Microsoft Entra ID

This page assumes that you have already clicked the "Enable SAML" button, and a form is currently displayed in your Datasaur app. Please follow the steps below to integrate with Microsoft Entra ID.

Integrating Microsoft Entra ID

It's previously called Azure Active Directory.

Creating a New Enterprise App

1. Go to your Azure console, sign in, and navigate to Microsoft Entra ID. Ensure that you have sufficient permissions to access and configure it. You should have one of the following roles: Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal.

2. Click "Enterprise applications" in the "Manage" section on the left sidebar.

3. Click "New application" > "Create your own application."

4. Provide a name and choose "Integrate any other application you don't find in the gallery."

5. Click the "Create" button.

Configure the SAML on the New App

1. Once the app is successfully created and you are viewing it (which should be the default behavior after the previous step), click "Single sign-on" in the "Manage" section on the left sidebar.

2. Click "SAML."

3. Follow the guide below to complete the required fields. Ignore any fields that are not specified. Remember to click "Save" for each step.

   1. Basic SAML Configuration: Fill in the following fields.

      1. Identifier (required): Use the Service Provider Issuer value from the Datasaur form.

      2. Reply URL (required): Use the Service Provider Sign-in URL value from the Datasaur form.

      3. Relay State (optional): Use JSON and replace the company ID value with yours, i.e. {"companyId": "<your-company-id>"}.

   2. Attributes & Claims: Add two new claims.

      1. Use "email" (required) as the name and "user.mail" as the source attribute. Note that the default "emailaddress" is not sufficient.

      2. Use "displayName" (optional) as the name and select your preferred attribute as the source, e.g., "user.displayname."

   3. SAML Certificates: Edit the field below.

      1. Signing Option: Select "Sign SAML response and assertion".

         

         SAML on Azure: Configuration Overview

Adding Users to the App

1. Click "Users and groups" in the "Manage" section on the left sidebar.

2. Assign all the users whom you want to be able to sign in on Datasaur via SAML.

Finishing the Datasaur SAML Form

1. Return to the "Single sign-on" page.

2. Use the Login URL from step 4 (set up) to fill the Identity Provider Sign-in URL field.

3. Use the Microsoft Entra Identifier from step 4 (set up) to fill the Identity Provider Issuer field.

4. Download the certificate from step 3 (SAML certificates), specifically the base64 format. Use it to complete the Public Certificate field.

5. Finish the form.

   

   SAML on Azure: Step 4 to Fill Values on the Datasaur App