FundApps SSO Connection - Azure AD SAML 2.0

Step 1 - Register SAML Application in AzureAD

1. Sign in to the Azure portal using an account with administrator permission. You must use an account in the same Microsoft 365 subscription (tenant) as you intend to register the app with. You can also access the Azure portal through the Microsoft 365 Admin center by expanding the Admin centers item in the left navigation pane, and selecting Azure Active Directory.

   Note

   If you don't have an Azure tenant (account) or you do have one but your Microsoft 365 subscription with Dataverse is not available in your Azure subscription, following the instructions in the topic Set up Azure Active Directory access for your Developer Site to associate the two accounts.If you don't have an account, you can sign up for one by using a credit card. However, the account is free for application registration and your credit card won't be charged if you only follow the procedures called out in this topic to register one or more apps. More information: Active Directory Pricing Details
   
   

2. Navigate to to Azure AD and make a note of the Primary Domain (1) from Azure AD Overview tab:
   
   
   

3. In the Azure portal, select Azure Active Directory in the left pane and select Enterprise applications and click on New application.
   
   
   

4. Select Create your own application
   
   
   

5. Choose Integrate any other application you don't find in the gallery (Non-gallery)
   
   

6. Navigate to Single sign-on section and choose SAML as a single sign-on method
   
   
   

7. Edit the Basic SAML Configuration and fill in the following fields:
   - Identifier (Entity ID) with https://fundapps.co
   - Reply URL with value of https://fundapps.co
   - Sign on URL with https://<your-environment>.fundapps.co/?code=saml
   
   
   

8. Edit the Attributes & Claims and choose Unique User Identifier to be user.mail
   
   
   

9. Download the Certificate (Base64), which we will use in Step 2
   
   
   

10. Make a note of Login URL, which we will use in Step 2
    
    
    

11. Make the application available to all users by navigating to the Properties section and set Assignment required? to No
    

Step 2 - Create a SAML connection in FundApps platform

1. Log in to your FundApps platform and navigate to the Administration tab, click on the Setup drop-down list, and select SSO.
   
   

2. Click on the Add SSO Connection dropdown list and choose SAML
   
   
   

3. Fill in the following two fields:

   1. Display Name: with the name you want to appear on the Sign in page.
   2. Copy the content of the certificate downloaded in Step 1 in the X509 Certificate box
   3. Sign In URL: with the Login URL from Step 1

   Once you’re finished click the Create button
   
   
   

4. Click on Settings button to the right of your newly created connection
   
   
   

5. Make a note of the Audience URI / Entity ID and ACS URL / Single Sign-On URL fields for Step 3
   

Step 3 - Finish configuring the SAML Application in AzureAD

1. Login to AzureAD
   
   
2. Navigate to Enterprise Application
   
   
3. Choose the application you created in Step 1
   
   
4. Go to the Single Sign-on Section
   
   
5. Edit the Basic SAML Configuration and amend:
   - Identifier field with the value from Audience URI / Entity ID
   - Reply URL field with the value from ACS URL / Single Sign-On URL
   - Click Save
   

Step 4 - Check your SAML connection works from fundapps platform

1. Log in to your FundApps platform and navigate to the Administration tab, click on the Setup drop-down list, and select SSO.
   
   

2. Click on Try button to the right of your newly created connection

   

🎉You should see a successful SSO Test result page