SAML SSO with Azure AD
  • 28 Apr 2022
  • 2 Minutes to read
  • Contributors
  • Dark
    Light
  • PDF

SAML SSO with Azure AD

  • Dark
    Light
  • PDF

You can configure Document360's SAML Single Sign-On (SSO) with the Azure Active directory(Azure AD) as the Identity provider.


SSO configuration steps

1. Accessing the Azure AD portal

Accessing the azure Active Directory portal

  1. Login to your Microsoft Azure account
  2. Click on Portal available on the top-right of the window
  3. You would be redirected to the portal (Link: https://portal.azure.com/#home)

2. Adding your own application

The 'Own application' is referred to as 'Customer application' in this document

  1. Login to your Azure account and visit the Azure portal page
  2. From here click on the + New application option and select Non-gallery application
  3. Type in the name of your application and click on Add button at the bottom
  4. Now you would get a window with the Project name, Application ID, and the Project ID
  5. In the Getting started section, select the Set up single on option

    These are the three selections provided

    • SAML
    • Password-based
    • Linked SSO
  6. Select the SAML option and you can find the five segregated SAML configurations
  7. You can read a detailed walkthrough of the process in the Azure AD configuration guide

Adding new application in the Azure Active Directory portal


3. SAML based SSO configurations (Azure AD side)

  1. Navigate back to the Document360 portal, select Settings, and under Advanced select Enterprise SSO
  2. The Setup your application section appears with different parameters
  3. Copy these from Document360 and paste in the relative fields in Azure AD portal SAML based Single Sign-On

Image_4-Screenshot-Azure_AD_SAML_configurations

  1. Click on the Edit icon on the right and paste the data in the fields as instructed below
Azure AD fields Document360 portal
Identifier (Entity ID) Service provider Entity ID
Reply URL (Assertion Consumer Service URL) Callback path
Sign on URL https://identity.document360.io (the login page)
Relay State Optional
Logout URL Signedout callback path
  1. On Azure AD portal, click on the Save icon at the top after you’ve entered all the mandatory fields

4. SAML based SSO configurations (Document360 side)

Image_5-Screenshot-Document360SAML_configurations

Now similarly on the Document360 portal side, you have to copy and paste some values from the Azure AD portal side. Click on the Edit icon in SAML basic configuration on the Document360 portal side.

Document360 portal fields Azure AD portal values
Email domains Domains of emails you have under active directory
Sign On URL Login URL
Entity ID Azure AD identifier
Sign Out URL Logout URL
SAML certificate Download Certificate (Base64) from Azure AD side and upload in Document360

Click on the Save button when you’re done with the values.


5. Other configuration settings (Azure AD side)

  1. You can always edit the User Attributes & Claims section
  2. You can either Add a new claim or Add a group claim as well
  3. In the SAML signing certificate section, you can add New certificates or even Import certificates
  4. Multiple notification email addresses can also be added
  5. Once all the fields have been configured, click on the Test option and Sign-in to Document360 using the credentials the user has added to the registered application

Selecting existing SSO configuration

In the Document360 portal, Navigate to Settings and select Enterprise SSO
Select either OpenID or SAML, from “Choose from existing connection” and select the connection you want from the drop down.
Choose if you want to invite existing users or not and hit save.


Users and security

  • For SSO enabled project, you can add SSO users with a given role
  • Tag will be shown for SSO users and SSO invites
  • SSO invites are the user who have been added but have not logged in yet
  • Similar to team members roles in a Document360 project, you can also add SSO users as readers
  • Reader added as SSO users can login to the Knowledge base directly without having to come to portal.

Was this article helpful?