FundApps SSO Connection - Azure AD SAML 2.0

Step 1 - Register SAML Application in AzureAD

  1. Sign in to the Azure portal using an account with administrator permission. You must use an account in the same Microsoft 365 subscription (tenant) as you intend to register the app with. You can also access the Azure portal through the Microsoft 365 Admin center by expanding the Admin centers item in the left navigation pane, and selecting Azure Active Directory.

    Note

    If you don't have an Azure tenant (account) or you do have one but your Microsoft 365 subscription with Dataverse is not available in your Azure subscription, following the instructions in the topic Set up Azure Active Directory access for your Developer Site to associate the two accounts.If you don't have an account, you can sign up for one by using a credit card. However, the account is free for application registration and your credit card won't be charged if you only follow the procedures called out in this topic to register one or more apps. More information: Active Directory Pricing Details

  2. Navigate to to Azure AD and make a note of the Primary Domain (1) from Azure AD Overview tab:
    Screenshot 2023-01-05 at 12.29.30.png

  3. In the Azure portal, select Azure Active Directory in the left pane and select Enterprise applications and click on New application.
    Untitled.png

  4. Select Create your own application
    Untitled (1).png

  5. Choose Integrate any other application you don't find in the gallery (Non-gallery)

  6. Navigate to Single sign-on section and choose SAML as a single sign-on method
    Untitled (2).png

  7. Edit the Basic SAML Configuration and fill in the following fields:
    - Identifier (Entity ID) with https://fundapps.co
    - Reply URL with value of https://fundapps.co
    - Sign on URL with https://<your-environment>.fundapps.co/?code=saml
    Untitled (3).png

  8. Edit the Attributes & Claims and choose Unique User Identifier to be user.mail
    Untitled (4).png

  9. Download the Certificate (Base64), which we will use in Step 2
    Screenshot 2023-08-16 at 17.00.12.png

  10. Make a note of Login URL, which we will use in Step 2
    Untitled (5).png

  11. Make the application available to all users by navigating to the Properties section and set Assignment required? to No
    Untitled (6).png

 

Step 2 - Create a SAML connection in FundApps platform

  1. Log in to your FundApps platform and navigate to the Administration tab, click on the Setup drop-down list, and select SSO.

  2. Click on the Add SSO Connection dropdown list and choose SAML
    Untitled (7).png

  3. Fill in the following two fields:

    1. Display Name: with the name you want to appear on the Sign in page.
    2. Copy the content of the certificate downloaded in Step 1 in the X509 Certificate box
    3. Sign In URL: with the Login URL from Step 1

    Once you’re finished click the Create button
    Untitled (8).png

  4. Click on Settings button to the right of your newly created connection
    Untitled (9).png

  5. Make a note of the Audience URI / Entity ID and ACS URL / Single Sign-On URL fields for Step 3
    Untitled (10).png

Step 3 - Finish configuring the SAML Application in AzureAD

  1. Login to AzureAD

  2. Navigate to Enterprise Application

  3. Choose the application you created in Step 1

  4. Go to the Single Sign-on Section

  5. Edit the Basic SAML Configuration and amend:
    - Identifier field with the value from Audience URI / Entity ID
    - Reply URL field with the value from ACS URL / Single Sign-On URL
    - Click Save
    Untitled (11).png

Step 4 - Check your SAML connection works from fundapps platform

  1. Log in to your FundApps platform and navigate to the Administration tab, click on the Setup drop-down list, and select SSO.

  2. Click on Try button to the right of your newly created connection

    Untitled (12).png

🎉You should see a successful SSO Test result page
Untitled (13).png

 

Was this article helpful?
0 out of 0 found this helpful
Share article