This document should help you get SAML integration setup within your Azure Active Directory setup.

Create Enterprise Application

Go to the Azure Portal (https://portal.azure.com)

Click on "Azure Active Directory"

Click on "Enterprise Application"

Click on "New application"

Select "Non-gallery application" and enter a name like "Digideck"

Click "Add"

Once the app is created, then click on the "Single sign-on" tab on the left

Click the "SAML" option

You will see a step-by-step screen as show below:

User Attributes & Claims

Click the edit pencil for the User Attributes & Claims.

Add these claims:

Name

Source Attribute

Email

user.userprincipalname

FirstName

user.givenname

LastName

user.surname

Provide Metadata XML to Sportsdigita

Once in the Set up Single Sign-On with SAML view, you will need to provide the metadata XML URL to Sportsdigita.

Click on the Copy to Clipboard icon next to the App Federation Metadata Url value:

Once they have it, they will be able to give you the metadata XML for the Digideck servers.

Here is an example:

https://webapi.platform.sportsdigita.com/api/v1/authentication/saml/{subdomain}/metadata

This URL is provided in your Organization Integration tab:

Save the Digideck XML to disk.

Click the Upload metadata file and select your XML that was saved to disk.

This should auto populate all your entries for the basic SAML Configuration:

  • Identifier

  • Reply URL (Assertion Consumer Service URL)

  • Logout Url

Click "Save"

Token Encryption

Digideck SAML integration requires encryption. Azure AD has a new feature to do this called Token encryption.

Select Token encryption tab on the left.

Download this file to disk:

https://s3-us-west-2.amazonaws.com/digideck/new.cer

Click the Import Certificate and browse for the downloaded certificate:

Click "Add"

Once uploaded, click the three dots next to the cert in the certificate listing and select "Activate token encryption"

Test Your App

When you have the certificate activated, then you can go back to the Single sign-on view and test your integration.

Click the "Test this application"

Then click on "Sign in as Current User"

Make sure that your account has been added to the application by going to Users and Groups.

Did this answer your question?