This guide explains how to setup SSO using SAML with Azure AD.

Open the Azure Portal, select Azure Active Directory and:

1. From the Enterprise applications, select New Application

2. Select a Non-gallery application

3. Provide a Suitable name e.g. Elements

4. From the Application Manage menu select Single Sign-on

5. Select SAML option

6. Open the Elements Corporate Management application and select the Config page.  The URLs required for the following section are displayed

7. In the Azure AD Application SAML setup page, on section 2, Domains and URLs, provide the following:

8. In section 3 change the User Identifier, select from the drop down the user.mail option

9. From section 4 download the Metadata XML file

10. In Elements on the SSO Config Page, enter a value into the Identity provider name e.g. Azure.

11. Upload the certificate by selecting the Metadata.xml file downloaded from Azure

12. Submit the form

SAML is now enabled  

13. Make sure appropriate users or user groups are assigned to the Elements application in the Azure Active Directory. 

You can read how to do it in Azure's support article.

What if the certificate has expired?

If your certificate has expired, you will need to generate a new one in Azure. Then, in Elements you will need to select "Delete Identity Provider" and create a new connection with the refreshed certificate.

When users want to log into Elements from the login page, they just need to provide their email address (for the Elements account) and click next. The system will then verify if that user is part of an active Corporate Management with SSO enabled, and if so will take them to their provider login page (or straight to the application if the user is already logged in with the provider).

​