In this tutorial, you’ll learn how to integrate Azure AD single sign-on with Votiro using SAML Toolkit to enable users to log in to the Votiro Management console using their corporate credentials.
Prerequisites
Ensure you have the following items:
|
n |
Azure AD SAML Toolkit enabled on the above-mentioned subscription |
Procedure
|
2. |
Select Azure Active Directory. |
|
3. |
In the left pane, select Enterprise applications. |
|
4. |
Select New application: |
|
5. |
In the search field type Azure AD SAML Toolkit. |
|
6. |
Lastly, select it from the results and add it. After a few moments, the app will be added to your tenant. |
|
7. |
Navigate back to Enterprise applications | All applications and select the newly added app: Azure AD SAML Toolkit. |
|
8. |
On the left pane, select Single sign-on. |
|
9. |
On the Basic SAML Configuration page, click the pencil button to edit the configuration. |
|
11. |
Both Reply URL (Assertion Consumer Service URL) and Sign on URL should be in the following format: https://<VOTIRO-FQDN>/assertionconsumerservice. |
Note:
If you’re configuring SAML for SaaS cluster, please make sure to include the tenant id after the Reply URL and Sign on URL:
https://<VOTIRO-FQDN>/assertionconsumerservice/<TENANT_ID>
|
12. |
Other fields are optional and will remain blank, lastly press the Save button. |
|
13. |
On the Attributes & Claims section, click the pencil button to edit the configuration. |
|
14. |
Select Add a group claim on the left-hand side, choose All groups, expand Advanced options, select Customize the name of the group claim, and provide it with a name, for instance, “AzureGroup1”, then press the Save button. |
|
15. |
To avoid issues such as “User without any role”, make sure the users that should have access to the environment via SAML are listed under Azure AD SAML Toolkit | Users and groups. |
|
16. |
Log in to Votiro’s Management console. On the left pane, click on the cogwheel, and select SAML. For the IDP Metadata address, copy and paste the value from the App Federation Metadata Url field in Azure. |
|
19. |
The Admin role key should be the value you provided for the group above in Group Claims, in this case, AzureGroup1. |
|
20. |
The Admin role value should be the Object Id of the group in which the admin’s users are members. |
|
21. |
Press the Save changes button, log out from the Management console and log in with the corporate credentials. You may continue and set up the Help Desk and SOC groups, similar to what was configured for the admins group. |
Comments
0 comments
Please sign in to leave a comment.