Updated 2 years ago by Andrew White

Azure AD can be used to manage Single Sign on Permissions with atSpoke. For more information on SAML SSO, check out our overview.

To add atSpoke to Azure, you will need to be an administrator on both Azure and atSpoke.

Adding a new application

Begin by navigating to Enterprise Applications, then choose New Application

Under Add your own app, choose Non-gallery application

Name the application you’re adding (atSpoke)then press Add. This will push you onto the App overview page for atSpoke.

Assign the app to yourself to test the connection. From the app overview screen, choose Users and groups.

On the Users and groups page choose + Add User.

Assign yourself the application for testing. Once you have assigned yourself the app, navigate back to Single Sign-on

From the left bar, choose Single Sign-on.

For Single Sign-on type choose SAML

Azure Step 1 - Basic SAML Configuration

Choose the Pencil icon next to step 1 to edit the ACS URL and the Entity ID

In another window, Log into your atSpoke account.

Navigate to Settings then choose the SSO menu. Scroll to the bottom of the page, and copy the ACS URL.

In Azure, these will be pasted into the “Assertion consumer service URL” field in Step 1.

Press Save then choose the X in the top right of the SAML Configuration pane to return to the app overview screen.

Step 2 - User Claims

Choose the pencil icon to update the user claims and mappings.

Azure uses the field “Unique User Identifier” - This claim needs to be mapped to “User.mail” To Edit this, click on the name identifier field, and choose user.mail from the dropdown. Press Save when you’re finished.

Use the X in the top right of the User Claims pane to return to the overview page.

Step 3 - SAML Certificate

Download the Base64 Certificate onto your computer. Open the file using TextEdit if on a mac, or Notepad if on a PC.

Navigate to atSpoke, and copy the certificate contents into the Public Certificate field

Step 4 - Set up atSpoke

Copy the Login URL from Azure

Paste into the Sign On URL field in atSpoke

Copy the AD Identifier from Azure

Paste it into the Issuer field in atSpoke

Press Test SAML Connection to test the configuration. atSpoke will test the configuration.

Press Enable SAML

When you click Enable Saml all users will be logged out, and need to log in through the SAML Single Sign-on flow

Confirm that you would like to enable SAML by choosing Yes, enable SAML and log out

You will be logged out, and need to log back into atSpoke. SAML is turned on.

How did we do?

Powered by HelpDocs (opens in a new tab)