Knowledge Center

Azure AD SSO Service

If your Synology NAS has joined an Azure Active Directory (Azure AD) domain with a Site-to-Site VPN, or a domain in sync with an Azure AD domain, you can set your Synology NAS as an Azure SSO client. Users can access services provided by your Synology NAS once they sign in to the Azure SSO server with their credentials.

Before you start, make sure your Synology NAS has joined an Azure AD domain via VPN or a domain in sync with an Azure AD domain.

To set your Synology NAS as an Azure SSO client:

  1. Go to Control Panel > Domain/LDAP > SSO Client.
  2. Tick the Enable OpenID Connect SSO service checkbox in the OpenID Connect SSO Service section.
  3. Click the OpenID Connect SSO Settings button.
  4. Select Azure from the Profile drop-down menu.
  5. Specify the Application ID, Keys, Directory ID, and Redirect URI into the corresponding fields.
    Note: To obtain the information for the above fields, please refer to the next section. On Azure Active Directory, you will find the Application ID as Application (client) ID, the Keys as Client secrets, and the Directory ID as Directory (tenant) ID.
  6. Click Save to save and exit the Profile pop-up window.
  7. Click Apply to save your settings.

To get the Application ID, the Keys, and the Directory ID for an application:

  1. Sign in to the Azure portal with an admin account.
  2. Go to Azure Active Directory > App registrations and click on New registration to add a new application:
    1. Enter your application's Name.
    2. Select Accounts in this organizational directory only in the Supported account types section.
    3. Enter the Redirect URI for your application. For example, "https://your domain:port number".
  3. Click the Register button to complete the registration. Once the application is successfully registered, it will be listed and displayed in App registrations.
  4. Click on the application's display name to see an overview of the application and to view information regarding the application's Application (client) ID and its Directory (tenant) ID.
  5. Go to Manage > Certificates & secrets to view your application's client secrets in the Client secrets section or click on the New client secret button to set up a new one.

Note: