Configuring SAML for Azure AD

Setting up SSO through SAML for Azure AD

Ksawery Lisinski avatar
Written by Ksawery Lisinski
Updated over a week ago

This guide explains how to setup SSO using SAML with Azure AD.

Prerequisites

  • Azure AD Premium

  • an Elements Corporate IT Management with at least one connected domain

  • an Elements account which has the right to administer the Corporate IT Management environment

Steps to enable SAML

Open the Azure Portal, select Azure Active Directory and:

1. From the Enterprise applications, select New Application

2. Select a Non-gallery application

3. Provide a Suitable name e.g. Elements

4. From the Application Manage menu select Single Sign-on

5. Select SAML option

6. Open the Elements Corporate Management application and select the Config page.  The URLs required for the following section are displayed

7. In the Azure AD Application SAML setup page, on section 2, Domains and URLs, provide the following:

In the Identifier (Entity ID) paste the Metadata URL from the Config page in Elements

In the  Reply URL (Assertion Consumer Service URL) paste the Single Sign On URL from the Config page in Elements

8. In section 3 change the User Identifier, select from the drop down the user.mail option

9. From section 4 download the Metadata XML file

10. In Elements on the SSO Config Page, enter a value into the Identity provider name e.g. Azure.

11. Upload the certificate by selecting the Metadata.xml file downloaded from Azure

12. Submit the form

SAML is now enabled  

13. Make sure appropriate users or user groups are assigned to the Elements application in the Azure Active Directory. 

You can read how to do it in Azure's support article.

What if the certificate has expired?

If your certificate has expired, you will need to generate a new one in Azure. Then, in Elements you will need to select "Delete Identity Provider" and create a new connection with the refreshed certificate.

End User Access

When users want to log into Elements from the login page, they just need to provide their email address (for the Elements account) and click next. The system will then verify if that user is part of an active Corporate Management with SSO enabled, and if so will take them to their provider login page (or straight to the application if the user is already logged in with the provider).


Did this answer your question?