This guide outlines configuring Azure as a SAML 2.0 Identity Provider (IdP) for Single Sign-On (SSO) with UnifyApps. You will need administrator access to your Azure organization.
The configuration process involves three main stages:
Step 1: Initial Configuration on UnifyApps
In this section, you will start the SAML configuration process on UnifyApps and obtain the necessary URLs that Azure will require.
Access Identity Provider Settings:
Navigate to
Settings.Select
Securityfrom the settings menu.Under the "
Identity Providers" section, click on+ New Identity Provider
Basic Details & Service Provider Information:
Provider name: Enter a descriptive name for this configuration (e.g., Azure SAML).Identity Provider: Select Microsoft Azure from the dropdown list.Button Text: Specify the text that will appear on the SSO login button (e.g., Login using Azure).Important: Note the following URLs. You will need these for the Azure application setup in Part 2.
Assertion Consumer Service URL (ACS URL): This is the endpoint on UnifyApps where Azure will send the SAML assertion. (Example: https://demo.uat.unifyapps.com/auth/sso/SAML/complete-login)Service Provider Entity ID (SP Entity ID): This is the unique identifier for UnifyApps as the Service Provider. (Example: https://demo.uat.unifyapps.com/sso/saml)
Step 2: Configuring the SAML Application in Azure
Now, you will create and configure a new SAML 2.0 application in your Azure admin portal.
Create a New SAML App Integration:
Log in to your Azure Admin Portal.
In the side navigation menu, go to
All services>Identity>Enterpriseapplications.
Click the
New applicationbutton followed byCreate your own applicationbutton.In the "Create your own application" dialog, select
Integrate any other application you don't find in the gallery (Non-gallery)and give a name to your application.Click
Create.
Configure SAML Settings:
Click on
Set up single sign onand chooseSAML.Click on the edit button beside the
Basic SAML Configurationand paste theEntity IDand theAssertion Consumer Service URLand click onSavebutton.
Now finally click on the edit button beside the
SAML Certificatesand choose the Signing Option asSign SAML response and assertionand click onSave.
Attribute Statements (Crucial for User Data):
Click on the edit button beside the
Attributes & Claimsand add any custom attributes that you might want to send in the SAML Response(optional) and click onSavebutton.
SAML Certificates:
Now finally click on the edit button beside the SAML Certificates and choose the Signing Option as
Sign SAML response and assertionand click onSavebutton.
Obtain Azure Identity Provider Metadata:
Once the application is created, download the "
Federation Metadata XML".
Open the downloaded XML file in Chrome or a text editor.
Copy the entire content of this XML page. This is Azure’s SAML metadata.
Assign Users and Groups (Essential for Access):
While still in the Azure application settings, navigate to the
Users and groupstab.Assign the relevant Azure users or groups who should be granted access to UnifyApps via this SSO configuration. Users not assigned here will be unable to log in.
Step 3: Finalizing Configuration in UnifyApps
Return to the UnifyApps IdP configuration page you left open.
Paste Azure Metadata:
Paste the entire Federation Metadata XML in the
Metadata Contentfield.
Additional Settings (Optional):
User Attributes Sync: Enable if you wish to map custom attributes from Azure to user fields within UnifyApps.JIT Provisioning (Just-In-Time Provisioning): Enable to automatically create user accounts when they first log in via Azure.Enable Refresh Token: Configure according to your organization's session management requirements.If you enable
User Attributes Sync, proceed to theAttribute Mappingsection. Here, you will mapUser Fieldsto theSAML Attributesthat will be sent by Azure (e.g., mapping a userType_custom_attribute field to a SAML attribute named persona).
Click the
Saveand turn on the toggle for the IdP.
