This guides explains how to setup SSO using SAML with Azure AD.
The following are required to provide SSO support through Azure AD
- Azure AD Premium
- an Elements Corporate IT Management with at least one connected domain
- an Elements account which has the right to administer the Corporate IT Management environment
Steps to enable SAML
Open the Azure Portal select Azure Active Directory and:
(1) From the Enterprise applications select New Application
(2) Select a Non-gallery application
(3) Provide a Suitable name e.g. Elements
(4) From the Application Manage menu select Single Sign-on
(5) Select SAML option
(6) Open the Elements Corporate IT Mgt application and select the Config page. The URLs required for the following section are displayed
(7) In the Azure AD Application SAML setup page, on section 2 , Domains and URLs, provide the following:
In the Identifier (Entity ID) paste the Metadata URL from the Config page in Elements
In the Reply URL (Assertion Consumer Service URL) paste the Single Sign On URL from the Config page in Elements
(8) In section 3 change the User Identifier select from the drop down the user.mail option
(9) From section 4 download the Metadata XML file
(10) In Elements on the SSO Config Page enter a value into the Identity provider name e.g. Azure.
(11). Upload the certificate by selecting the Metadata.xml file downloaded from Azure
(12). Submit the form
SAML is now enabled
(13). Make sure appropriate users or user groups are assigned to the Elements application in the Azure Active Directory.
You can read how to do it in Azure's support article.
End User Access
When users want to log into Elements from the login page they just need to provide their email address (for the Elements account) and click next. The system will then verify if that user is part of an active Corporate Management with SSO enabled and if so will take them to their provider login page (or straight to the application if the user is already logged in with the provider).