Set Up SSO (Single Sign On) with Microsoft through Saml
Go to portal.azure.com and select the Azure Active Directory service followed by Enterprise applications
Create a new enterprise app, name it
amberSearch - Enterprise ApplicationSet up Single Sign On. Go to the Single sign-on and then select Saml
Input
Identifier (Entity ID)andReply URL (Assertion Consumer Service URL). These values are provided separately by the amberSearch Team.Depending on the existing attributes/claims new claims might be needed after consultation with the amberSearch Team. In case of a hybrid setup, where local Active Directory is synchronized with Azure Active Directory add the following claims.
Edit the Attributes & Claims area
Add new claims
Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/distinguishedname and Source attribute user.onpremisesdistinguishedname
Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/sid and Source attribute user.onpremisesecurityidentifier
Save
Go to Properties und set Assignment required to No
Navigate to Properties and set Assignment required to No.
This allows all users within your organization to access amberSearch. However, as amberSearch uses a licensing model, this approach is generally not recommended.
Instead, keep Assignment required set to Yes and create a dedicated group in Azure AD, preferably with a name that clearly identifies it as related to amberSearch.
Add all users who should have access to amberSearch to this group.
Go to the amberSearch enterprise application and assign the group under Users and groups.
Alternative: If your Azure AD license does not support group assignment to enterprise applications, you can manually assign individual users under Users and groups.
Create an account for testing purposes, e.g ambersearch@customername.com It will be used for verifying the correctness and maintaining the SSO flow. The credentials of this account should be provided to amberSearch Team.
ย
If you need assistance please reach out to us via IT@ambersearch.de