Articles in this section

SAML 2.0 for Azure

Permanently deleted user
  • Updated
Follow

Configuring SAML 2.0

Go to the store, and type in ‘SAML 2.0’ in to the search bar. Once completed, you will be able to see an application available, install this application to utilise Single Sign On

Screen_Shot_2020-08-24_at_12.20.24.png 

Once installed, select the setup tab. From this, you will be able to add new providers and view existing ones that have been created in the system. Screen_Shot_2020-08-24_at_12.21.15.png

After selecting ‘ADD’ to create a new provider, a new page will be displayed where you can configure the SAML. 

Screen_Shot_2020-08-24_at_12.22.07.png 



Name – The name of the SSO Connector in autologyx. When logging in to autologyx via SSO, this name will then be shown for users to select.

SAML 2.0 Authentication Enabled – When enabled, this SSO Connector will become active. When the user selects from the SSO list in their login page, they will now see this Connector as an option.

Entity ID – Generated from the SSO service being used (Google, Microsoft etc.). This is a unique identifier that links this autologyx connector to the SSO service. 

Service Login URL Endpoint – Generated from the SSO service being used (Google, Microsoft etc.). This URL generated by the SSO service would re-direct the user to the respective SSO service Login page to access autologyx.

Service Logout URL Endpoint – A URL can be provided which would direct the user once logged out, to either the autologyx log out page or the SSO service log out page. (If left blank, log out page defaults to the autologyx page)

Public Key/Certificate – The public Key/Certificate field is where the user can copy and paste the certificate into this field, this is if the user doesn’t/can’t upload the file of the certificate due to its format.

Certificate file – Upload the certificate provided by the SSO service.

Enable automatic provisioning – Enable to allow a user to be allocated a system role automatically

Default roles – Select the system role(s) that you want the user to be allocated to; this role is to be applied to newly created users via SAML 2.0. The SSO service you are using will need to be mapped with the role so the SSO service knows what roles to give newly created system users.

Automatically create System User – Enable to allow a system user to be created in autologyx via SSO, if that system user does not exist in the system. 

In this document, it will outline how to connector to the SSO services Google and Microsoft with a step by step integration.

 

 

Microsoft Azure:

To set up SAML using Microsoft Azure, the following link will provide Microsoft’s document to integrate with their SSO https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-custom-apps You will need to be the administrator for your Microsoft account in order to configure it.

When setting up the SSO with SAML for Microsoft Azure, you will see the below page that can be configured.

mceclip1.png

The first step is to copy over the necessary data from Microsoft Azure into autologyx in the SAML 2.0 setup. The first set of information from Microsoft Azure that is to be copied, is in the 4th section. The certificate required can be downloaded in the 3rd section – it is recommended you download with Base64 to then enter into autologyx.

mceclip3.png

 

Microsoft Azure Field

Move Into

Autologyx Field

Login URL

---->

Service Login URL Endpoint

Azure AD Identifier

---->

Entity ID

Logout URL

---->

Service Logout URL Endpoint (This is optional)

Certificate

---->

Public Key/Certificate OR Certificate file. (file needs to be either; .pem or .cert)

Once the details have been entered into autologyx, save the SAML setup page. Then in the SAML 2 Providers list, configure/edit your SAML Connector. You will see there are some additional fields and data now being shown – see below in the red box.

 mceclip4.png


With these new fields Audience, ACS (Login) URL, Single Logout URL and Metadata URL, the URL’s for these fields need to be copied over into your SSO service – these URL’s need to be added to the 1st section in the Microsoft Azure configuration.

mceclip5.png 

 

Microsoft Azure Field

Move Into

Autologyx Field

Identifier (Entity ID)

<----

Audience OR Metadata URL

Reply URL (Assertion Consumer Service URL)

<----

ACS (Login) URL

 

Microsoft Azure – Creating Users in autologyx:

If you want to be able to create users through SSO on autologyx, you can do so by editing the 2nd section in the configuration on Microsoft – click on the right box to edit what data is being passed over.

mceclip6.png

mceclip7.png

From the image above, it is setup where the items specified in the Claim Name column is where we want the values to be sent over into autologyx to generate the System User. In the Value column, we specify what value we want to send over from Microsoft Azure into autologyx to generate the User account.

In Microsoft Azure there is no ability to disable or enable whether System Users get generated in autologyx, this is solely determined in autologyx:

mceclip8.png 

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk