SAML SSO with Azure AD

You can configure Document360's SAML Single Sign-On (SSO) with the Azure Active directory(Azure AD) as the Identity provider.

SSO configuration steps

1. Accessing the Azure AD portal

1. Log in to your Microsoft Azure account
2. Click on Portal available on the top-right of the window
3. You would be redirected to the portal (Link: https://portal.azure.com/#home)

2. Adding your application

The 'Own application' is called 'Customer application' in this document.

1. Log in to your Azure account and visit the Azure portal page
2. From here click on the + New application option and select Non-gallery application
3. Type in the name of your application and click on the Add button at the bottom
4. Now you would get a window with the Project name, Application ID, and the Project ID
5. In the Getting started section, select the Set up single on option

   These are the three selections provided

   • SAML
   • Password-based
   • Linked SSO

6. Select the SAML option, and you can find the five segregated SAML configurations
7. You can read a detailed walkthrough of the process in the Azure AD configuration guide{target= "_blank"}

3. SAML-based SSO configurations (Azure AD side)

1. Navigate back to the Document360 portal, select Settings → Users & Security → SAML/OpenID → SAML
2. The Setup your application section appears with different parameters
3. Copy these from Document360 and paste in the relative fields in the Azure AD portal SAML based Single Sign-On

4. Click on the Edit icon on the right and paste the data in the fields as instructed below

5. On the Azure AD portal, click on the Save icon at the top after you've entered all the mandatory fields

4. SAML based SSO configurations (Document360 side)

Similarly, on the Document360 portal side, you must copy and paste some values from the Azure AD portal side. Click the Edit icon in SAML basic configuration on the Document360 portal side.

Click the Save button when you're done with the values.

5. Other configuration settings (Azure AD side)

1. You can always edit the User Attributes & Claims section
2. You can either Add a new claim or Add a group claim as well
3. In the SAML signing certificate section, you can add New certificates or even Import certificates
4. Multiple notification email addresses can also be added
5. Once all the fields have been configured, click on the Test option and Sign-in to Document360 using the credentials the user has added to the registered application

Selecting existing SSO configuration

In the Document360 portal, Navigate to Setting → Users & Security → SAML/OpenID → SAML, from "Choose from existing connection" and select the connection you want from the drop-down.
Choose whether you want to invite existing users, and hit save.

Users and security

• For SSO-enabled projects, you can add SSO users with a given role
• Tag will be shown for SSO users and SSO invites
• SSO invites are the user who has been added but have not logged in yet
• Similar to team member roles in a Document360 project, you can also add SSO users as readers
• Reader added as SSO users can log in to the Knowledge base directly without visiting the portal.