Azure AD as IDP – Cloud SAML
Part 2: Setup miniOrange with Azure AD
Step 1. Setup Azure AD as IDP
- Go to miniOrange Admin Console.
- From the left navigation bar select Identity Provider
- Click on Add Identity Provider button.
- Select SAML tab.
- Click on Show Metadata details under For SP - INITIATED SSO. You can either manually enter details or use Metadata URL or File
- Now to add SAML app for Azure AD, go to Add Identity Provider page and click on Import IDP Metadata. Import the metadata file that you will get from Azure AD. Refer this step.
- If you don't have a metadata file, you can also provide the details manually. You need to configure following endpoints:
- Few other optional features that can be added to the Identity Provider(IDP) are listed in the table below:
- Click on Save.
You can get the metadata details of miniOrange app either by clicking on the link
shown by "Click here" in the yellow block, Or you can also get the details after creating the
app. Keep these details handy as we will need these in configuring Azure AD.
| IDP Entity ID | Entity ID of IDP |
| Single Login URL | Login Url from IDP |
| Single Logout URL | Logout Url from IDP |
| X.509 Certificate | The public key certificate of your IDP. |
| Domain Mapping | Can be used to redirect specific domain user to specific IDP |
| Show IdP to Users | Enable this if you want to show this IDP to all users during Login |
| Send Configured Attributes | Enabling this would allow you to add attributes to be sent from IDP |
Step 2. Configuring miniOrange as SP in Azure AD
- Log in to Azure AD Portal
- Select Azure Active Directory ⇒ Enterprise Applications.
- Click on New Application.
- Click on Non-gallery application section and enter the name for your app and click on Add button.
- Click on Single sign-on from the application's left-hand navigation menu. The next screen presents the options for configuring single sign-on. Click on SAML.
- Click on the edit icon to edit SAML Configuration Details
- For Basic SAML configuration you need to get the Entity ID, ACS URL, and the Single Logout URL from miniOrange. Refer this step.
- Enter the values in basic SAML configuration as shown in below screen
- By default, the following Attributes will be sent in the SAML token. You can view or edit the claims sent in the SAML token to the application under the Attributes tab.
- Download Federation Metadata xml, and copy the Logout URL as well. This will be used while configuring the Azure AD as IDP.
- Assign users and groups to your SAML application.
- As a security control, Azure AD will not issue a token allowing a user to sign in to the application unless Azure AD has granted access to the user. Users may be granted access directly, or through group membership.
- Click on Users and groups from the applications left-hand navigation menu. The next screen presents the options for assigning the users/groups to the application.
- After clicking on Add user, Select Users and groups in the Add Assignment screen.
- The next screen presents the option for selecting user or invite an external user. Select the appropriate user and click on the Select button.
- Here, you can also assign a role to this user under Select Role section. Finally, click on Assign button to assign that user or group to the SAML application.
| Identifier (Entity ID) | Entity ID or Issuer |
| Reply URL (Assertion Consumer Service URL) | ACS URL |
| Sign on URL (optional required during IDP-initiated SSO) | SSO Login URL |
| Logout URL | Single Logout URL |
Step 3. Test Connection between miniOrange and Azure AD
- Go to Identity Providers tab. Then click on select button under the app you just created. Then click on Test Connection.
- A new popup login window will open. Enter your credentials and login.
- Now you will see TEST SUCCESSFULL in a new popup window. If not, then check if you have missed any of the above step.
×
![ADFS_sso]()