HowTos - manywho/service-saml GitHub Wiki
Wiki ▸ How Tos
Even though it is still possible to connect with Azure using this SAML service, we recommend you use the specific Azure Service which uses OAuth2. This documentation is no longer maintained and will be eventually removed.
You can find more information about the Azure service in the Boomi Flow Documentation
How to Configure Azure AD to work with ManyWho SSO using SAML
Create a SSO application inside Azure AD with support for SAML
Copy the "User access URL"
e.g. https://myapps.microsoft.com/signin/Name_of_the_app/xxxxx
Create and download a raw certificate for that application
Add ManyWho claims to the SAML assertion
in the Single sign-on section include this new claims (you need to check "View and edit all other user attributes")
- http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
- http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
- http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
- http://schemas.microsoft.com/ws/2008/06/identity/claims/groups
Install the service
in the Login URL past the "User access URL" E.g. https://login.microsoftonline.com/8d2c032c-4d13-49fd-851e-78863212345/saml2
Certificate create a Encrypted value (leave it empty for now):
Assertion Consumer Service (URL) should be https://flow.manywho.com/api/run/1/saml
Identifier of the IdP entity (URI) should be what you have choosen at the Azure e.g. manywho.myapp.identifier
Identifier of the SP entity (URI) https://flow.manywho.com/api/run/1/saml
No XML Validation should be false
Debug should be false (can be set to true if debug is needed, but it should be always false at production)
Supported Users leave it empty. In case you want to use this functionality, azure use the email to authenticate (e.g. username1,[email protected];username2,[email protected])
Supported Groups leave it empty. In case you want to use this functionality remember to populate in azure the attribute http://schemas.microsoft.com/ws/2008/06/identity/claims/groups
Modify the service
We need to do some modification using the ManyWho Api
- find the service with this command GET api/draw/1/element/service?filter= and copy the id of the SAML service
- execute GET api/draw/1/element/service/{id of the service} and copy the response
- paste in the body the response from the last api call, but changing "sendDecryptedValues" to true and execute POST api/draw/1/element/service
Something similar, but this time with the certificate value
- find the value with this command GET api/draw/1/element/value?filter= and copy the id of the Certificate value
- execute GET api/draw/1/element/value/{id of the value} and copy the response
- paste in the body the response from the last api call, but replace
"__ENCRYPTED__"
for the content of the row certificate and execute POST api/draw/1/element/value
After this point you will be able to protect a flow using Azure AD with a SAML app.