SAML Single Sign-on with Azure Active Directory

SAML Single Sign-on with Microsoft Azure

Security Assertion Markup Language (SAML) is a technology that can help you leave all problems connected to remembering passwords in the past and log in all of your digital tools with a single sign-on. In order to do so, you need to configure SAML 2.0 Identity Provider.

In a previous post, we described the general steps needed to set up SAML integration between Kanbanize and your Identity Provider. The next paragraphs will walk you through the process of enabling SSO with Azure Active Directory as your IdP:

*Please note that this guide uses the new Azure portal accessible from https://portal.azure.com.

1. From your Azure dashboard, go to Azure Active Directory.

Step 1

2. Select Enterprise Application.

Step 2

3. Click Add in the upper left corner.

Step 3

4. Choose Non-gallery application.

Step 4

5. Enter a name for the new application and click Add at the bottom.

Step 5

6. A new window for the application will open.

7. Select Single sign-on from the menu on the left.

8. From the dropdown, select SAML-based Sign-on.

9. New fields will show up on the screen that need to be filled.

10. Identifier (or Entity ID in SAML terms) for your account is https://<subdomain>.kanbanize.com/ (replace <subdomain> with your company’s custom Kanbanize subdomain, e.g. https://yourcompany.kanbanize.com/ ).

11. Reply URL (Assertion Consumer Service or ACS in SAML language) is https://<subdomain>.kanbanize.com/saml/acs

12. For User Identifier, select user.mail.

13. Tick the checkbox View and edit all other user attributes and leave them as they are.

14. Then click the Create New Certificate link.

15. When done, download the new certificate (in raw format) – you will need it later.

16. Tick Make new certificate active.

17. Click Save at the top of the page.

18. You are done configuring Azure!

Step 18

*Click on image to enlarge.

Step 18.1

*Click on image to enlarge.

19. Now let’s configure Kanbanize! Click the button that says Configure Kanbanize at the bottom and a new window will open. It contains information that you will need in just a minute

20. In Kanbanize, open the Administration panel and go to Integrations.

21. There, you will find a box for configuring Single Sign-On.

22. Tick the checkbox to enable it for your account.

23. Then use the information from the Configure sign-on window in Azure as follows:

  • SAML Entity ID goes to IdP Entity Id
  • SAML Single Sign-On Service URL goes to IdP Login Endpoint
  • Sign-Out URL goes to IdP Logout Endpoint

24. Copy (without the start and end markers) and paste your certificate in the last field.

25. In Attribute name for Email enter http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress (you can get the value from the section SAML Token Attributes)

26. You don’t have to fill the other two fields. But, if you do, when your users log in for the first time, they will be registered with their real names. So, you can enter http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname for Attribute name for First Name and http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname for Attribute name for Last Name.

Step 26

*Click on image to enlarge.

27. In Azure close the Configure sign-on window to go back to the previous one

28. Click Save in Azure and Save Settings in Kanbanize and you are almost ready!

29. The only thing left is to assign users who will have access to Kanbanize. Go to the Users and groups section and select the appropriate ones.

30. Now you are ready to give the Kanbanize – Azure SSO a test drive!

Be sure to try the integration and don’t hesitate to contact our support if you have any trouble.

Leave a Reply

Your email address will not be published. Required fields are marked *