# Nextcloud

* Login as an administrator to your Nexcloud instance at **`https://nextcloud.domain.com`**

* Enable the "**SSO & SAML authentication**" app

* Go to your SAML settings at **`https://nextcloud.domain.com/settings/admin/saml`**

#### Settings

* Attribute to map the UID to:

```exp
email
```

* Do not enable option "**Only allow authentication if an account is existent on some other backend. (e.g. LDAP)**"

#### Identity provider Data

* Identifier of the IdP entity:

```exp
https://mydomain.trustelem.com/app/166XXX
```

* URL Target of the IdP where the SP will send the Authentication Request Message

```exp
https://mydomain.trustelem.com/app/166XXX/sso
```

#### Optional identity provider settings

* URL Location of the IdP where the SP will send the SLO Request

```exp
https://mydomain.trustelem.com/app/166XXX/slo
```

* Certificate (*available in the setup page of your Trustelem application*)

#### Attribute mapping

* Use: ***displayname*** and ***email***

#### Security settings / Signatures and encryption required

* Enable the following options:
  * "Indicates a requirement for the samlp:Response, samlp:LogoutRequest and samlp:LogoutResponse elements received by this SP to be signed"
  * "Indicates a requirement for the saml:Assertion elements received by this SP to be signed"