcaption id=\"caption-attachment-25828\" class=\"wp-caption-text\">Aviatrix SAML Profile creation &#8211; step 6<\/figcaption><\/figure><\/div><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<div class=\"elementor-toggle-item\">\n\t\t\t\t\t<div id=\"elementor-tab-title-2264\" class=\"elementor-tab-title\" data-tab=\"4\" role=\"button\" aria-controls=\"elementor-tab-content-2264\" aria-expanded=\"false\">\n\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-toggle-icon elementor-toggle-icon-left\" aria-hidden=\"true\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-toggle-icon-closed\"><i class=\"fas fa-caret-right\"><\/i><\/span>\n\t\t\t\t\t\t\t\t<span class=\"elementor-toggle-icon-opened\"><i class=\"elementor-toggle-icon-opened fas fa-caret-up\"><\/i><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t<a class=\"elementor-toggle-title\" tabindex=\"0\">Step 4 \u2013 Update Azure SAML configuration<\/a>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<div id=\"elementor-tab-content-2264\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"4\" role=\"region\" aria-labelledby=\"elementor-tab-title-2264\"><p>Now, as we have our Profiles created, we can update the SAML configuration in Azure.<\/p><ul><li>Go to \u201cAzure Active Directory\u201d -&gt; \u201cEnterprise Applications\u201d -&gt; select your Application -&gt; Single sign-on -&gt; and Edit the \u201c2 &#8211; Attributes &amp; Claims\u201d. Click on \u201cAdd New Claim\u201d<\/li><\/ul><p>\u00a0<\/p><figure id=\"attachment_25890\" aria-describedby=\"caption-attachment-25890\" style=\"width: 300px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step12.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-25890\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step12-300x189.png\" alt=\"Update Azure SAML configuration - step 1\" width=\"300\" height=\"189\" srcset=\"https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step12-300x189.png 300w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step12-1024x646.png 1024w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step12-768x484.png 768w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step12-480x300.png 480w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step12-640x400.png 640w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step12.png 1126w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><figcaption id=\"caption-attachment-25890\" class=\"wp-caption-text\">Update Azure SAML configuration &#8211; step 1<\/figcaption><\/figure><p>\u00a0<\/p><p>Perform the following actions:<\/p><ul><li>Provide the Name = \u201cProfile\u201d (it is case-sensitive so it must be an uppercase \u201cP\u201d)<\/li><li>Select \u201cClaim conditions\u201d to expand the options<\/li><li>For claim condition #1:<ul><li>As a \u201cUser Type\u201d choose \u201cAny\u201d<\/li><li>Click on \u201cSelect groups\u201d<\/li><li>Choose the appropriate Group (e.g. Group#1)<\/li><li>Click \u201cSelect\u201d on the bottom of the page and choose the proper group<\/li><li>The group is selected and now you can choose \u201cAttribute\u201d as a source and provide a Value. The Value is just a text\/string. It must equal the profile name created in the Aviatrix Controller.<\/li><\/ul><\/li><\/ul><p>I have created two Azure AD Groups (Group#1 and Group#2). Each group has its Claim condition created with different profiles assigned:<\/p><p>\u00a0<\/p><figure id=\"attachment_25830\" aria-describedby=\"caption-attachment-25830\" style=\"width: 300px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step13.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-25830\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step13-300x123.png\" alt=\"Update Azure SAML configuration - step 2\" width=\"300\" height=\"123\" srcset=\"https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step13-300x123.png 300w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step13-1024x420.png 1024w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step13-768x315.png 768w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step13-1536x629.png 1536w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step13-2048x839.png 2048w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><figcaption id=\"caption-attachment-25830\" class=\"wp-caption-text\">Update Azure SAML configuration &#8211; step 2<\/figcaption><\/figure><div><p>\u00a0<\/p><p>Please keep in mind that according to the documentation ( <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/develop\/active-directory-saml-claims-customization?WT.mc_id=Portal-Microsoft_AAD_IAM\">https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/develop\/active-directory-saml-claims-customization?WT.mc_id=Portal-Microsoft_AAD_IAM<\/a> ) &#8211; my tests confirmed it as well &#8211; if a member is part of more than one group, \u201cthe last value which matches the expression will be emitted in the claim\u201d.