Various Documentation

Azure AD Single Sign-on

  • Last Modified: 2020-05-17

Overview

This documentation is specific to configuring SAML with Azure Active Directory. Refer to the SAML Authentication Overview for more information.

Configuring Azure AD

1. Obtain App Registration ID

Before an Inedo product can authenticate with Azure, an App Registration must be created in Azure. When creating one, make sure to add a redirect URI of:

https://{inedo-product-host}/saml-acs-callback

Once created, the overview for the Azure App Registration will display a Application (client) ID, a GUID that should be used as the SAML issuer within the Inedo product configuration.

2. Obtain SAML Metadata

The SAML metadata for Azure is found at the URL:

https://login.microsoftonline.com/{tenant-id}/FederationMetadata/2007-06/FederationMetadata.xml

The value for {tenant-id} is a GUID found in the App Registration under Directory (tenant) ID.

3. Inedo Product Configuration

  • SAML issuer - use Application (client) ID from App Registration in step 1
  • Display name attribute - http://schemas.microsoft.com/identity/claims/displayname
  • Email attribute - http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
  • SAML metadata - copy/paste whole XML file contents from step 2

Is this documentation incorrect or incomplete? Help us by contributing!

This documentation is licensed under CC-BY-SA-4.0 and stored in GitHub.

Generated from commit 845f3ab3 on master