Azure AD - SAML SSO
Azure AD can be used to manage Single Sign on Permissions with atSpoke. For more information on SAML SSO, check out our overview.
To add atSpoke to Azure, you will need to be an administrator on both Azure and atSpoke.
Adding a new application
Begin by navigating to Enterprise Applications, then choose New Application
Under Add your own app, choose Non-gallery application
Name the application you’re adding (atSpoke)then press Add. This will push you onto the App overview page for atSpoke.
Assign the app to yourself to test the connection. From the app overview screen, choose Users and groups.
On the Users and groups page choose + Add User.
Assign yourself the application for testing. Once you have assigned yourself the app, navigate back to Single Sign-on
From the left bar, choose Single Sign-on.
For Single Sign-on type choose SAML
Azure Step 1 - Basic SAML Configuration
Choose the Pencil icon next to step 1 to edit the ACS URL and the Entity ID
In another window, Log into your atSpoke account.
Navigate to Settings then choose the SSO menu. Scroll to the bottom of the page, and copy the ACS URL.
In Azure, these will be pasted into the “Assertion consumer service URL” field in Step 1.
Press Save then choose the X in the top right of the SAML Configuration pane to return to the app overview screen.
Step 2 - User Claims
Choose the pencil icon to update the user claims and mappings.
Azure uses the field “Unique User Identifier” - This claim needs to be mapped to “User.mail” To Edit this, click on the name identifier field, and choose user.mail from the dropdown. Press Save when you’re finished.
Use the X in the top right of the User Claims pane to return to the overview page.
Step 3 - SAML Certificate
Download the Base64 Certificate onto your computer. Open the file using TextEdit if on a mac, or Notepad if on a PC.
Navigate to atSpoke, and copy the certificate contents into the Public Certificate field
Step 4 - Set up atSpoke
Copy the Login URL from Azure
Paste into the Sign On URL field in atSpoke
Copy the AD Identifier from Azure
Paste it into the Issuer field in atSpoke
Press Test SAML Connection to test the configuration. atSpoke will test the configuration.
Press Enable SAML
Confirm that you would like to enable SAML by choosing Yes, enable SAML and log out
You will be logged out, and need to log back into atSpoke. SAML is turned on.