<\/p><ul><li>Now you can download the \u201cMetadata XML\u201d file. It will be uploaded to the Aviatrix Controller Endpoint configuration.<\/li><\/ul><p>\u00a0<\/p><figure id=\"attachment_25831\" aria-describedby=\"caption-attachment-25831\" style=\"width: 300px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step11.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-25831\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step11-300x268.png\" alt=\"Update Azure SAML configuration - step 3\" width=\"300\" height=\"268\" srcset=\"https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step11-300x268.png 300w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step11-1024x916.png 1024w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step11-768x687.png 768w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step11.png 1407w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><figcaption id=\"caption-attachment-25831\" class=\"wp-caption-text\">Update Azure SAML configuration &#8211; step 3<\/figcaption><\/figure><\/div><p>\u00a0<\/p><ul><li>Go to the Aviatrix Controller -&gt; \u201cOPENVPN\u201d -&gt; \u201cAdvanced\u201d. Select your SAML endpoint and choose \u201cEdit\u201d. Upload the Metadata XML file to the \u201cIDP Metadata Text\u201d.<\/li><\/ul><p>\u00a0<\/p><figure id=\"attachment_25832\" aria-describedby=\"caption-attachment-25832\" style=\"width: 300px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step14.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-25832\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step14-300x112.png\" alt=\"Update IDP Metadata Text in Aviatrix Controller\" width=\"300\" height=\"112\" srcset=\"https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step14-300x112.png 300w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step14-1024x381.png 1024w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step14-768x286.png 768w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step14-1536x572.png 1536w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Azure_Application_step14-2048x762.png 2048w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><figcaption id=\"caption-attachment-25832\" class=\"wp-caption-text\">Update IDP Metadata Text in Aviatrix Controller<\/figcaption><\/figure><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<div class=\"elementor-toggle-item\">\n\t\t\t\t\t<div id=\"elementor-tab-title-2265\" class=\"elementor-tab-title\" data-tab=\"5\" role=\"button\" aria-controls=\"elementor-tab-content-2265\" aria-expanded=\"false\">\n\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-toggle-icon elementor-toggle-icon-left\" aria-hidden=\"true\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-toggle-icon-closed\"><i class=\"fas fa-caret-right\"><\/i><\/span>\n\t\t\t\t\t\t\t\t<span class=\"elementor-toggle-icon-opened\"><i class=\"elementor-toggle-icon-opened fas fa-caret-up\"><\/i><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t<a class=\"elementor-toggle-title\" tabindex=\"0\">Step 5 - Create User in Aviatrix Controller and download ovpn file<\/a>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<div id=\"elementor-tab-content-2265\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"5\" role=\"region\" aria-labelledby=\"elementor-tab-title-2265\"><ul><li>Go to the Aviatrix Controller. Select \u201cOPENVPN\u201d -&gt; \u201cVPN Users\u201d -&gt; Add New\u201d to add a new user. This user will have an ovpn file generated and it will be authenticated by Azure AD during the VPN connection set up.<\/li><\/ul><p>\u00a0<\/p><figure id=\"attachment_25833\" aria-describedby=\"caption-attachment-25833\" style=\"width: 300px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step13.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-25833\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step13-300x278.png\" alt=\"User creation in Aviatrix Controller - step 1\" width=\"300\" height=\"278\" srcset=\"https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step13-300x278.png 300w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step13-1024x948.png 1024w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step13-768x711.png 768w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step13.png 1477w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><figcaption id=\"caption-attachment-25833\" class=\"wp-caption-text\">User creation in Aviatrix Controller &#8211; step 1<\/figcaption><\/figure><div>\u00a0<\/div><div>Create User(s):<\/div><ul><li>Select your VPC\/VNET when the Aviatrix Gateway with VPN Access is located<\/li><li>Select the Aviatrix Gateway with VPN Access<\/li><li>Provide the User Name. It is only locally significant to Aviatrix Controller. It has no meaning when it comes to the authentication or Azure AD<\/li><li>Provide the User Email. It is only locally significant to Aviatrix Controller. It has no meaning when it comes to the authentication or Azure AD<\/li><li>Select the SAML Endpoint you want to use<\/li><li>Profile must NOT be checked because the Profile Association will be done by IDP = Azure AD.