1. XY Sense
  2. XY Sense Portal & Analytics
  3. Technical

How to setup SAML2.0 SSO for Azure AD

Updated

About Azure AD SSO

XY Sense's SSO integration with SAML2.0 supports Microsoft Azure AD clients. An Azure AD administrator will be able to configure the SSO integration and provide the XY Sense administrator with the necessary configuration details. Any Azure AD user will then be able to sign in to XY Sense cloud platform. XY Sense users' settings are managed by the Customer Administrator within the XY Sense platform include what information the user has access to within the XY Sense platform.

Azure Active Directory (Azure AD) is Microsoft’s multi-tenant cloud-based directory and identity management service. It is one of several identity providers you can use for Single Sign‑On into the XY Application.

Prerequisite

You need to be an administrator of your Azure AD for your organisation to complete the integration.

Register XY Sense Application in Azure AD

  1. Open the Azure Active Directory Service from https://portal.azure.com/
  2. In the Azure Active Directory left navigation's Manage section, select Enterprise applications

  1. Click New application in the toolbar
  2. Click Create your own application in the gallery toolbar
  3. Enter the application's name. This is meaningful you and your organisation. Suggested name: XY Sense
  4. Select the option Integrate any other application you don't find in the gallery (Non-gallery)
  5. In the application overview screen, select Single sign-on from the left navigation
  6. Select the SAML option
  7. Click Edit on the Basic SAML Configuration and enter the following
    1. Click Add identifier and enter the value urn:amazon:cognito:sp:ap-southeast-2_RUZ2TnSRt
    2. Click Add reply URL and enter the value https://xyapp-master.auth.ap-southeast-2.amazoncognito.com/saml2/idpresponse
    3. Click Save
  8. Click Edit on Attributes & Claims and make sure there is the following additional claims
    1. name without a namespace that maps to the users name for display
    2. email without a namespace that maps to the users email

Gather Required App Values

  1. Within the Enterprise application → Single sign-on (where we were above)
  2. Copy the App Federation Metadata Url located in the SAML Certificates section

(Optional - if setup with SSO Role Delegation) - Create and assign users to roles

  • From the Azure portal's left nav, select 'Users and groups'. Then click 'application registration'

  • From the Azure portal's left nav, select App roles. Then select Create app role.

  • Give the role a name, description and set allowed member types to 'Users/Groups'
  • For value, provide it the list of XYSense AccessClaims desired, found in DataAccessPlatformAgnostic.AccessClaims (Must have customerUsers: true )
  • Claims must be separated by a tilde (~). See below for an example

  • Now, head over to the enterprise application linked to this application registration. To do that, visit 'Overview' on the left tab, then click the link next to 'Managed application in local directory'

  • Now, on the left, click on Users and groups.
  • Click 'Add user/group' then select the users desired
  • Once the users have been added, select the users you wish to assign a role, click 'Edit assignment', then on the left under 'Select a role', click on 'None selected' and select the role you previously created

Enable SSO in XY Application

Proceed to Enable SSO on XY Application: How to setup & manage SSO in XY Application

Articles in this section

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Have more questions?
Submit a request