Get Demo

How to Configure SAML on Azure AD

This document explains the steps of integrating the Azure AD identity provider with the platform over SAML to log in to the platform by using your Azure AD account.

Azure AD Settings

Please follow the steps below to set up SAML settings correctly on the Azure AD side.

  • Log in to the Azure AD with a privileged account that can create applications.

  • Go to the Azure Active Directory panel from the main dashboard.

  • Click on Enterprise Applications > New Application > Create your own application and then fill up the following fields.

    • Name of the application: Please write a name for the application.

    • Type of the application: Integrate any other application you don't find in the gallery (Non-gallery)

  • Click Create button to create the application.

After the application is created, please follow the steps below.

  • Click on the Single Sing On option in the left menu of the application.

  • Click on the SAML option.

  • In the Setup Single Sign-On with SAML page, select the "Upload metadata file" option and upload the metadata file that you have downloaded from the platform.

    • Please go to the Platform Settings title to see how to download the metadata that the platform provides.

  • In the Setup Single Sign-On with SAML page, click the Download button to download XML metadata from Azure AD under the SAML Signing Certificate title.

    • Please go to the Platform Settings title to see how to upload the metadata to the platform that has been downloaded from the Azure AD.

  • Click on Edit button under the Attributes & Claims title and make sure the all attributes are the same like below.

    • Required Claim: The format is “Email Address” and source attribute is “user.mail”.

    • Additional Claims:

      • First Claim: The name is “email” and source attribute is “user.mail”.

      • Second Claim: The name is “firstName” and source attribute is “user.givenname”.

      • Third Claim: The name is “lastName” and source attribute is “user.surname”.

      • Fourth Claim: The name is “phoneNumber” and source attribute is one of two options “user.mobilephone or user.telephonenumber”.

  • Click on Users and Groups heading in the left menu and add the admin user who is going to log in to the platform with SSO feature.

Platform Settings

Log in to the platform with the privileged user who can access the SAML settings on the platform and then follows up on the document here to fill up the required fields.

Please follow the steps below to set up SAML settings correctly on the platform.

  • Log in to the platform with a privileged user who can access SAML settings.

  • From the left menu, under Company heading, click on Company Settings -> SAML Settings.

  • Click on the “Create your first SAML configuration” button in the middle of the page.

  • Then, fill in the following details when the "New SAML Configuration" field is opened.

    • SAML Name: Enter a name for SAML setting.

    • Allowed Domains: Enter the domain name that admin will be using to log in to the platform. The platform will recognize the user with the domain and redirect to the SSO authentication.

    • SAML Configuration For Keepnet Labs: By clicking the "Upload Metadata" button under this field and then upload the Azure AD metadata file to the Platform. According to the information in the metadata, the "Issuer URL of the IdP", "IdP SSO URL" and "IdP Certificate" fields will be filled automatically.

      • If the identity provider doesn’t provide the Metadata file, the admin can enter the required information manually.

    • In the SAML Configuration For Your Identity Provider field, click the "Download Metadata" button to download and import the metadata file to Azure AD.

    • Default Role: Assing a default role to the users who will log in to the platform. If this option is not enabled, the user must have ‘spRole’ attribute configured in the Azure AD with the correct system role name to log in to the platform.

How to Test SAML Configuration

Check whether the configuration works or not by following the steps below.

  • Make sure the admin who will log in to the platform over SAML is created in the platform under the Company > System Users page.

  • Go to the login page of the platform.

  • Enter the email address. The email domain must be the one that is defined in the SAML settings.

  • The platform will redirect you to the Azure AD SSO page to authenticate.

  • If the authentication is verified, the user will be redirected to the platform and the login step is completed.

Video Tutorial

This video tutorial shows the above documentation steps for integrating the Azure AD identity provider with the platform over SAML to log in to the platform by using your Azure AD account.

PreviousHow to Configure SAML on Google WorkspaceNextSCIM Settings

Last updated

Copyright © Keepnet Labs LTD. All rights reserved.