In this post, we will show you the steps to integrate an app using our Single Sign-On library with Azure Active Directory. You can also take a look at Microsoft's resource regarding Azure ADFS: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-custom-apps.
Please follow the steps below:
1. Log into Azure as an Administrator ADFS portal link: https://portal.azure.com/
2. Navigate to enterprise applications for Azure Active Directory. You will see your apps listed here. Click on 'New Application' button.
3. Add a non-gallery application Since our SAML app is a non-gallery app, click on the add button on the right hilighted below then specify its name (e.g. ServiceProvider) and click Add.
4. Assign a user for testing
Identifier: the SAML Entity ID. It needs to match your local Service Provider name. You can use the full URL of the SP web. For example, if your SP site is at https://ServiceProvider, you need to use the same value for the identifier.
Reply URL: set to your Assertion Service url. e.g. https://ServiceProvider/AssertionService
6. Map user attributes
A user identifier is basically the
SubjectName Identifier. After assigning a user to your app, you can map user attributes. To return custom attributes in SAML response, add custom attributes in this step.
7. Set certificate to sign tokens In SAML Signing Certificate section, click on 'Create new certificate' to create a certificate for Azure ADFS to sign messages sending to your SP.
8. Download metadata xml After that, click on 'Configure ServiceProvider' to configure the app. 'ServiceProvider' is the name of your app. If you name it like 'MyApp' the link would be Configure MyApp. You will then see some links to download certificates and metadata XML. Click on 'SAML XML Metadata'. The configuration is complete and you should see your app listed on the Applications page.
9. Configure your app Set the corresponding Single Sign-on Service URL in your Service provider app and save the cert to your app folder. That ADFS certificate file corresponds to the signing certificate included in the metadata.