Let users sign in with their existing Azure AD credentials by configuring Single Sign-On (SSO) between Azure Active Directory (AD) and your platform site.
Before you start
Before you configure Azure Active Directory SSO with your platform, there are a few things to know:
-
You will need an Azure Active Directory P2 license.
-
Permission to create a “Non-gallery enterprise application” on Azure Active Directory.
-
You will need the URL for your provisioned platform site on the Wazoku Platform.
-
You will need the metadata file for your platform site. This can be downloaded from http://example.wazoku.com/saml_ol/metadata.xml where "example" is your domain name.
Note: We will use the following URL for our example platform site: saml-test.wazoku.com. When you configure Azure Active Directory SSO with your platform, you will need to replace this with your platform site URL.
1. Create a non-gallery enterprise application
-
Log in to https://portal.azure.com as an administrator.
-
Go to Azure Active Directory > Enterprise applications.
-
Click +New application and select Non-gallery application.
-
Enter a name for the application.
-
Click Add.
2. Set up basic SAML information
-
On the active application, select Single Sign On and then SAML.
-
Next to Basic SAML Configuration, click Edit.
-
Click File, select your metadata file, and then click Upload.
-
Check the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) fields are populated.
-
Click Save.
3. Authorize users and groups
-
On the active application, select Users and groups.
-
Assign users and groups to the application that will access your platform site.
4. Set up user attributes and claims
-
On the active application, select Single Sign On and then SAML.
-
Next to User Attributes & Claims, click Edit.
-
Delete the existing claims, and then click Add new claim.
-
Enter the name and namespace you want to use.
-
Under Choose name identifier format, select Persistent.
-
For the Source, select Attribute.
-
Select the Source attribute you want to use.
-
Click Save.
Note: If you select “user.principalname” the field will be sent as an email address. If you don’t want to use the email address as unique ID, select another source attribute, such as “user.objectid”.
5. Download and send SAML signing certificate information
-
On the active application, select Single Sign On and then SAML Signing Certificate.
-
Next to Federated Metadata XML, click Download.
-
Send the metadata file and claim name to our support team at support@wazoku.com.
Once we receive the metadata file and the claim name, we will configure your platform site to accept the claim.
See also