Using Microsoft Azure as your SSO ID Provider
If you are setting up SSO in foundU and wish to understand the configuration process within Microsoft Azure, you can use this article to step you through.
The aim of this article is to assist in:
- Finding the required information to enter in the Microsoft Azure fields
- Navigating the proper sequence of steps within Microsoft Azure
Before you begin this process, you should read the SSO setup article as well as have your foundU platform and Microsoft Azure AD Gallery open to complete this process.
When you begin to set up SSO within your foundU platform using Microsoft Azure as your ID Provider, you will be required to input certain fields from Azure into foundU.
This guide will step you through locating these fields within the Azure Ad Gallery.
You will need to add the foundU App to your Azure account before you can start the below process.
To begin:
Step 1: Single Sign-on
- Log in to the Azure Ad Gallery.
-
Navigate to the Dashboard > Enterprise applications, then search for foundU.
-
From the Overview> select tile 2. Set up single sign-on under the 'Getting Started' heading.
-
On the left-hand menu, select Single sign-on, and select the SAML tile as your method for SSO.
Step 2: Attributes and Claims
-
Navigate to Number 2- Attributes and Claims and select the 'Edit' pencil.
-
On the next screen, 'Basic SAML configuration', select Add Identifier, which will open the field for you to enter the corresponding foundU configuration data.
- Below are the Azure config items in Blue that you will need to match up to the foundU config items in green.
- Please enter the corresponding foundU settings into the Basic SAML Configuration setup.
- Add Identifier = Identifier (Entity ID)
- Add reply URL = Reply URL (Assertion Consumer Service URL)
- Logout URL (Optional) = Logout URL
Once this section is Complete, move on to Step 3.
Step 3: SAML Signing Certificate
- Navigate to Number 3- SAML Signing Certificate and select the 'Edit' pencil.
-
You will only require the Download for the Certificate (Base64).
-
In foundU:
- Navigate to the Identity Provider settings section in the SSO setup
- Upload this Download to an X509 Certificate.
Once this section is Complete, move on to Step 4.
Step 4: Set up your Business's Example
Please note that in our images below, you will see your Azure account name where you currently see 'foundU Example'.
-
Use the information from Azure (blue) to populate the required Identity Provider Fields in foundU (green):
- Login URL = Single Sign-On Service URL
- Azure AD Identifier = Entity ID
- Logout URL = Single Logout Service URL
-
You will have already populated the X509 Certificate in the step above.
- The only remaining empty field should now be User Access URL. To find this, navigate back to Properties on the left-hand side of the main menu in Azure.
-
Copy the User access URL and paste it into the User Access URL in foundU.
Now that you have populated all the fields in the ID Provider Settings in foundU, you are ready to move on to the final step.
Step 5: Users and Groups
To set up your Users and Groups:
- Navigate to Users and groups. Here, you will grant certain groups access to SSO.
- Select the + symbol to add a user/group.
To finalise this process, the best practice would be to
- Add a user.
- Test that access works for that User. Do this before setting up domain blocking in foundU.
If the access works seamlessly, you can then set up domain blocking in foundU.