SAML SSO with Azure AD
  • 27 Jul 2023
  • 2 Minutes to read
  • Contributors
  • Dark
    Light
  • PDF

SAML SSO with Azure AD

  • Dark
    Light
  • PDF
  • New

Article Summary

You can configure Document360's SAML Single Sign-On (SSO) with the Azure Active directory(Azure AD) as the Identity provider.


SSO configuration steps

1. Accessing the Azure AD portal

Accessing the azure Active Directory portal

  1. Log in to your Microsoft Azure account
  2. Click on Portal available on the top-right of the window
  3. You would be redirected to the portal (Link: https://portal.azure.com/#home)

2. Adding your application

The 'Own application' is called 'Customer application' in this document.

  1. Log in to your Azure account and visit the Azure portal page
  2. From here click on the + New application option and select Non-gallery application
  3. Type in the name of your application and click on the Add button at the bottom
  4. Now you would get a window with the Project name, Application ID, and the Project ID
  5. In the Getting started section, select the Set up single on option

    These are the three selections provided

    • SAML
    • Password-based
    • Linked SSO
  6. Select the SAML option, and you can find the five segregated SAML configurations
  7. You can read a detailed walkthrough of the process in the Azure AD configuration guide{target= "_blank"}

Adding new application in the Azure Active Directory portal


3. SAML-based SSO configurations (Azure AD side)

  1. Navigate back to the Document360 portal, select SettingsUsers & SecuritySAML/OpenIDSAML
  2. The Setup your application section appears with different parameters
  3. Copy these from Document360 and paste in the relative fields in the Azure AD portal SAML based Single Sign-On

Image_4-Screenshot-Azure_AD_SAML_configurations

  1. Click on the Edit icon on the right and paste the data in the fields as instructed below
Azure AD fieldsDocument360 portal
Identifier (Entity ID)Service provider Entity ID
Reply URL (Assertion Consumer Service URL)Callback path
Sign on URLhttps://identity.document360.io (the login page)
Relay StateOptional
Logout URLSignedout callback path
  1. On the Azure AD portal, click on the Save icon at the top after you've entered all the mandatory fields

4. SAML based SSO configurations (Document360 side)

image.png

Similarly, on the Document360 portal side, you must copy and paste some values from the Azure AD portal side. Click the Edit icon in SAML basic configuration on the Document360 portal side.

Document360 portal fieldsAzure AD portal values
Email domainsDomains of emails you have under active directory
Sign On URLLogin URL
Entity IDAzure AD identifier
Sign Out URLLogout URL
SAML certificateDownload Certificate (Base64) from Azure AD side and upload in Document360

Click the Save button when you're done with the values.


5. Other configuration settings (Azure AD side)

  1. You can always edit the User Attributes & Claims section
  2. You can either Add a new claim or Add a group claim as well
  3. In the SAML signing certificate section, you can add New certificates or even Import certificates
  4. Multiple notification email addresses can also be added
  5. Once all the fields have been configured, click on the Test option and Sign-in to Document360 using the credentials the user has added to the registered application

Selecting existing SSO configuration

In the Document360 portal, Navigate to SettingUsers & SecuritySAML/OpenIDSAML, from "Choose from existing connection" and select the connection you want from the drop-down.
Choose whether you want to invite existing users, and hit save.


Users and security

  • For SSO-enabled projects, you can add SSO users with a given role
  • Tag will be shown for SSO users and SSO invites
  • SSO invites are the user who has been added but have not logged in yet
  • Similar to team member roles in a Document360 project, you can also add SSO users as readers
  • Reader added as SSO users can log in to the Knowledge base directly without visiting the portal.

Was this article helpful?


ESC

Eddy, a super-smart generative AI, opening up ways to have tailored queries and responses