Scroll to top

Our Blog

Can You Use Microsoft Entra ID to Manage Logins on QNAP or Synology NAS?

Looking to centralise identity across your small business and wondering if Microsoft Entra ID (formerly Azure AD) can manage logins on your NAS devices?

In this guide, we break down what’s possible — and what isn’t — when using Entra ID Free Tier with QNAP QTS and Synology DSM.

Why Centralise NAS Authentication?

  • Improve security by consolidating password and identity control
  • Enable Multi-Factor Authentication and conditional access (if licensed)
  • Simplify access management when staff change roles or leave

What’s Actually Possible with Entra ID Free?

The Free Tier doesn’t support legacy AD Domain Services, but there are two ways to work with NAS devices:

  1. Use Entra Domain Services (requires P1/P2): Full LDAP/SMB join, group policies, etc.
  2. Use Entra as an Identity Provider via SAML (if the NAS supports it): Limited, but still viable for web access.

QNAP NAS (QTS / QuTS Hero)

  • QNAP does not support native SAML SSO via Entra ID out of the box
  • You can configure LDAP authentication if paired with Entra Domain Services (P1 required)
  • For Entra ID Free Tier, users will need local NAS accounts or sync via a 3rd-party identity bridge

Workaround (Advanced)

  • Run a local identity service (like JumpCloud or AuthPoint) that syncs with Entra ID via SCIM
  • Point your QNAP to that local LDAP directory

Synology NAS (DSM 7+)

  • Synology supports SAML authentication via Synology Secure SignIn
  • You can manually configure Entra ID as a SAML identity provider
  • Applies only to web login (not SMB or SSH)

Synology SAML Steps

  1. Create a Non-Gallery app in Entra ID
  2. Enable SAML and input ACS (Assertion Consumer Service) URL from Synology
  3. Export metadata or copy values into Synology SSO settings
  4. Assign the app to specific users

Limitations to Consider

  • Group-based policy assignment requires Entra ID P1 or higher
  • Device login support is web-only (unless using hybrid AD)
  • No native file share access via Entra credentials on Free Tier

When Is Entra ID NAS Integration a Good Idea?

This setup is ideal for:

  • Lightweight environments with remote or web-based access only
  • SMBs already using Entra ID for identity management
  • Teams with non-technical users who need simplified login experiences

What You Can Do Right Now

  • Enable MFA in Entra ID for all users (Security Defaults)
  • Create and assign a “NAS Access” group in Entra
  • Deploy a simple SAML or SCIM-compatible proxy if bridging identity

Download the Full Microsoft Entra ID Setup Guide

You can find the full Microsoft Entra ID Setup & SSO Guide <--- here.

Contact Us
info@hybrid-it.co.uk
About Us

Hybrid IT Services provides professional computer repairs, IT support, and consultancy services to homes and businesses across Northumberland and Newcastle upon Tyne.

Update cookies preferences