Help
Search…
Azure Ad Setup Identity Provider Setup

Set up SAML in Azure Active Directory

  1. 1.
    Sign into Azure AD athttps://manage.windowsazure.comas an administrator.
  2. 2.
    Navigate to the applications dashboard by clicking on your directory and theApplicationstab.
  3. 3.
    Click the Add button to add a new application.
  4. 4.
    Select Add an application my organization is developing.
  5. 5.
    Enter theNameandTypefor the application.
  6. 6.
    Enter theSign-On URLandApp ID URIfor the application.
  7. 7.
    Click the application and configure the following properties:
    1. 1.
      Enter the application
      Name
      .
    2. 2.
      Enter the
      AssertionConsumerService Location URL
      from your downloaded service provider metadata into
      Sign-On URL
      . For example,
      https://AUTH-DOMAIN/saml/SSO/alias/AUTH-DOMAIN
      .
    3. 3.
      Configure the application
      Logo
      ,
      Application is Multi-Tenant
      and
      User Assignment Required to Access App
      properties.
    4. 4.
      Enter your
      Auth Domain URL
      into
      App ID URI
      .
    5. 5.
      Enter the
      AssertionConsumerService Location URL
      from your downloaded service provider metadata into
      Reply URL
      .
  8. 8.
    Click theSavebutton.
  9. 9.
    ClickView Endpointsand download theFederation Metadata Document.

Set up Claims Mapping

  1. 1.
    To enable user attribute mappings, grant the application the following permissions to Windows Azure Active Directory:
    1. 1.
      Read directory data.
    2. 2.
      Read all groups.
    3. 3.
      Read all users’ full profiles or Read all users’ basic profiles.
  2. 2.
    To pass group membership claims to the application, perform the following steps:
    1. 1.
      Click
      Manage Manifest
      .
    2. 2.
      Click
      Download Manifest
      followed by
      Download manifest
      .
    3. 3.
      Locate
      groupMembershipClaims
      and set the value to either:
      • SecurityGroup
        • Groups claim will contain identifiers of all security groups of which the user is a member.
      • All
        • Groups claim will contain the identifiers of all security groups and distribution lists of which the user is a member.
    4. 4.
      Click
      Manage Manifest
      .
    5. 5.
      Click
      Upload Manifest
      and select the modified manifest.
Copy link
On this page
Set up SAML in Azure Active Directory
Set up Claims Mapping