Single Sign On Configuration - Azure AD

Please be aware, this feature is only available on v15.5.1 and above. You can find information about upgrading/patching here.

 

Complete the following steps to set up Single Sign On using Azure AD

Configure Azure AD

  1. Login to https://portal.azure.com and click Manage Azure Active Directory1.png
  2. On left side menu click Enterprise Applications2.png

  3. Click New Application
    3.png

  4. Click Create your own application

    4.png

  5. Set a Name for application and select the Integrate any other application …
    5.png

  6. Click Single Sign-on then Select SAML
    6.png

  7. Set Intranet Home Page address for Identifier and Login Page Address for Replay URL and click Save
    7.png
  8. Click Users and Groups
    8.png

  9. Click Add User/Group
    9.png

  10. Click None Selected
    10.png
  11. Search and Select User / Group you want to have access to application
    11.png

For easier user management, we recommend creating an "intranet users" group in Azure AD, into which appropriate users can be added. Often organizations have non-users in AD (e.g. printers) which end up having accounts on their intranet if this is not done.

11a. Head back to the Azure AD Home screen and select Groups from the Manage menu

12a.png

 

11.b Click New Group

12b.png 12c.png

  1. Click Assign
    11.png

  2. Click Single Sign-on
         13.png

  3. Check the configuration
    14.png

  4. Note: Test Sign in will not work before completing all steps
    15.png

Configure Intranet Application

  1. Login with a Superadmin account and select Admin Menu
    16.png

  2. In Security Tab Click on Authentication Mode

    17.png

  3. Check Single Sign-On (SSO) option and Save

    18.png

  4. Back to Security Tab and Click on Single Sign On

    19a.PNG

  5. In Azure Portal select the application and copy App Federation Metadata Url

    20.png

  6. Paste in Metadata XML Url and click Import

    21.png

  7. In Azure Portal from Properties copy User access URL

    22.png

  8. Paste in Login Url and click Save
    22.png

  9. For Mapping Unknown SSO User to new user or existing one Click on Single Sign-On Mapping

    24.png

  10. In Azure Portal select the application and copy App Federation Metadata Url (Repeat step 20)

    25.png

  11. Paste in Metadata XML Url and click Import

    26.png

  12. Fill Name ID Field if you need to map Existing User (Azure AD default value is selected in screenshot)

    27.png

  13. Fill Create New User, Person and Employee fields if you need to create New User (Azure AD default values are selected in screenshot)

    28.png
  14. Click Save

    29.png
  15. New users can add missing personal information by editing their profiles. Which fields users can edit is controlled in Manage Fields from Directory Tab
    30a.PNG

    30.png

Related articles