Table of Contents

SAML Integration with Azure for Single Sign-On

Rama Sadhu Updated by Rama Sadhu

Introduction 

This document explains the configurations required to access WAS portal via Azure connecting through the SAML settings. 

By configuring SAML-based SSO (Single Sign-On) with Azure, you can allow your users to connect to WAS using their Azure credentials. With this, no more different passwords are required for different accesses, it’s just one account and your users will be authorized to login to the WAS portal. 

Required Items from Azure 

You will need the following items from Azure to configure SAML in Indusface WAS. Next, you can follow the configuration steps to get these from Azure. 

  1. Certificate (Base 64) 
  2. Login URL 
  3. Logout URL 

Steps to configure SAML

Create a New Application

Only the admin has access. 
  • Sign into your Microsoft Azure portal as an admin. 
  • Under Azure services, click on the Azure Active Directory button (or) find Active Directory using the search bar at the top. 
  • Click Enterprise applications under Manage in the left navigation menu. 
  • Select All Applications > New Application > Create your own application

Add Application Name

  • Enter a name for your application under: What's the name of your app? 
  • Select Integrate any other application you don't find in the gallery and then click on the Create button. Your app will be created, and you will be redirected to the app's page. 

Configure WAS Details in Azure for SSO 

  • Navigate to the option which says Set up single sign-on
  • Click on the Get Started button as suggested in the screenshot below:

  •  Choose the SSO method from the available options. 
  • Select the SAML option as suggested in the below screenshot: 

 

  •  Now, add Identifier (Entity ID) & Reply URL in basic SAML Configuration as suggested in the below steps & screenshots.
  • Click on the Edit option in the right corner to update the requested URLs. 
  • Add Identifier (Entity ID) URL: Input the URL audience URI (SP entity ID) which you got from the WAS portal’s SSO configuration section, for example: https://sso.apptrana.com/saml/metadata
  • Add Reply URL: Input the Single Sign-On URL which you got from the WAS portal’s SSO configuration section, for example: https://sso.apptrana.com/saml/SSO
  • Once added, click on the save button and proceed. 

  • Next step is to Add Attribute  
  • Click on the Edit option as suggested in the screenshot below: 

Once clicked you will see an interface for Attributes & claim: 

  

  • Here you need to click on the Addnew claim option as suggested in the below screenshot. 
  • After clicking, add attribute name and attribute value which got from the WAS portal’s SSO configuration section: 
  • Add Name as: use.was_username 
  • Add Source attribute as: use.was_username 
  • Once added, click save and proceed.

Assign User/Group to the Application

  1. After the app is created, now you need to assign users to the application to access it.
  2. Select the application that you recently created.
  3. Navigate to the User and Groups section, as suggested in the below screenshot.
  4. Click on the Add user/group option.
  5. Now add the users/group from the available list of your users to the application and save
  6. Once saved, all the Azure configurations are done for the SSO configuration.

Download the SSO Application Certificates from Azure

  1. Now, as your app is configured, you need to navigate to the Single sign-on application again that you created recently.
  2. There after a bit of scrolling, you will find a section as SAML certification.
  3. From here, please download the Certificate (Base64) and Federation Metadata XML as suggested in the below screenshot.
  4. Save these files in a folder which should be easily accessible.

Configure Azure Details in WAS Portal

  1. Navigate to the SSO configuration section under settings.
  2. Here you will find option to upload XML file and Certificate (Base 64) which we downloaded in the above step.
  3. Once uploaded, please wait for 24 hours to process your files.
  4. After 24 hours, WAS portal will be accessible from the Azure account.

How did we do?

Onboard into Indusface WAS

Contact

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.