Azure AD SAML Integration

Learn how to configure a connection to Azure AD via SAML.


Introduction

Each SSO Identity Provider requires specific information to create and configure a new Connection (through Application registered). Often, the information required to create a connection will differ by Identity Provider.


Azure AD integration with Cripsa using SAML consists of 4 parts,
  • 1. Create a project/select (an existing) project by logging into https://cripsa.com
  • 2. Create an App in Azure AD using admin account in https://portal.azure.com/
  • 3. Use Metadata URL information of the Azure AD App registered to integrate it with Cripsa.
  • 4. Use the Final URI received to call against the User click to start the Authentication process.

Create Project through Cripsa

Login to Cripsa Dashboard by using email account


logo-light

logo-light

Once logged in Create project for SAML.


logo-light

Fill all the details. All the fields are required.


logo-light

Click on “Create Project”.


logo-light

Note Down all the above highlighted information which will be used while creation of the App in Azure AD Admin Console (https://manage.Azure AD.com/dashboard).

What Cripsa provides

Cripsa provides the ACS URL and the SP Entity ID. It’s readily available in your Project Detail page of Cripsa Dashboard.


logo-light

The ACS URL is the location an Identity Provider redirects its authentication response to. In Azure AD’s case, it needs to be set by the Enterprise when configuring your application in their Azure AD dashboard.

The SP Entity ID is a URI used to identify the issuer of a SAML request, response, or assertion. In this case, the entity ID is used to communicate that Cripsa will be the party performing SAML requests to the Enterprise’s Azure AD instance.

Specifically, the ACS URL will need to be set as the “ACS URL” in the “Service Provider Details” step of the Azure AD SAML setup.


What you’ll need

In order to integrate you’ll need the metadata URL from Azure AD.

Normally, this information will come from your Enterprise customer’s IT Management team when they set up your application’s SAML 2.0 configuration in their Azure AD admin dashboard. But should that not be the case during your setup, here’s how to obtain it.


1. Log in

Open Azure Portal https://portal.azure.com/, on the right-side menu choose “Azure Active Directory-> Enterprise applications->New Application”. If your application is already created, select it from the list of applications and move to Step 6. If you haven’t created a SAML application, select “New Application” and then provide the details.


logo-light

logo-light

2. Enter Your App’s Information

Give the app a descriptive name and upload an icon, if applicable. Click “Continue”.


logo-light

logo-light

logo-light

logo-light

3. Enter Service Provider Details

Copy and the “ACS URL” from your Cripsa Dashboard and paste it into the “ACS URL” field, and copy the “SP Entity ID” from your Cripsa Dashboard and paste it into the “Entity ID” field in the Azure AD SAML “Service provider details” modal. Select “Continue.”


logo-light

Put the detail from Create Project Value of SP_EntityId and ACS in the above fields.


logo-light

logo-light

logo-light

4. Obtain Identity Provider Details

Copy the value of the URI in “App Federation Metadata Url” or download Metadata file through Download button of “Federation Metadata XML”. Save this file, as you’ll upload it to the Cripsa Dashboard in Step 6. Click “Continue”.


logo-light

One can download the Metadata or copy the URI as well and use anyone of it to register with Cripsa.


5. Attribute Mapping

Now change the attribute mapping as follows:
logo-light

logo-light

logo-light

logo-light

5. Configure User Access

In the Users and groups->Add user/group one can add users.


logo-light

logo-light

logo-light

logo-light

logo-light

6. Upload Metadata File by Register Azure AD App with Cripsa

If you haven’t already downloaded the metadata file, select your Application->Single sign-on->SAML2 certificates, and copy either the link of download the file.


logo-light

Now go back to https://cripsa.com/saml-register-app ->Select your project you have just created.


logo-light

logo-light

Here Three Fields are Mandatory to fill:
  • • Provider Name (name must be unique with no special character and all in small letter)
  • • Metadata URL or File Upload

In the Register Type there are four options, and one has to select anyone of them as per your requirement. For more information on these options please see FAQ.


logo-light

logo-light

logo-light

6. User Login Testing

Using code URI to get code after successful login to Okta.


logo-light

logo-light

logo-light

logo-light

Using token URI to get accessToken after successful login to Okta.


logo-light

logo-light

logo-light

logo-light

Frequently asked questions

1. How many Registration Options available in Cripsa for SAML and what is the difference between them?


In the Register Type there are four options:

  • • Registration of SAML Only
  • • Registration of SAML in Separate Client
  • • Registration of SAML with Other Already registered Auth Type Apps/Method with MFA
  • • Registration of SAML with Other Already registered Auth Type Apps/Method without MFA
logo-light

Only the Login screen would be Different for each Registration Type.


logo-light
Figure 1 Registration of SAML Only
logo-light
Figure 2 Registration of SAML in Separate Client
logo-light
Figure 3 Registration of SAML with Other Already registered Auth Type Apps/Method with MFA

Here in the above diagram one can see MFA is available along with SAML authentication.


logo-light
Figure 4 Registration of SAML with Other Already registered Auth Type Apps/Method with MFA

Here in the above diagram one can see MFA is available along with SAML and AUTH 2.0 authentication.


logo-light
Figure 5 Registration of SAML with Other Already registered Auth Type Apps/Method without MFA