Azure-AD
Last updated
Last updated
Setting up Azure Active Directory is pretty straight-forward, but it helps to know the exact steps to follow, as configuraing SAML can be a bit daunting.
To add Exivity to your Azure AD applications, follow these steps:
In your Azure portal, go to the Azure Active Directory service:
In the sidebar, click Enterprise applications:
Click the New application button:
Click the Non-gallery application button:
Enter a name for the new application (i.e. My Exivity instance) and click the Add button.
Click the Configure single sign-on (required) button:
From the Single Sign-On Mode dropdown list, select SAML-based Sign-on:
Now enter the following details on this page:
Azure AD setting | Use value |
Identifier | Exivity Entity ID / Metadata URL endpoint (see endpoints) |
Reply URL | Exivity Assertion Consumer Service endpoint (see endpoints) |
Show advanced URL settings | Checked |
Sign on URL | Optional, you can enter the URL for the Exivity interface here. |
Relay State | Leave empty |
User Identifier | Select user.mail |
The resulting page could look something like this:
Click the Configure [your application name] button:
A new pane will open with instructions. Navigate to the Exivity SAML configuration (see configuration) and copy the following options from the pane in your Azure portal:
Exivity SAML setting | Use value |
Entity ID | SAML Entity ID |
SSO URL | SAML Single Sign-On Service URL |
SLO URL | Sign-Out URL |
X-509 certificate | Download the certificate by clicking the SAML Signing Certificate - Base64 encoded link. Open the |
The Exivity configuration page could look something like this:
In Exivity, click the Update button.
In your Azure Portal, click the Save button:
As the last step, enable Single Sign-On in Exivity by navigating to Administration > Configuration and then clicking on the System tab. Make sure the Single Sign-On option is set to Enabled, and click the Update button:
SSO is now configured and enabled, and you can now use Azure AD to login to your Exivity instance. The login screen will look something like this:
And by clicking on the Login button, you'll be taken to the Azure AD login screen. Exivity will receive the Azure AD e-mail address and create a new user with a minimal set of permissions if no existing user is found.
