1. Help Center
  2. ++ SSO and User Provisioning

Implementing Single Sign On with Azure AD

STEP 1 - Enable SAML for your SRXP application in Azure Active Directory

  1. Sign in to the Azure portal as a cloud application admin, or an application admin for your Azure AD tenant.

  2. Navigate to Azure Active Directory > Enterprise applications > select New application > Non-gallery application.

  3. Select your application to configure single sign-on.
  4. Under the Manage section, select Single sign-on. Then select SAML and the Set up Single Sign-On with SAML page will appear.

    step-one-basic-saml-config-1
  5. To edit the basic SAML configuration options, select the Edit icon, in the upper-right corner of the Basic SAML Configuration section.

  6. Enter the following values (as shown in the image above):

    1. Identifier (Entity ID): https://portal.srxp.com/api/auth/{your_slug}/process/metadata

      Note: The slug (of your choice) will be your company’s identifier on the metadata and acs URL. Its maximum length is 20 characters and should not contain spaces or any other special characters " !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~".

    2. Reply URL: https://portal.srxp.com/api/auth/{your_slug}/process/acs

    3. Leave remaining fields empty.

STEP 2 - Set user attributes and claims

In the User Attributes and Claims section, select the Edit icon in the upper-right corner of the box. Map the values as shown in the screenshot below:

Note: It is especially important to map the User Unique Identifier to the user.mail instead of user.principalname.

Azure AD - User attributes & claims

STEP 3 - Set-up SSO on your SRXP environment

  1. Go to the SAML Signing Certificate section and copy the App Federation Metadata URL.

  2. Go to https://portal.srxp.com > Admin > Connections - Single Sign On.

    SAML_view
  3. Provide the same slug used during the Azure SAML set-up > Select Microsoft Online as the System IDP > upload App Federation Metadata file

  4. After uploading your App Federation Metadata URL,  the Entity URL, SSO Login URL, SSO Logout URL, Signing and Encryption will be automatically filling.

  5. Set Mandatory SSO Login as True if you would like to force your users to login using your  System Identity Provider Only and Save.

  6. Set the right Signature Algorithm You can find the signature algorithm by going back to the Azure SAML Signing Certificate section and clicking the Edit icon in the upper-right corner of the box.

  7. Click Save to finish the set-up.

STEP 4  - Test the Single Sign On

Test the SAML connection by logging both via:

  • Your Microsoft Online app dashboard.
  • The following URL: https://portal.srxp.com/?pidp=your_slug.
Please make sure that the test user has an Active SRXP account.