For Barracuda SecureEdge User Connectivity & Personal Security, you must configure a SAML endpoint in Microsoft Azure. In order to save the SAML configuration in Barracuda SecureEdge, you must also provide basic configuration details for User Connectivity & Personal Security.
Step 1. Create a SAML Endpoint in Microsoft Azure
- Log into the Azure portal: https://portal.azure.com
- In the left menu, click All services and search for Microsoft Entra ID.
- Click Microsoft Entra ID.
- In the left menu of the Microsoft Entra ID blade, click Enterprise applications.
- The Enterprise applications blade opens. Click Overview.
- In the Overview blade, click New application.
- The Browse Microsoft Entra Gallery blade opens. Click Create your own application.
- Enter the name of your application, and select Integrate any other application you don't find in the gallery (Non-gallery).
- Click Create.
After the application is successfully deployed, it automatically opens the Overview blade of the created application. - In the left menu, select Properties.
- In the Properties blade, disable Assignment required and click Save.
- In the left menu, click Single sign-on.
- The Single sign-on blade opens. Select SAML.
- The SAML-based Sign-on blade opens. Copy the Login URL.
- Click Edit next to Basic SAML Configuration.
- Click Add reply URL and paste the copied URL.
- Open the SAML configuration on your Barracuda SecureEdge, and copy the Service Provider Entity ID.
- In the Basic SAML Configuration blade, click Add identifier and paste the copied ID.
Click Save.
Click X to close the Basic SAML Configuration blade.
In the User Attribute & Claims section, click Edit.
- The User Attributes & Claims blade opens. Click Add a group claim.
- The Group Claims blade opens. Select Security groups and click Save.
- Click X to close the User Attributes & Claims blade.
- In the SAML-based Sign-on blade, click Download to download the Federation Metadata XML.
Note that some browsers might block the *.xml file. - Save the file to your local machine.
Step 2. Basic Configuration in Barracuda SecureEdge
- Go to https://se.barracudanetworks.com/ and log in with your existing Barracuda Cloud Control account.
- Go to Infrastructure > Settings.
- The user configuration window opens. Specify values for the following:
- Enable Site Autentication – Click to enable. Site authentication allows devices physically located within the network to authenticate against the Barracuda SecureEdge service to enforce Security Policies.
- Client Network – Enter the network used for the clients.
Pool Bitmask – Enter the bitmask of the network pool to allocate to each VPN access point.
- Primary DNS – Enter a primary DNS address for the VPN clients to use or leave blank to use the standard configuration.
- Secondary DNS – (optional) Enter a secondary DNS address for the VPN clients to use.
- DNS Suffix – Enter a DNS suffix to be used for the VPN client network.
- User Connectivity Routing – Select either Internal Network or Internet Access from the drop-down menu. The option Internal Network routes only the networks learned via BGP through the SecureEdge gateway , and the option Internet Access sends all traffic through the gateway. Internet Access can be used to inspect all traffic by SecureEdge.
- Enterprise App Federation Metadata Url* – Paste the App Federation Metadata Url retrieved in Step 1.
- Click Save.
- Stay in the user configuration window, and scroll down to AZURE AD INTEGRATION.
- Click Download CSV.
- Save the file to your local disk.
Step 3. Finalize SAML Configuration in Microsoft Azure
- Log into the Azure portal: https://portal.azure.com
- In the left menu, click All services and search for Microsoft Entra ID.
- Click Microsoft Entra ID.
- In the left menu of the Microsoft Entra ID blade, click Enterprise applications.
- In the Enterprise applications blade, click All applications.
- Click on the application you created in Step 1, e.g., Campus-SAML-Endpoint.
- In the left menu, click Single sign-on.
- The Single sign-on blade opens.
- Click Upload metadata file.
- Select the file downloaded in Step 2 and click Add.
- Click Save.
- Close the Basic SAML Configuration blade.
You are now back in the Single sign-on blade. - Click Download to download the Federation Metadata XML file and save it to your local machine.
Further Information
- For more information on Personal Access and Site Authentication, see Point-to-Site.
- For more information on allowed VPN users and groups, see How to Configure Allowed VPN User Groups.