• Guides
• Sso Azure Saml

The Azure AD Identity Provider (IdP) is a trusted entity that allows you to enable single sign-on to access other sites or services, such as Azion. Your users can continue using their corporate user identities without having to remember a specific password or enter credentials each time they access Azion Console.

When using an IdP, you have two protocol possibilities: Security Assertion Markup Language (SAML) and OpenID Connect (OIDC).

To set up an Azure AD custom SAML app as your account IdP for Azion Console, follow the next steps.

1. Access Azure’s portal.
2. On the homepage, under Azure Services, select Enterprise applications.
3. Click + New Application.
4. On the next page, search for Azure AD SAML Toolkit and select it. Once you select it, a window will open with the Azure AD SAML Toolkit details on the right side of the screen.
5. Click Create on the bottom of the window. The app will be installed.
6. On the left side menu, select Single sign-on.
7. Under Select a single sign-on method, click SAML.
8. On the left side menu, select Properties.
9. In the option Assignment required?, select No.
10. Return to the Single sign-on section, selecting it from the left side menu.
11. On the box SAML Certificates, click Edit.
12. On the Signing Option, select Sign SAML response and assertion from the dropdown menu.
13. Click the context menu represented by three dots, and download the Certificate in the Base64 format.
14. Click Save.
15. On the box Set up Azure AD SAML Toolkit, copy the Login URL and Azure AD Identifier. You’ll need this information on Azion Console.

1. Log in to Azion Console.
2. On the upper-right corner of the page, select the avatar menu. This is the Account menu.
3. Select SSO Management.
4. Click the Add Identity Provider button and select SAML.
5. On the Identity Provider page, choose a name that identifies your identity provider. Example: Azure IdP.
6. Fill in the following fields with the data copied from the Azure AD portal:

• Identity provider’s Entity ID URI.
• Sign-in URL.
• Certificate. It must include the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- tags.

7. Click Save. You’ll be redirected to the list of identity providers, where you can view all the providers created in your account.

1. On the SSO Management page of Azion Console:

• Find the box of your recently created identity provider.
• Click the context menu, represented by three dots > Edit.

2. On the Identity Provider page, you’ll need to copy the following information to finish the configuration on the Azure AD portal:

• Assertion Consumer Service URL.
• Service Provider’s Entity ID URI.
• Sign-in URL.

3. On the Azure AD portal, return to the Single sign-on section, selecting it from the left side menu. On the Basic SAML Configuration box, click Edit and provide the following information:

• In the Identifier field, paste the Service Provider’s Entity ID URI you’ve copied from Console.
• In the Reply URL field, paste the Assertion Consumer Service URL you’ve copied from Console.
• In the Sign on URL field, paste the Sign-in URL you’ve copied from Console.

4. Click Save.
5. On the Attributes & Claims box, click Edit.
6. In the Unique User Identifier, set the string user.email.
7. Click Save.

After setting the service provider details:

1. Go to Users and groups on the left side menu.
2. Click + Add user/group to add the users you wish to grant permission to access Azion Console using the IdP you’ve just created.

1. Back on Console, access the SSO Management page.
2. On the box of the Identity Provider you’ve added, click Activate and turn on identity Origin and then click Confirm.

Now all the users of the account, except for the Account Owner, will be able to access Console using Azure AD as the Identity Provider.

Contributors