Skip to main content
Skip table of contents

NextCloud SAML Integration

This document explains how to implement Monosign with NextCloud Webclient It covers Single Sign-On. Before you continue, it is better to start with NextCloud’s Single Sign-On this page.

đź“‘ Instructions

This documentation contains 5 main steps for integration.

  1. Creating an Application on Monosign

  2. Configuration Single Sign-On for NextCloud

  3. Assign a user to the NextCloud application

  4. Sign In Test

  5. Optional Login on NextCloud

1- Creating an Application on Monosign

Create your application on Monosign and configure your access policy. Once you create, click “Keys” and add a new Access Key for SAML Key for access.

We will need this information while we configure the NextCloud application.




Key Type


Rest API, OAuth 2.0, JWT, OIDC/OpenID, SAML, RADIUS, Access Gateway, LDAP, AuthN/Z Server



Lifetime or Specific Date/Time - By Default Lifetime is Enabled.

Configuration details for the NextCloud application are provided as follows:

Change ACS(Assertion Consumer Url), Entity Id, NameId Format, Name Id and Logout Url.



Assertion Consumer Url


Entity Id


NameId Format

System Default

Name Id


Logout Url


Extra Attributes - Email


Extra Attributes - DisplayName


Extra Attributes - Username


Signing Algorithm

SHA 256

Group Mapping Format


To ensure that the application has access to user groups, follow these steps:

  1. If the application hasn't been configured yet, click the “Edit” option for the application.

  2. In the application settings, navigate to the “Source, Provider, and Profile” tab.

  3. Configure the “User Access Type“ and “User Group Access Type” as “Only Assigned Users.”

Configuring this setting will allow the application to access by user groups when users sign in.




User Access Type

Defines which Users will access to this application.

Only Assigned Users
All Users

User Group Access Type

Defines application’s user group access

Only Assigned Users
Assigned Users and Defined Sources
All Users

Profile Access Type

Defines Application’s user’s profile access

Restricted - Only restricted user profile attributes
All - All user profile attributes

2- Configuration Single Sign-On for NextCloud

As it highlighted at the beginning of document, please check out the NextCloud’s SSO configuration page first.

Please add your SAML settings to the application. The following information is needed for your configuration.

Please change only below properties inpage.



Attribute to map the UID


Optional display name


Identifier of the IdP entity

Monosign NextCloud app SAML key Entity ID

URL Target of the IdP

Monosign NextCloud app SAML key 'Sign On Service'

Download IdP certificate as shown in the below picture and insert to Public X.509 certificate of the IdP input as like step 7.

3- Assign a user to the NextCloud application

Please follow below instructions on how to assign a user to the NextCloud application. In this example john.smith will assign to the application access.

4- Sign In Test

Now try to login Monosign Account. Navigate to the User Account page and click NextCloud application.

Example :

If everything is well configured, you will be see the Monosign’s login page. You can log in passwordless with your QR code or you can type your user name and password.

Click Login with password and type username and password.

NextCloud application logo can be found in the below.

Click NextCloud icon and now the page will redirect to NextCloud

5- Optional Login on NextCloud

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.