External Authentication Details for SAML2 in Azure

Modified on Thu, 22 Aug at 11:19 PM

Overview

This article provides step-by-step instructions on how to retrieve external authentication details for RC backend login using Microsoft account with SAML2.

Authentication Details for SAML2

Part A. Register application in Azure AD

Go to Azure portal ➔ Azure Active Directory ➔ Enterprise applications ➔ Click [New application] which opens ‘Browse Azure AD Gallery’ screen. Then click [Create your own application]

Enter the name of your app, select the 3^rd option - ‘Intergrate any other application you don’t find in the gallery’. Then click [Create] button at the bottom of the screen.

Part B. Configure the details for the created Azure AD app

Identifier (Entity ID)

Go to Azure portal ➔ Azure Active Directory ➔ Enterprise applications. Click [View all applications] then select the app that you registered in Part A to see its details. Click [Single sign-on] ➔ SAML

A new panel is opened.

Now click the [Edit] button on the Basic SAML Configuration section. A new panel shows up on the right side of the screen:

For Identifier (Entity ID), enter the URL of RC backend.

For Reply URL, it can be composed with the following format:

[RC Backend URL]/ExAuth/Saml2Authentication/Acs

In the above example, the RC Backend URL is https://resourcecentral.com/resourcecentral, so the Reply URL you can fill in is:

https://resourcecentral.com/resourcecentral/ExAuth/Saml2Authentication/Acs

Click [Save] to finish.

Login URL, Logout URL and Azure AD Identifier

Go to Azure portal ➔ Azure Active Directory ➔ Enterprise applications ➔ All applications. Then select the app that you registered in Part A to see its details.

Click [Single sign-on] and scroll down to the Set up [App name] section (i.e., ‘Set up SSO_for_RC’):

You can see the details for Login URL, Logout URL, and Azure AD Identifier highlighted in the above figure.

Return URL

You can compose the Return URL with the following format:

[RC Backend URL]/ExAuth/Saml2Authentication/CallbackHandler

In the above example, the RC Backend URL is https://resourcecentral.com/resourcecentral, so the Reply URL you can fill in is:

https://resourcecentral.com/resourcecentral/ExAuth/Saml2Authentication/CallbackHandler

Certificate (.pfx) and PFX Password

Usually, you have been provided with the .pfx file and the attached password after you buy the certificate (with key). This certificate must be created with the parameter provider = Microsoft Enhanced RSA and AES Cryptographic Provider.

Part C. Configure SAML Signing Certificate

Go to Azure portal ➔ Azure Active Directory ➔ Enterprise applications ➔ All applications then select the app that you registered in Part A to see its details.

Click [Single sign-on] and scroll down to the ‘SAML Signing Certificate’ then click [Edit]:

A new panel is opened.

Click [Import certificate] to upload your PFX file.

Part D. Configure External Authentication in the RC backend

Log in to RC backend and click [Authentication] on the left menu. On ‘External Authentication’ section, select SAML2 for ‘Authentication Protocol’ then configure as shown in the following figures: