HowTos - manywho/service-saml GitHub Wiki

WikiHow Tos

Even though it is still possible to connect with Azure using this SAML service, we recommend you use the specific Azure Service which uses OAuth2. This documentation is no longer maintained and will be eventually removed.

You can find more information about the Azure service in the Boomi Flow Documentation

How to Configure Azure AD to work with ManyWho SSO using SAML

Create a SSO application inside Azure AD with support for SAML

Copy the "User access URL"

e.g. https://myapps.microsoft.com/signin/Name_of_the_app/xxxxx

Create and download a raw certificate for that application

Add ManyWho claims to the SAML assertion

in the Single sign-on section include this new claims (you need to check "View and edit all other user attributes")

Install the service

in the Login URL past the "User access URL" E.g. https://login.microsoftonline.com/8d2c032c-4d13-49fd-851e-78863212345/saml2

Certificate create a Encrypted value (leave it empty for now):

Assertion Consumer Service (URL) should be https://flow.manywho.com/api/run/1/saml

Identifier of the IdP entity (URI) should be what you have choosen at the Azure e.g. manywho.myapp.identifier

Identifier of the SP entity (URI) https://flow.manywho.com/api/run/1/saml

No XML Validation should be false

Debug should be false (can be set to true if debug is needed, but it should be always false at production)

Supported Users leave it empty. In case you want to use this functionality, azure use the email to authenticate (e.g. username1,[email protected];username2,[email protected])

Supported Groups leave it empty. In case you want to use this functionality remember to populate in azure the attribute http://schemas.microsoft.com/ws/2008/06/identity/claims/groups

Modify the service

We need to do some modification using the ManyWho Api

  1. find the service with this command GET api/draw/1/element/service?filter= and copy the id of the SAML service
  2. execute GET api/draw/1/element/service/{id of the service} and copy the response
  3. paste in the body the response from the last api call, but changing "sendDecryptedValues" to true and execute POST api/draw/1/element/service

Something similar, but this time with the certificate value

  1. find the value with this command GET api/draw/1/element/value?filter= and copy the id of the Certificate value
  2. execute GET api/draw/1/element/value/{id of the value} and copy the response
  3. paste in the body the response from the last api call, but replace "__ENCRYPTED__" for the content of the row certificate and execute POST api/draw/1/element/value

After this point you will be able to protect a flow using Azure AD with a SAML app.