<\/li><\/ul><p>\u00a0<\/p><figure id=\"attachment_25834\" aria-describedby=\"caption-attachment-25834\" style=\"width: 300px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step14.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-25834\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step14-300x102.png\" alt=\"User creation in Aviatrix Controller - step 2\" width=\"300\" height=\"102\" srcset=\"https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step14-300x102.png 300w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step14-1024x348.png 1024w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step14-768x261.png 768w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step14-1536x522.png 1536w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step14-2048x695.png 2048w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><figcaption id=\"caption-attachment-25834\" class=\"wp-caption-text\">User creation in Aviatrix Controller &#8211; step 2<\/figcaption><\/figure><p>\u00a0<\/p><ul><li>Download ovpn file. Select the \u201cUser\u201d -&gt; \u201cActions\u201d -&gt; \u201cDownload\u201d<\/li><\/ul><p>\u00a0<\/p><div><figure id=\"attachment_25835\" aria-describedby=\"caption-attachment-25835\" style=\"width: 300px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step15.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-25835\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step15-300x275.png\" alt=\"Downloading ovpn file from Aviatrix Controller\" width=\"300\" height=\"275\" srcset=\"https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step15-300x275.png 300w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step15-1024x940.png 1024w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step15-768x705.png 768w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step15.png 1273w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><figcaption id=\"caption-attachment-25835\" class=\"wp-caption-text\">Downloading ovpn file from Aviatrix Controller<\/figcaption><\/figure><\/div><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<div class=\"elementor-toggle-item\">\n\t\t\t\t\t<div id=\"elementor-tab-title-2266\" class=\"elementor-tab-title\" data-tab=\"6\" role=\"button\" aria-controls=\"elementor-tab-content-2266\" aria-expanded=\"false\">\n\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-toggle-icon elementor-toggle-icon-left\" aria-hidden=\"true\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-toggle-icon-closed\"><i class=\"fas fa-caret-right\"><\/i><\/span>\n\t\t\t\t\t\t\t\t<span class=\"elementor-toggle-icon-opened\"><i class=\"elementor-toggle-icon-opened fas fa-caret-up\"><\/i><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t<a class=\"elementor-toggle-title\" tabindex=\"0\">Step 6 - Set up the Aviatrix VPN Client<\/a>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<div id=\"elementor-tab-content-2266\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"6\" role=\"region\" aria-labelledby=\"elementor-tab-title-2266\"><ul><li>Download the Aviatrix VPN Client form\u00a0<a href=\"https:\/\/docs.aviatrix.com\/Downloads\/samlclient.html\" target=\"_blank\" rel=\"noopener\">https:\/\/docs.aviatrix.com\/Downloads\/samlclient.html<\/a><\/li><li>Add the ovpn file to the Client using a button with the \u201c+\u201d sign<\/li><\/ul><p>\u00a0<\/p><figure id=\"attachment_25836\" aria-describedby=\"caption-attachment-25836\" style=\"width: 300px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step16.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-25836\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step16-300x217.png\" alt=\"Aviatrix VPN Client - importing ovpn file - step 1\" width=\"300\" height=\"217\" srcset=\"https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step16-300x217.png 300w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step16-768x555.png 768w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step16.png 803w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><figcaption id=\"caption-attachment-25836\" class=\"wp-caption-text\">Aviatrix VPN Client &#8211; importing ovpn file &#8211; step 1<\/figcaption><\/figure><p>\u00a0<\/p><ul><li>Click on \u201cSelect\u201d and choose the ovpn file. Provide the Profile Name. Please keep in mind the Profile Name is not related to the Profile Name created in the Aviatrix Controller or Azure AD. It is just local to the VPN Client.