Untitled

Introduction

This page details the steps required to configure single-sign-on (SSO) from an Azure Active Directory (AD) setup using SAML. The application will allow users to authenticate with their existing enterprise Azure user accounts when logging in to EdgeTier, and when users are disabled on Azure, they will lose access to EdgeTier automatically.

Note that full user provisioning is not supported from Azure, users will need to be assigned the application in Active Directory AND created separately in EdgeTier for successful authentication.

To complete these tasks, you will be adding an “Enterprise Application” for EdgeTier to your Azure configuration and controlling user access by assigning users to this application within your active directory.

Creating an Enterprise Application

To add new application in Azure AD

  1. Log in to the Azure Portal.

  2. In the Azure Services section, choose Azure Active Directory.

  3. In the left sidebar, choose Enterprise applications.

  4. Choose New application.

  5. On the Browse Azure AD Gallery page, choose Create your own application.

  6. Under What’s the name of your app?, enter a name for your application (e.g. “EdgeTier”) and select Integrate any other application you don’t find in the gallery (Non-gallery), as shown in Figure 2. Choose Create.

    Figure 1: Add an enterprise app in Azure AD

It will take few seconds for the application to be created in Azure AD, then you should be redirected to the Overview page for the newly added application.

Note: Occasionally, this step can result in a Not Found error, even though Azure AD has successfully created a new application. If that happens, in Azure AD navigate back to Enterprise applications and search for your application by name.

Set up Single Sign-on using SAML

  1. On the Getting started page, in the Set up single sign on tile, choose Get started, as shown in Figure 3.

    Figure 3: Application configuration page in Azure AD

  2. On the next screen, select SAML.

  3. In the middle pane under Set up Single Sign-On with SAML, in the Basic SAML Configuration section, choose the edit icon (✏️).

  4. In the right pane under Basic SAML Configuration, replace the default Identifier ID (Entity ID) with the EdgeTier value urn:amazon:cognito:sp:eu-west-1_uYWAoliDm