Microsoft Azure SAML
Configure IdP
-
Login to Microsoft Azure, open the menu and search for "Azure Active Directory" and click it.
-
Click "Add" and select "Enterprise application".
-
Click on "Create your own application".
-
Choose a name for the app (Sandbox), and select the "Non-gallery" option.
-
Select "Set up single sign on".
-
Select "SAML".
-
A settings menu will be shown. In this menu all the SAML details will be filled from now on. The details provided by email from Hatching support are required in this step as mentioned in Prerequisites. Click on "Edit".
-
Fill in the received Service Provider Entity ID at "Identifier (Entity ID)" (dot 1).
The "Single Sign on URL" should be placed in the "Reply URL" field (dot 3).
Enter the "SSO start URL" at the field "Sign on URL"
Finally, hit Save (dot 4). After saving, you can hit the X not shown in the screenshot and click Edit at step 2, "Attributes & Claims".
-
First add the attribute "email" and select "user.mail" as its value. Next, add the attribute "displayname" and select "user.displayname" as its value.
-
Proceed by clicking on "App Federation Metadata Url" and copy the URL and send this to [email protected]. **.
Roles
This example uses App Roles
to configure roles for this SAML app. There are more ways to configure this.
- Create roles by navigating to the
App Registrations
list and clicking theRecorded Future Sandbox
app. - Open the
App Roles
pane and create App roles for each role listed in the role matrix. - Navigate to the "Attributes and Claims" section of the
Recorded Future Sandbox
Enterprise Application registration. Add the attributesandbox_role
bound to the valueuser.assignedroles
.
References:
Assigning roles
When assigning a user to the Recorded Future Sandbox
Enterprise application registration, you will now be asked to assign a role.