Azure Ad Setup Identity Provider Setup

Set up SAML in Azure Active Directory

  1. Sign into Azure AD athttps://manage.windowsazure.comas an administrator.

  2. Navigate to the applications dashboard by clicking on your directory and theApplicationstab.

  3. Click the Add button to add a new application.

  4. Select Add an application my organization is developing.

    Azure developing application

  5. Enter theNameandTypefor the application.

    Azure application name

  6. Enter theSign-On URLandApp ID URIfor the application.

    Azure application properties

  7. Click the application and configure the following properties:

    1. Enter the application

      Name

      .

    2. Enter the

      AssertionConsumerService Location URL

      from your downloaded service provider metadata into

      Sign-On URL

      . For example,

      https://AUTH-DOMAIN/saml/SSO/alias/AUTH-DOMAIN

      .

    3. Configure the application

      Logo

      ,

      Application is Multi-Tenant

      and

      User Assignment Required to Access App

      properties.

    4. Enter your

      Auth Domain URL

      into

      App ID URI

      .

    5. Enter the

      AssertionConsumerService Location URL

      from your downloaded service provider metadata into

      Reply URL

      .

    Azure application

  8. Click theSavebutton.

  9. ClickView Endpointsand download theFederation Metadata Document.

    Azure metadata

Set up Claims Mapping

  1. To enable user attribute mappings, grant the application the following permissions to Windows Azure Active Directory:

    1. Read directory data.

    2. Read all groups.

    3. Read all users’ full profiles or Read all users’ basic profiles.

    Azure claims

  2. To pass group membership claims to the application, perform the following steps:

    1. Click

      Manage Manifest

      .

    2. Click

      Download Manifest

      followed by

      Download manifest

      .

    3. Locate

      groupMembershipClaims

      and set the value to either:

      • SecurityGroup

        • Groups claim will contain identifiers of all security groups of which the user is a member.

      • All

        • Groups claim will contain the identifiers of all security groups and distribution lists of which the user is a member.

    4. Click

      Manage Manifest

      .

    5. Click

      Upload Manifest

      and select the modified manifest.

    Azure manifest