You can configure Document360's SAML Single Sign-On (SSO) with the Azure Active directory(Azure AD) as the Identity provider.
SSO configuration steps
1. Accessing the Azure AD portal
- Log in to your Microsoft Azure account
- Click on Portal available on the top-right of the window
- You would be redirected to the portal (Link: https://portal.azure.com/#home)
2. Adding your application
The 'Own application' is called 'Customer application' in this document.
- Log in to your Azure account and visit the Azure portal page
- From here click on the + New application option and select Non-gallery application
- Type in the name of your application and click on the Add button at the bottom
- Now you would get a window with the Project name, Application ID, and the Project ID
- In the Getting started section, select the Set up single on option
These are the three selections provided
- SAML
- Password-based
- Linked SSO
- Select the SAML option, and you can find the five segregated SAML configurations
- You can read a detailed walkthrough of the process in the Azure AD configuration guide{target= "_blank"}
3. SAML-based SSO configurations (Azure AD side)
- Navigate back to the Document360 portal, select Settings → Users & Security → SAML/OpenID → SAML
- The Setup your application section appears with different parameters
- Copy these from Document360 and paste in the relative fields in the Azure AD portal SAML based Single Sign-On
- Click on the Edit icon on the right and paste the data in the fields as instructed below
| Azure AD fields | Document360 portal |
|---|---|
| Identifier (Entity ID) | Service provider Entity ID |
| Reply URL (Assertion Consumer Service URL) | Callback path |
| Sign on URL | https://identity.document360.io (the login page) |
| Relay State | Optional |
| Logout URL | Signedout callback path |
- On the Azure AD portal, click on the Save icon at the top after you've entered all the mandatory fields
4. SAML based SSO configurations (Document360 side)
Similarly, on the Document360 portal side, you must copy and paste some values from the Azure AD portal side. Click the Edit icon in SAML basic configuration on the Document360 portal side.
| Document360 portal fields | Azure AD portal values |
|---|---|
| Email domains | Domains of emails you have under active directory |
| Sign On URL | Login URL |
| Entity ID | Azure AD identifier |
| Sign Out URL | Logout URL |
| SAML certificate | Download Certificate (Base64) from Azure AD side and upload in Document360 |
Click the Save button when you're done with the values.
5. Other configuration settings (Azure AD side)
- You can always edit the User Attributes & Claims section
- You can either Add a new claim or Add a group claim as well
- In the SAML signing certificate section, you can add New certificates or even Import certificates
- Multiple notification email addresses can also be added
- Once all the fields have been configured, click on the Test option and Log to Document360 using the credentials the user has added to the registered application
Selecting existing SSO configuration
In the Document360 portal, Navigate to Setting → Users & Security → SAML/OpenID → SAML, from "Choose from existing connection" and select the connection you want from the drop-down.
Choose whether you want to invite existing users, and hit save.
Users and security
- For SSO-enabled projects, you can add SSO users with a given role
- Tag will be shown for SSO users and SSO invites
- SSO invites are the users who have been added but have not logged in yet
- Similar to team member roles in a Document360 project, you can also add SSO users as readers
- A reader was added so SSO users can log in to the knowledge base without visiting the portal.