<\/li><\/ul><p>\u00a0<\/p><figure id=\"attachment_25837\" aria-describedby=\"caption-attachment-25837\" style=\"width: 300px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step17.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-25837\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step17-300x129.png\" alt=\"Aviatrix VPN Client - importing ovpn file - step 2\" width=\"300\" height=\"129\" srcset=\"https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step17-300x129.png 300w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step17.png 547w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><figcaption id=\"caption-attachment-25837\" class=\"wp-caption-text\">Aviatrix VPN Client &#8211; importing ovpn file &#8211; step 2<\/figcaption><\/figure><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<div class=\"elementor-toggle-item\">\n\t\t\t\t\t<div id=\"elementor-tab-title-2267\" class=\"elementor-tab-title\" data-tab=\"7\" role=\"button\" aria-controls=\"elementor-tab-content-2267\" aria-expanded=\"false\">\n\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-toggle-icon elementor-toggle-icon-left\" aria-hidden=\"true\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-toggle-icon-closed\"><i class=\"fas fa-caret-right\"><\/i><\/span>\n\t\t\t\t\t\t\t\t<span class=\"elementor-toggle-icon-opened\"><i class=\"elementor-toggle-icon-opened fas fa-caret-up\"><\/i><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t<a class=\"elementor-toggle-title\" tabindex=\"0\">Step 7 - Confirm VPN Access is working<\/a>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<div id=\"elementor-tab-content-2267\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"7\" role=\"region\" aria-labelledby=\"elementor-tab-title-2267\"><p>To test that the solution works, I have created a VM Instance in Azure. The Private IP of the VM was 10.113.16.4.<\/p><p>Previously I have created two Profiles in the Aviatrix Controller. One Profile is allowing all traffic to the 10.113.0.0\/16 network, the other is not. The test scenario is a simple PING executed from my laptop to the Private IP of the VM Instance. One PING should work (when the ping is executed by User #1 with an \u201cAllow_10-113-0-0-16\u201d Profile) but the other should not (when the ping is executed by User#2 with \u201cDeny-10-113-0-0-16\u201d Profile).<\/p><h3>Testing with User#1 that traffic is allowed<\/h3><ul><li style=\"list-style-type: none;\"><ul><li>Go to the Aviatrix VPN Client<\/li><li>Choose the Profile\/ovpn created earlier and click on \u201cConnect\u201d<\/li><\/ul><\/li><\/ul><p>\u00a0<\/p><figure id=\"attachment_25838\" aria-describedby=\"caption-attachment-25838\" style=\"width: 300px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step18.png\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step18-300x215.png\" alt=\"Test for User#1 - step 1\" width=\"300\" height=\"215\" \/><\/a><figcaption id=\"caption-attachment-25838\" class=\"wp-caption-text\">Test for User#1 &#8211; step 1<\/figcaption><\/figure><div><p>\u00a0<\/p><p>The page should be opened in your default browser. Please select the proper User. This time it is going to be the User that is a Member of Azure AD Group #1.<\/p><p>\u00a0<\/p><figure id=\"attachment_25839\" aria-describedby=\"caption-attachment-25839\" style=\"width: 300px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Browser_step1.png\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Browser_step1-300x282.png\" alt=\"Test for User#1 - step 2\" width=\"300\" height=\"282\" \/><\/a><figcaption id=\"caption-attachment-25839\" class=\"wp-caption-text\">Test for User#1 &#8211; step 2<\/figcaption><\/figure><\/div><div><p>\u00a0<\/p><p>The next page will be displayed with all the attributes passed by Azure AD to the Aviatrix Controller. Please notice the Profile name associated with Azure AD.<\/p><p>\u00a0<\/p><figure id=\"attachment_25840\" aria-describedby=\"caption-attachment-25840\" style=\"width: 300px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Browser_step2.png\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Browser_step2-300x147.png\" alt=\"Test for User#1 - correct Profile assigned\" width=\"300\" height=\"147\" \/><\/a><figcaption id=\"caption-attachment-25840\" class=\"wp-caption-text\">Test for User#1 &#8211; correct Profile assigned<\/figcaption><\/figure><\/div><div><p>\u00a0<\/p><p>Aviatrix VPN Client shows the Status \u201cConnected\u201d.