SAML2.0 based Single Sign On (SSO) with Microsoft Azure Active Directory

AoM offers SSO integration with any Identify provider that supports SAML protocol . Below are the steps required to activate and configure the SAML 2.0 SSO functionality using Microsoft Azure as the Identity Provider (Idp).

  1. Navigate to the Integrations tab in the Admin Dashboard. You can find it in the sidebar.
  2. Click on the Manage button for the Single Sign On (SAML 2.0) section to navigate to the settings page.
  3. Open a new tab and navigate to your Microsoft Azure Portal. This is where we are going to configure the keys needed for the fields on the settings page.
  4. You need to create an application inside Azure Active Directory first. To create an application, select Azure Active Directory.

  5. Now in the left side panel, inside Manage Section, click on Enterprise applications.

  6. Now click on + New Application. See screenshot below : 

  7. Click on Create your own application, a dialog box on the right panel will appear. Name your application (any name you want) and click on create button below.

  8. Click on Assign Users and groups. You need to assign at least one user to this application. 

  9. Click on Add user/group, then on the page, you need to select a user. Select a user and click on Assign button.

  10. Now, from the left side panel click on Single sign-on and then select SAML.

  11. Click on the  Upload metadata file and upload the metadata file downloaded from AOM platform.
    To get metadata file from AOM platform : Go to SAML 2.0 manage page, click on  Provide this metadata URL inside Gather Metadata for IDP section.

  12. After uploading, Azure will automatically read the configuration values. You need to click on save to save the changes. The page should look like this.

  13. Now you need to download the Federation Metadata XML file as mentioned in above snapshot. This file will be needed when we will be setting up things in AOM.
    Download the file and store it somewhere in your computer.

  14. Congratulations!! You have completed all the setup required from Azure platform side.

  15. Now, login to your AOM platform and go to SAML 2.0 manage page.

  16. Name the Provider inside  Identity Provider Name and upload the Federation Metadata XML file which you downloaded.
    After successful upload, all the values should automatically get filled in the form, like the snapshot below.

  17. Now you need to map the user attributes so that AOM can read the data from Azure response.
    There are few fields which you need to fill.
    Email Attribute => http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
    First Name Attribute => http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
    Last Name Attribute => http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

  18. To configure Login with button text and color, you can change it using Login Button Text and Login Button Color

  19. Finally click on Save changes, and you are done.

  20. Now if you go to your AOM platform login page, you should see one extra Login with Button for SAML 2.0 SSO login.