Configure Single Sign On in Azure Active Directory - SimplexMobility/public_wiki GitHub Wiki

Sign in to the Azure portal using your Azure Active Directory administrator account.

1. Create an application

Go to Azure Active Directory > Enterprise Applications > New application and click Non-gallery application tile in the app gallery.

After entering a Name for the application, click Add to create it.

2. Configure users access

Open Properties section and set User assignment required? and Visible to users? sliders to No.

Click Save.

3. Configure single sign-on options

Select a single sign-on mode

Open the Single sign-on section. Click the SAML slide. Single Sign-On with SAML configuration page opens.

3.1 Configure domain and URL

Click the pencil icon on the Basic SAML Configuration card.

Fill in Identifier (Entity ID) field with a value that is unique across all applications in your tenant, for example, 'myserve.co'.

Fill in the Reply URL field with a Consume URL found at MyServe integration settings (see step 4). URL should look like https://SUBDOMAIN.myserve.ca/sso/saml/consume (or myserve.CO).

Click Save.

3.2 Configure user attributes

Click the pencil icon on a User Attributes & Claims card.

Edit Name identifier value by clicking the pencil icon. For Source attribute select user.email from the dropdown and click Save.

3.3 Review certificate settings and URLs

Note Thumbprint, Login URL, Azure AD Identifier, download Certificate (Base 64) for later use.

4. Configure MyServe to use Azure Active Directory

Go to your MyServe account at myserve.co or myserve.ca and open Settings > SSO SAML page.

Click Add Configuration > Blank Configuration link to create new blank configuration.

Fill in all the fields:

  • SP Entity ID with Identifier (Entity ID) you got from the step 3.1.
  • IdP Entity ID with Azure AD Identifier you got from the step 3.3.
  • IdP Endpoint URL with Login URL you got from the step 3.3.
  • IdP Certificate's Fingerprint with Thumbprint you got from the step 3.3. If you don't have Thumbprint you have to set IdP Certificate under Advanced section with the plain content of the certificate file downloaded from step 3.3. To get the content of the file open it in any text editor and copy-paste the entire text to the input.

Note Consume URL under Config Links use it as a Reply URL needed at step 3.1.

Click Save button to save settings.

image

Make sure that Enable SSO option is checked off, if it's not you need to enable it and click Save.

5. Test single sign-on

Go back to Azure AD application Single sign-on settings (see step 3). At the bottom of the page click Test.

Click Sign in as a current user. You must have an existing MyServe user with the same email address as your current Azure user to perform this check.

If everything set up properly you'll be redirected to the Azure SSO page and then to the homepage of the MyServe user.

If you see any error, then please check out the Resolving errors section on that page.

6. Test single sign-on in your browser:

Go to your MyServe account at https://myserve.ca or https://myserve.co and open Settings > Integrations page.

Click on edit button for your configuration to open it.

Get Init URL under Config Links section from the bottom of the page. Open it in the new incognito tab of your browser. You will be redirected to the SSO login page.