Search
K

Microsoft Entra ID (Azure AD)

Step by step guide on how to configure Azure AD SSO
Summary - Integrating with Okta SSO

Create application in Azure

Go to Home -> Enterprise applications -> Create your own application.

Set up SSO in Azure and configure8

After the application is created, enter it and go to the Single Sign-on menu and select SAML:
In the Azure Single Sign On configuration, edit the step 1 and add:
  1. 1.
    Identifier as "https://app.configure8.io" .
  2. 2.
    Get your "Organization ID" value from configure8 application in: Settings -> Organization -> Organization ID. Should be a hash string for instance: "7c4b66c9-22db-r2d2-8cea-126e781a5d42" .
    • Set the Reply URL as "https://app.configure8.io/api/v1/auth/saml/7c4b66c9-22db-r2d2-8cea-126e781a5d42/callback", replacing with your Org ID.
  3. 3.
    Index as "1". We will verify this in the end after generating metadata on configure8 interface.
  4. 4.
    Save.
Copy the Login URL from step 4:
Go to configure8 SSO menu (Settings->Organization->SSO->Setup) and paste it on the Login URL.
Download the Certificate (Base64) in step3:
Open the certificate in a text editor. Be sure the copy the whole content, including the BEGIN and END certificate lines, like this:
-----BEGIN CERTIFICATE-----
MIIC8DCCAdigAwIBAgIQViYFMG3W1rpxyz123kqhkiG9w0BAQsFADA0MTIwMAYDVQQD
EylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yMzA4MDQxNzU1
MDJaFw0yNjA4MDQxNzU0NTFaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQg
U1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJ/qJniNA+/3
QlPcVSENEeWOXwP+w/wNEx8kMWG5WviMTvB2REMrT+AKUabcdef421M4ngI2lBuHCsoucoR6y
7pMPJjxk4y+hkV66cE3wQKE827g58mByUpeRgHPEsMnoAmR/1KKKZIhdHpXWK0Fo5sHdPaLzyxLC
zjS/XfcOmUKxnFScZp4PSSfnkWyGXZireWTxo51dIV+jN6OB9cNbJQ753lqv+UaT5C9b9NDJ/cb7
W5zpGCwrcnDHtYj/vdECLCL8FPhgUYYYYYYYDEx7FN4esREEZonzTQoCo9g/OhMQNNvqsbT
NQ+2cB5PgnR2dz5ndXYu8VpWJQIXXXXXXXSIb3DQEBCwUAA4IBAQB5oN/Efsj6ifhHD463
NfREOPwayktLj/hUPhsUf8V5QS5NZao3GyB3+OM9JbwopUl2YhpNUpnv6F7zb/oyUu+Ir7wp4+cM
eP/uc0zABCABCTZ/Qf7Q5Cz4BtjYyuLrT9VPtqhrRkCgCIx7r9tLxrFKzj5Njrwcv6SELK
eZRPqrNeyLFVCcY5mUvLrV1te3pYM1svxDypT/9HtDqRwp5amWfDINsps551nGh7c9tuNqR/0n21
00qP+XrzVMbVLAPSltiLc0EWtMREPcOBORM+iAsTqurTmMpyxOAhSRqRQpUOcavF5esKeQUpUbqX
k6055llA5qgQ1m1npr67
-----END CERTIFICATE-----
Some text editors can change the formatting of the file while opening it. We have seen problems using Windows Notepad to copy this information. In that case, we recommend using VS Code or other programming text editor.
Go to configure8 SSO menu (Settings->Organization->SSO->Setup) and paste it on the Signing Certificate:
After saving, you will be provided with a Sign-on URL for your users to login:
You are also provided with the metadata when clicking in the Generate Metadata.
Double check the entityID, Location and index, should be the same you provided in the Azure Step 1 - Identifier, Reply URL and Index. In case values are different, go into Azure configuration Section 1 and update there.
The other highlighted field emailAddress is showing that the "Unique user identifier" field have to be the email, as we are going to see in the next section.
All done in the general set up. Next step is to set up User Attributes.

Set up User Attributes

Edit the section 2 - Attributes & Claims:
As showed in the metadata we saw in the above section, the Unique User Identifier (Name ID) should be the Email Address:
For configure8 SSO the following Additional claims values must be created:
Make sure you don't have a namespace defined for the email, FirstName and LastName new claims, like this:
  • Other attributes mapping may be enable by default in your organization. That won't affected configure8.
  • Each organization may have FirstName, LastName and email mapped in different fields. That should be changed to reflect your org settings in Azure AD.
Copyright © 2023 configure8, Inc. All rights reserved.