Azure AD Single Sign-on
  • 22 Mar 2022
  • 2 Minutes to read
  • Dark
    Light
  • PDF

Azure AD Single Sign-on

  • Dark
    Light
  • PDF

Article Summary

Overview

This documentation is specific to configuring SAML with Azure Active Directory. Refer to the SAML Authentication Overview for more information.

Configuring Azure AD

Before you can use Azure AD in Inedo's products, you will first need to create an Enterprise Application in Azure.

  1. Navigate to Enterprise Applications and click "New application"
  2. Click "Create your own application"
    1. Enter a name (e.g. ProGet SAML)
    2. Select "Integrate any other application you don't find in the gallery (Non-gallery)"
  3. On the overview page, make note of the "Application ID", you will need this in the Inedo product configuration
  4. Click "Users and groups" on the left and add your users to this application in Azure
  5. Click "Single sign-on" on the left
    1. Select "SAML"
    2. Click "Edit" in the "Basic SAML Configuration" block
      1. Click "Add Identifier" and enter an identifier (e.g proget-saml)
      2. Click "Add reply URL" and enter "http://{inedo-product-host}/saml-acs-callback"
      3. Click "Save"
  6. In the "SAML Signing Certificate" block, copy the "App Federation Metadata URL", this will be used in the Inedo product configuration

Inedo Product Configuration

Option 1: Configure using the Azure AD provider

Note

Currently this is only supported in ProGet v6.0.11+ when v6.1 preview security features are enabled.

This is the simplest method for configuring Inedo Products to use Azure AD for SAML based single sign-on.

  1. Navigate to Administration -> Manage Security
  2. In the "Login Options" box, click "change" to the right of SAML
  3. Select "Azure AD SAML Provider"
  4. Create your Enterprise Application, if not already created
  5. Click "Next"
  6. Enter your Enterprise Application's "Application ID"
    1. This is commonly found on the Enterprise Application's Overview page
  7. Enter your "Federation Metadata URL"
    1. This is commonly found on the Enterprise Application's Single Sign-On page in the SAML Signing Certificate block
  8. Click Save

Option 2: Configuring using a Custom Provider

Note

This is the only supported way in ProGet 5.3 or using 6.0 security features in ProGet 6.0.

When using v6.1 preview features:

  1. Navigate to Administration -> Manage Security
  2. In the "Login Options" box, click "change" to the right of SAML
  3. Select "Custom/Other SAML Provider"

When using ProGet 5.3 or 6.0 security features:

  1. Navigate to Administration -> Enable Single Sign-on (SAML)

Configuration Settings

  1. In the SAML Issuer, enter the Enterprise Application's Application ID
    1. This is commonly found on the Enterprise Application's Overview page
  2. In a web browser, navigate to the Federation Metadata URL and copy the XML output
    1. This is commonly found on the Enterprise Application's Single Sign-On page in the SAML Signing Certificate block
  3. In SAML Metadata, paste the XML from your federation metadata URL
  4. For the Display name attribute, enter http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
  5. For the Email attribute, enter http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
  6. Click "Save"

Was this article helpful?