<\/p><p>\u00a0<\/p><figure id=\"attachment_25841\" aria-describedby=\"caption-attachment-25841\" style=\"width: 300px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step19.png\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step19-300x214.png\" alt=\"Test for User#1 - VPN connected\" width=\"300\" height=\"214\" \/><\/a><figcaption id=\"caption-attachment-25841\" class=\"wp-caption-text\">Test for User#1 &#8211; VPN connected<\/figcaption><\/figure><\/div><div><p>\u00a0<\/p><p>Open the Command Prompt \/ PowerShell to test the PING. But first, verify the routing table. The CIDR of your VNET should be present there.<\/p><p>\u00a0<\/p><figure id=\"attachment_25842\" aria-describedby=\"caption-attachment-25842\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/output_1.png\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/output_1-1024x21.png\" alt=\"Test for User#1 - VNET CIDR is present in the routing table\" width=\"800\" height=\"16\" \/><\/a><figcaption id=\"caption-attachment-25842\" class=\"wp-caption-text\">Test for User#1 &#8211; VNET CIDR is present in the routing table<\/figcaption><\/figure><\/div><div><p>\u00a0<\/p><p>And now test that PING is working.<\/p><p>\u00a0<\/p><figure id=\"attachment_25843\" aria-describedby=\"caption-attachment-25843\" style=\"width: 300px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/output_2.png\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/output_2-300x53.png\" alt=\"Test for User#2 - PING is working\" width=\"300\" height=\"53\" \/><\/a><figcaption id=\"caption-attachment-25843\" class=\"wp-caption-text\">Test for User#2 &#8211; PING is working<\/figcaption><\/figure><\/div><p>\u00a0<\/p><ul><li style=\"list-style-type: none;\"><ul><li>Disconnect your VPN<\/li><\/ul><\/li><\/ul><p>\u00a0<\/p><h3>Testing with User#2 that traffic is not allowed<\/h3><ul><li style=\"list-style-type: none;\"><ul><li>Go to the Aviatrix VPN Client<\/li><li>Choose the Profile\/ovpn created earlier and click on \u201cConnect\u201d<\/li><\/ul><\/li><\/ul><p>\u00a0<\/p><figure id=\"attachment_25838\" aria-describedby=\"caption-attachment-25838\" style=\"width: 300px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step18.png\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Controller_step18-300x215.png\" alt=\"Test for User#2 - step 1\" width=\"300\" height=\"215\" \/><\/a><figcaption id=\"caption-attachment-25838\" class=\"wp-caption-text\">Test for User#2 &#8211; step 1<\/figcaption><\/figure><div><p>\u00a0<\/p><p>The page should be opened in your default browser. Please select the proper User. This time it is going to be the User that is a Member of Azure AD Group #2.<\/p><p>\u00a0<\/p><figure id=\"attachment_25844\" aria-describedby=\"caption-attachment-25844\" style=\"width: 300px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Browser_step2b.png\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Browser_step2b-300x217.png\" alt=\"Test for User#2 - step 2\" width=\"300\" height=\"217\" \/><\/a><figcaption id=\"caption-attachment-25844\" class=\"wp-caption-text\">Test for User#2 &#8211; step 2<\/figcaption><\/figure><\/div><div><p>\u00a0<\/p><p>The next page will be displayed with all the attributes passed by Azure AD to Aviatrix Controller. Please notice the Profile name associated with Azure AD.<\/p><p>\u00a0<\/p><figure id=\"attachment_25845\" aria-describedby=\"caption-attachment-25845\" style=\"width: 300px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Browser_step3.png\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/Browser_step3-300x191.png\" alt=\"Test for User#2 - correct Profile assigned\" width=\"300\" height=\"191\" \/><\/a><figcaption id=\"caption-attachment-25845\" class=\"wp-caption-text\">Test for User#2 &#8211; correct Profile assigned<\/figcaption><\/figure><\/div><div><p>\u00a0<\/p><p>The user will still get the route to VNET CIDR but this time the ping will not be working.<\/p><p>\u00a0<\/p><figure id=\"attachment_25846\" aria-describedby=\"caption-attachment-25846\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/output_3.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-large wp-image-25846\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/output_3-1024x21.png\" alt=\"Test for User#2 - VNET CIDR is present in the routing table\" width=\"800\" height=\"16\" srcset=\"https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/output_3-1024x21.png 1024w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/output_3-300x6.png 300w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/output_3-768x16.png 768w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/output_3-1536x31.png 1536w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/output_3-2048x42.png 2048w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><\/a><figcaption id=\"caption-attachment-25846\" class=\"wp-caption-text\">Test for User#2 &#8211; VNET CIDR is present in the routing table<\/figcaption><\/figure><\/div><div><figure id=\"attachment_25847\" aria-describedby=\"caption-attachment-25847\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/output_4.