NextCloud SAML Integration

This document explains how to implement Monosign with NextCloud Webclient It covers Single Sign-On. Before you continue, it is better to start with NextCloud’s Single Sign-On this page.

📑 Instructions

This documentation contains 5 main steps for integration.

Creating an Application on Monosign
Configuration Single Sign-On for NextCloud
Assign a user to the NextCloud application
Sign In Test
Optional Login on NextCloud

1- Creating an Application on Monosign

Create your application on Monosign and configure your access policy. Once you create, click “Keys” and add a new Access Key for SAML Key for access.

We will need this information while we configure the NextCloud application.

Property	Value	Options
Key Type	SAML	Rest API, OAuth 2.0, JWT, OIDC/OpenID, SAML, RADIUS, Access Gateway, LDAP, AuthN/Z Server
Expiration	Lifetime	Lifetime or Specific Date/Time - By Default Lifetime is Enabled.

Configuration details for the NextCloud application are provided as follows:

Change ACS(Assertion Consumer Url), Entity Id, NameId Format, Name Id and Logout Url.

Property	Value
Assertion Consumer Url	`https://<nextcloud-url>/apps/user_saml/saml/acs`
Entity Id	`https://<nextcloud-url>/apps/user_saml/saml/metadata`
NameId Format	`System Default`
Name Id	`UserName`
Logout Url	`https://<nextcloud-url>/apps/user_saml/saml/sls`
Extra Attributes - Email	{{Email}}
Extra Attributes - DisplayName	{{Profile.FormattedName}}
Extra Attributes - Username	{{UserName}}
Signing Algorithm	SHA 256
Group Mapping Format	{{Name}}

To ensure that the application has access to user groups, follow these steps:

If the application hasn't been configured yet, click the “Edit” option for the application.
In the application settings, navigate to the “Source, Provider, and Profile” tab.
Configure the “User Access Type“ and “User Group Access Type” as “Only Assigned Users.”

Configuring this setting will allow the application to access by user groups when users sign in.

Property	Description	Options
User Access Type	Defines which Users will access to this application.	Only Assigned Users All Users
User Group Access Type	Defines application’s user group access	Only Assigned Users Assigned Users and Defined Sources All Users
Profile Access Type	Defines Application’s user’s profile access	Restricted - Only restricted user profile attributes All - All user profile attributes

2- Configuration Single Sign-On for NextCloud

As it highlighted at the beginning of document, please check out the NextCloud’s SSO configuration page first.

Please add your SAML settings to the application. The following information is needed for your configuration.

Please change only below properties inpage.

Property	Value
`Attribute to map the UID`	`Username`
`Optional display name`	`Monosign`
`Identifier of the IdP entity`	`Monosign NextCloud app SAML key Entity ID`
`URL Target of the IdP`	`Monosign NextCloud app SAML key 'Sign On Service'`

Download IdP certificate as shown in the below picture and insert to Public X.509 certificate of the IdP input as like step 7.

3- Assign a user to the NextCloud application

Please follow below instructions on how to assign a user to the NextCloud application. In this example john.smith will assign to the application access.

4- Sign In Test

Now try to login Monosign Account. Navigate to the User Account page and click NextCloud application.

Example : https://account.monofor.com

If everything is well configured, you will be see the Monosign’s login page. You can log in passwordless with your QR code or you can type your user name and password.

Click Login with password and type username and password.

NextCloud application logo can be found in the below.

Click NextCloud icon and now the page will redirect to NextCloud

5- Optional Login on NextCloud