Prerequisites:
- Azure AD Subscription: Ensure you have an active Azure AD subscription.
- Administrator Access: Ensure you have the necessary permissions to create and configure enterprise applications in Azure AD.
- Platform Details: Collect SAML configuration details (e.g., Entity ID, Assertion Consumer Service URL) from the platform you want to integrate with.
Steps:
1. Create an Enterprise Application in Azure
- Sign in to the Azure Portal:
-
- Navigate to Azure Portal.
- Sign in with your administrator account.
- Navigate to Azure Active Directory:
-
- In the left-hand navigation pane, click on "Azure Active Directory".
- Create a New Enterprise Application:
-
- Under "Manage", click on "Enterprise applications".
- Click on "New application".
- Select "Create your own application".
- Enter a name for your application, select "Integrate any other application you don't find in the gallery", and click "Create".
2. Configure SAML-based Single Sign-On (SSO)
- Setup Single Sign-On:
-
- In the application pane, under "Manage", click on "Single sign-on".
- Select the "SAML" authentication method.
- Basic SAML Configuration:
-
- Click on "Edit" to configure the basic SAML settings.
- Enter the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) provided by the Bluevolt platform.
- Optionally, enter Sign on URL if required by the platform.
- Click "Save".
- User Attributes & Claims:
-
- Configure user attributes and claims to match what the Bluevolt platform expects, the following are mandatory, the other ones are optional:
-
- firstname*
- lastname*
- emailaddress*
- Unique User Identifier*
- SAML Signing Certificate:
-
- Download the Federation Metadata XML or the Certificate (Base64). This will be needed to configure SAML in the Bluevolt platform.
5. Assign Users and Groups
- Assign Users to the Application:
-
- In Azure AD, navigate back to your enterprise application.
- Under "Manage", click on "Users and groups".
- Click on "Add user/group".
- Select the users and/or groups you want to assign to this application and click "Assign".
6. Verify and Monitor the Setup
- Test the Integration:
-
- Ask a test user to log in to the other platform using the Azure AD credentials.
- Verify that SAML authentication works correctly.
- Monitor the Application:
-
- Regularly monitor sign-in activities and logs for the enterprise application in Azure AD to ensure everything is functioning as expected.
Troubleshooting Tips:
- Incorrect SAML Response: Verify that the claims and attributes sent in the SAML response match what the other platform expects.
- Certificate Issues: Ensure that the SAML signing certificate is correctly uploaded and not expired.
- User Assignment: Ensure that users are assigned to the application in Azure AD.
Conclusion
By following these steps, you can set up an enterprise application in Azure AD for SAML authentication with another platform, ensuring secure and streamlined access for your users.