Azure AD as IDP

Step 1: Setup Azure AD as Identity Provider

    miniorange img Prerequisites:

    Copy these values from the Service Provider Info tab of the SAML plugin.

    • SP Entity ID
    • ACS URL

    miniorange img Instructions:

  • Log in to Azure AD Portal

  • Select Azure Active Directory ⇒ App Registrations. Click on New Application Registration.

  • azure ad sso-1
  • Assign a Name and choose the account type.In the Redirect URI field, provide the ACS URL provided in Service Provider Info tab of the plugin and click on Register button.
  •       azure ad sso-2
  • Now, navigate to Expose an API menu option and Click the Set button and replace the APPLICATION ID URI with the plugin's SP Entity ID

  • azure ad sso-3
  • Go back to Azure Active Directory ⇒ App Registrations window and click on Endpoints link.

  • azure ad sso-4
  • This will open up a window with multiple URLs listed there. Copy the Federation Metadata Document URL. This will be required while configuring the SAML plugin.

  • azure ad sso-5
  • Log in to Azure AD Portal

  • Select Azure Active Directory ⇒ Enterprise Applications.

  • azure ad sso-6
  • Click on New Application.

  • azure ad sso-7
  • Click on Non-gallery application section and enter the name for your app and click on Add button.

  • azure ad sso-8
  • Click on Single sign-on from the application's left-hand navigation menu. The next screen presents the options for configuring single sign-on. Click on SAML.

  • azure ad sso-9
  • Edit the option 1 :Basic SAML Configuration to configure plugin endpoints.
  • Enter the SP Entity ID for Identifier and the ACS URL for Reply URL from Service Provider Info tab of the plugin.

  • azure ad sso-10
  • Click on Save icon.
  • azure ad sso-14
  • By default, the following Attributes will be sent in the SAML token. You can view or edit the claims sent in the SAML token to the application under the User Attributes & Claims tab.
  • You can add attribute using Add new claim
  • azure ad sso-11
  • Copy App Federation Metadata Url from setup tab.

  • azure ad sso-12
  • Click on User and groups from the applications left-hand navigation menu. The next screen presents the options for assigning the users/groups to the application.

  • azure ad sso-13