Azure AD as IDP – Cloud SAML


Part 2: Setup miniOrange with Azure AD


Step 1. Setup Azure AD as IDP


  • Go to miniOrange Admin Console.
  • From the left navigation bar select Identity Provider
  • Click on Add Identity Provider button.
  • azure ad Identity Provider
  • Select SAML tab.
  • Azure AD Saml App
    You can get the metadata details of miniOrange app either by clicking on the link shown by "Click here" in the yellow block, Or you can also get the details after creating the app. Keep these details handy as we will need these in configuring Azure AD.
  • Click on Show Metadata details under For SP - INITIATED SSO. You can either manually enter details or use Metadata URL or File
  • Azure AD Saml App
  • Now to add SAML app for Azure AD, go to Add Identity Provider page and click on Import IDP Metadata. Import the metadata file that you will get from Azure AD. Refer this step.
  • Azure AD Saml App
  • If you don't have a metadata file, you can also provide the details manually. You need to configure following endpoints:
  • IDP Entity ID Entity ID of IDP
    Single Login URL Login Url from IDP
    Single Logout URL Logout Url from IDP
    X.509 Certificate The public key certificate of your IDP.
  • Few other optional features that can be added to the Identity Provider(IDP) are listed in the table below:
  • Domain Mapping Can be used to redirect specific domain user to specific IDP
    Show IdP to Users Enable this if you want to show this IDP to all users during Login
    Send Configured Attributes Enabling this would allow you to add attributes to be sent from IDP
  • Click on Save.

Step 2. Configuring miniOrange as SP in Azure AD

  • Log in to Azure AD Portal
  • Select Azure Active DirectoryEnterprise Applications.
  • azure ad sso Enterprise Applications
  • Click on New Application.

  • azure ad sso New Application
  • Click on Non-gallery application section and enter the name for your app and click on Add button.
  • azure ad sso Non-gallery application
  • Click on Single sign-on from the application's left-hand navigation menu. The next screen presents the options for configuring single sign-on. Click on SAML.
  • azure ad sso Single sign-on
  • Click on the edit icon to edit SAML Configuration Details
  • azure ad sso configuring single sign-on
  • For Basic SAML configuration you need to get the Entity ID, ACS URL, and the Single Logout URL from miniOrange. Refer this step.
  • Enter the values in basic SAML configuration as shown in below screen
  • Identifier (Entity ID) Entity ID or Issuer
    Reply URL (Assertion Consumer Service URL) ACS URL
    Sign on URL (optional required during IDP-initiated SSO) SSO Login URL
    Logout URL Single Logout URL

  • By default, the following Attributes will be sent in the SAML token. You can view or edit the claims sent in the SAML token to the application under the Attributes tab.

  • azure ad sso Attributes tab
  • Download Federation Metadata xml, and copy the Logout URL as well. This will be used while configuring the Azure AD as IDP.

  • Assign users and groups to your SAML application.
  • As a security control, Azure AD will not issue a token allowing a user to sign in to the application unless Azure AD has granted access to the user. Users may be granted access directly, or through group membership.
  • Click on Users and groups from the applications left-hand navigation menu. The next screen presents the options for assigning the users/groups to the application.
  • azure ad sso-13
  • After clicking on Add user, Select Users and groups in the Add Assignment screen.
  • The next screen presents the option for selecting user or invite an external user. Select the appropriate user and click on the Select button.
  • azure ad sso selecting user or invite an external user
  • Here, you can also assign a role to this user under Select Role section. Finally, click on Assign button to assign that user or group to the SAML application.
  • azure ad sso SAML application

Step 3. Test Connection between miniOrange and Azure AD

  • Go to Identity Providers tab. Then click on select button under the app you just created. Then click on Test Connection.
  • A new popup login window will open. Enter your credentials and login.
  • Atlassian Access Cloud SSO (Single Sign-On) Add Member
  • Now you will see TEST SUCCESSFULL in a new popup window. If not, then check if you have missed any of the above step.