SAML Configuration for Azure
To set up an Microsoft Azure application as your Identity Provider to allow SAML authentication:
-
Log in to the Avanan Administrator Portal:
-
Go to Security Settings > Settings and click Configure SAML.
The Configure SAML window appears.
-
To copy the SAML SSO url, in the SAML SSO URL field, click
.
-
-
Log in to the Microsoft Azure:
-
Click Enterprise applications from the left navigation pane.
-
Click New application.
-
Select Non-gallery application.
-
In the Name field, enter a name for the application.
-
Click Add.
-
Select Set up single sign on.
-
Select SAML.
-
In the Identifier (Entity ID) field, enter a unique string, for example, Avanan.
-
In the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) fields, paste the url copied in step 1.b.
-
In the Sign on URL field, enter your Avanan Administrator Portal url.
-
Click Save.
-
In the User Attributes & Claims field, click .
-
From the Source attribute field, select one of these:
-
user.mail
-
user.userprinciplename
Note - Make sure that user.mail is populated for all relevant users when making your selection, if not, authenticating users becomes impossible.
-
-
In the SAML signing certificate section, for Federation Metadata XML, click Download.
-
-
Log in to the Avanan Administrator Portal:
-
Go to Security Settings > Settings and click Configure SAML.
The Configure SAML window appears.
-
In the Metadata Source field, select Import a metadata file and upload the Federation Metadata XML file downloaded in step 2.n.
-
Unselect the Are you running Azure AD checkbox.
-
In the Identity Provider Entity ID field, enter the enter a unique string entered in step 2.h.
-
-
Log in to the Microsoft Azure Portal:
-
Go to Manage > Users and groups.
-
Click Add user.
-
From the Users and groups list, select the user or group you want to grant access.
-
Click Assign.
You are now able to login to the Avanan Administrator Portal with SAML.
-