Skip to main content

How to set up SSO with Azure AD?

Updated

Here's a quick tutorial on how to set up Single-Sign-On for Microsoft Azure AD:

  • Login to your portal at portal.azure.com 
  • Go to Microsoft Entra ID from the navigation tab (Use the Quick-search bar if you can' find it)
  • Go to Enterprise applications for the menu at the left-hand-side. 
  • Click on New application
  • Click on Create your own application
  • From the 3 options select Integrate any other application you don't find in the gallery (Non-gallery), and input a name for the app. 
  • Wait for redirection to the created application (may take some time)
  • From the created application's page, go to Single sign-on
  • Select SAML as the method of single-sign-on
  • Next, a list of 5 configuration blocks will appear that need to be configured. For basic integration setup, you need to configure block 1 and 2. In block 1, you need to specify the fields Identifier (Entity ID), Reply URL (Assertion Consumer Service URL) and Sign on URL. To start configuring block 1, please click on the Edit button:
  • For the Identifier (Entity ID), you can come up with any name and input it there.
  • This same Identifier (Entity ID) needs to be input on the SSO configuration page on Controlio under Service provider entity ID.
  • To get the Reply URL (Assertion Consumer Service URL), you will need to refer to the SSO configuration page on Controlio https://app.controlio.net/account-settings/sso  under Controlio callback url. You can use the copy button to copy and paste it on the Azure portal

  • For the Sign on URL, simply input the URL to the Dashboard https://app.controlio.net/signin/sso 
  • Click on Save to apply the changes. 
  • After finalizing the above configuration, the option to edit the second block Attributes & Claims will be available. So please click on Edit to start editing it. 
  • Click on Unique User Identifier (Name ID) to start editing the Required claim
  • Adjust the Source attribute to user.mail and Save the changes.
  • Make sure that user.givenname, user.principalname & user.surname are selected for Additional claims.
  • Go back to the SAML-based Sign-on page
  • Click on Edit for the SAML Certificate block
  • Click on the 3 dots next to the active certificate to show the dropdown menu, the select PEM certificate download. (This certificate can be opened with the Notepad)
  • Copy the contents of the downloaded certificate, and paste it into the X.509 certificate textbox in the SSO configuration page of the Controlio Dashboard. 
  • Copy the Login URL from the 4th block of the SAML-based Sign-on page. (Simply click on the copy button)
  • Paste this link in the SSO configuration page of the Controlio Dashboard under ID-provider authentication URL.
  • Click on SUBMIT to apply the changes.

Related articles