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-large wp-image-25847\" src=\"http:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/output_4-1024x145.png\" alt=\"Test for User#2 - PING is not allowed\" width=\"800\" height=\"113\" srcset=\"https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/output_4-1024x145.png 1024w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/output_4-300x42.png 300w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/output_4-768x109.png 768w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/output_4-1536x217.png 1536w, https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/output_4-2048x289.png 2048w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><\/a><figcaption id=\"caption-attachment-25847\" class=\"wp-caption-text\">Test for User#2 &#8211; PING is not allowed<\/figcaption><\/figure><\/div><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-2c6387d elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"2c6387d\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-c6364bc\" data-id=\"c6364bc\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-bccc84a elementor-widget elementor-widget-text-editor\" data-id=\"bccc84a\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>I hope it was informative.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Testing Azure AD + Aviatrix OpenVPN SAML integration The following article describes how set up Azure AD + Aviatrix OpenVPN SAML integration.\u00a0\u00a0There are 3 possible SAML integration options provided by &#8230;<\/p>\n","protected":false},"author":2,"featured_media":25885,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[13,11,12],"tags":[],"class_list":["post-25803","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-aviatrix-vpn-client","category-azure-active-directory","category-openvpn"],"uagb_featured_image_src":{"full":["https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/blog_post_4_openvpn-3.png",934,735,false],"thumbnail":["https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/blog_post_4_openvpn-3-150x150.png",150,150,true],"medium":["https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/blog_post_4_openvpn-3-300x236.png",300,236,true],"medium_large":["https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/blog_post_4_openvpn-3-768x604.png",768,604,true],"large":["https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/blog_post_4_openvpn-3.png",800,630,false],"1536x1536":["https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/blog_post_4_openvpn-3.png",934,735,false],"2048x2048":["https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/blog_post_4_openvpn-3.png",934,735,false],"onepress-blog-small":["https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/blog_post_4_openvpn-3-300x150.png",300,150,true],"onepress-small":["https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/blog_post_4_openvpn-3-480x300.png",480,300,true],"onepress-medium":["https:\/\/cloud-cod.com\/wp-content\/uploads\/2022\/07\/blog_post_4_openvpn-3-640x400.png",640,400,true]},"uagb_author_info":{"display_name":"Jakub","author_link":"https:\/\/cloud-cod.com\/index.php\/author\/jakub\/"},"uagb_comment_info":494,"uagb_excerpt":"Testing Azure AD + Aviatrix OpenVPN SAML integration The following article describes how set up Azure AD + Aviatrix OpenVPN SAML integration.\u00a0\u00a0There are 3 possible SAML integration options provided by ...","_links":{"self":[{"href":"https:\/\/cloud-cod.com\/index.php\/wp-json\/wp\/v2\/posts\/25803","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloud-cod.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloud-cod.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloud-cod.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/cloud-cod.com\/index.php\/wp-json\/wp\/v2\/comments?post=25803"}],"version-history":[{"count":69,"href":"https:\/\/cloud-cod.com\/index.php\/wp-json\/wp\/v2\/posts\/25803\/revisions"}],"predecessor-version":[{"id":25925,"href":"https:\/\/cloud-cod.com\/index.php\/wp-json\/wp\/v2\/posts\/25803\/revisions\/25925"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloud-cod.com\/index.php\/wp-json\/wp\/v2\/media\/25885"}],"wp:attachment":[{"href":"https:\/\/cloud-cod.com\/index.php\/wp-json\/wp\/v2\/media?parent=25803"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloud-cod.com\/index.php\/wp-json\/wp\/v2\/categories?post=25803"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloud-cod.com\/index.php\/wp-json\/wp\/v2\/tags?post=25803"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}