Step 1 - Register SAML Application in AzureAD
Sign in to the Azure portal using an account with administrator permission. You must use an account in the same Microsoft 365 subscription (tenant) as you intend to register the app. You can also access the Azure portal through the Microsoft 365 Admin center by expanding the Admin centers item in the left navigation pane and selecting Azure Active Directory.
Note: If you don't have an Azure tenant (account) or you do have one but your Microsoft 365 subscription with Dataverse is not available in your Azure subscription, follow the instructions in the topic Set up Azure Active Directory access for your Developer Site to associate the two accounts. If you don't have an account, you can sign up for one by using a credit card. However, the account is free for application registration and your credit card won't be charged if you only follow the procedures called out in this topic to register one or more apps. More information: Active Directory Pricing Details
Navigate to Azure AD and make a note of the Primary Domain (1) from the Azure AD Overview tab:
In the Azure portal, select Azure Active Directory in the left pane, select Enterprise applications, and click on New application.
Select Create your own application
Choose Integrate any other application you don't find in the gallery (Non-gallery).
Navigate to the Single sign-on section and choose SAML as a single sign-on method.
Edit the Basic SAML Configuration and fill in the following fields:
- Identifier (Entity ID) with https://fundapps.co
- Reply URL with value of https://fundapps.co
- Sign on URL with https://<your-environment>.fundapps.co/?code=samlEdit the Attributes & Claims and choose Unique User Identifier to be user.mail.
Download the Certificate (Base64), which we will use in Step 2.
Make a note of Login URL, which we will use in Step 2.
Make the application available to all users by navigating to the Properties section and set Assignment required? to No.
Step 2 - Create a SAML Connection in the FundApps Platform
Log in to your FundApps platform and navigate to the Administration tab, click on the Setup drop-down list, and select SSO.
Click on the Add SSO Connection dropdown list and choose SAML.
Fill in the following two fields:
Display Name: with the name you want to appear on the Sign in page.
Copy the content of the certificate downloaded in Step 1 in the X509 Certificate box
Sign In URL: with the Login URL from Step 1
Once you’re finished, click the Create button
Click on Settings button to the right of your newly created connection
Make a note of the Audience URI / Entity ID and ACS URL / Single Sign-On URL fields for Step 3
Step 3 - Finish Configuring the SAML Application in AzureAD
Login to AzureAD.
Navigate to Enterprise Application.
Choose the application you created in Step 1.
Go to the Single Sign-on Section.
Edit the Basic SAML Configuration and amend:
- Identifier field with the value from Audience URI / Entity ID
- Reply URL field with the value from ACS URL / Single Sign-On URL
- Click Save
Step 4 - Check your SAML Connection Works from FundApps Platform
Log in to your FundApps platform and navigate to the Administration tab, click on the Setup drop-down list, and select SSO.
Click on Try button to the right of your newly created connection