This document should help you get SAML integration setup within your Azure Active Directory setup.
Create Enterprise Application
Go to the Azure Portal (https://portal.azure.com)
Click on "Azure Active Directory"
Click on "Enterprise Application"
Click on "New application"
Select "Non-gallery application" and enter a name like "DIGIDECK"
Click "Add"
Once the app is created, then click on the "Single sign-on" tab on the left
Click the "SAML" option
You will see a step-by-step screen as shown below:
User Attributes & Claims
Click the edit pencil for the User Attributes & Claims.
Add these claims:
Name | Source Attribute |
user.userprincipalname | |
FirstName | user.givenname |
LastName | user.surname |
Provide Metadata XML to Sportsdigita
Once in the Set up Single Sign-On with SAML view, you will need to provide the metadata XML URL to Sportsdigita.
Click on the Copy to Clipboard icon next to the App Federation Metadata Url value:
Once they have it, they will be able to give you the metadata XML for the DIGIDECK servers.
Here is an example:
This URL is provided in your Organization Integration tab:
Save the DIGIDECK XML to disk.
Click the Upload metadata file and select your XML that was saved to disk.
This should auto-populate all your entries for the basic SAML Configuration:
Identifier
Reply URL (Assertion Consumer Service URL)
Logout Url
Click "Save"
Token Encryption
DIGIDECK SAML integration requires encryption. Azure AD has a new feature to do this called Token encryption.
Select the Token Encryption tab on the left.
Download this file to disk:
Click the Import Certificate and browse for the downloaded certificate:
Click "Add"
Once uploaded, click the three dots next to the cert in the certificate listing and select "Activate token encryption"
Test Your App
When you have the certificate activated, then you can go back to the Single sign-on view and test your integration.
Click the "Test this application"
Then click on "Sign in as Current User"
Make sure that your account has been added to the application by going to Users and Groups.