Integrating Azure SAML

This article provides sample Azure SAML integrations.

Prerequisites

Azure AD integration can be done in an Azure Active Directory with the following capability:

  • Self-service integration of any application that supports SAML 2.0 identity providers (SP-initiated or IdP-initiated).

    Tip

    Contact your Azure administrators to check that the Azure license in your organization has the above feature enabled.

Read Azure AD IDP Documentation for further information.

Set up Azure AD

  1. Configure Azure to register CIP as a service provider.

    Note

    This procedure might change along with Azure functionalities.

    1. Log in to Azure AD.

    2. Select Azure Active Directory from the left-side menu.

    3. Select Enterprise applications.

    4. Register CIP as a new non-gallery application as shown below.

      • Select New application

      • Select Non-gallery application

      • Give your application a name

    5. Edit the properties of your application as shown below.

      • Select Properties

      • Fill in the properties form

    6. Enable Single sign-on. Select SAML-based Sign-on from the menu.

  2. Fetch Azure SAML metadata.

  3. Register Azure as an external IDP in CIP. For more information, read Configure external IDPs.

  4. Download CIP SAML SP metadata. For more information, read Download SAML IDP metadata.

  5. Upload CIP SAML metadata to Azure as shown below.

  6. Configure attributes that need to be released in Azure.

    1. Select App registrations from Azure Active Directory.

    2. Select View all from App registrations.

    3. Select your application.

    4. Select Manifest.

    5. Find groupMembershipClaims and change its value from null to all.

    6. Select Save.

  7. Verify the SAML authentication flow with Azure. For more information, read Verify SAML authentication flow.