Nextcloud

  • Login as an administrator to your Nexcloud instance at https://nextcloud.domain.com

  • Enable the “SSO & SAML authentication” app

  • Go to your SAML settings at https://nextcloud.domain.com/settings/admin/saml

Settings

  • Attribute to map the UID to:

    email
  • Do not enable option “Only allow authentication if an account is existent on some other backend. (e.g. LDAP)

Identity provider Data

  • Identifier of the IdP entity:

    https://mycompany.trustelem.com/app/166XXX
  • URL Target of the IdP where the SP will send the Authentication Request Message

    https://mycompany.trustelem.com/app/166XXX/sso

Optional identity provider settings

  • URL Location of the IdP where the SP will send the SLO Request

    https://mycompany.trustelem.com/app/166XXX/slo
  • Certificate (available in the setup page of your Trustelem application)

Attribute mapping

  • Use: displayname and email

Security settings / Signatures and encryption required

  • Enable the following options:
    • “Indicates a requirement for the samlp:Response, samlp:LogoutRequest and samlp:LogoutResponse elements received by this SP to be signed”
    • “Indicates a requirement for the saml:Assertion elements received by this SP to be signed”