Setting up Azure Active Directory is pretty straight-forward, but it helps to know the exact steps to follow, as configuraing SAML can be a bit daunting.
To add Exivity to your Azure AD applications, follow these steps:
In your Azure portal, go to the Azure Active Directory service:
In the sidebar, click Enterprise applications:
Click the New application button:
Click the Non-gallery application button:
Enter a name for the new application (i.e. My Exivity instance) and click the Add button.
Click the Configure single sign-on (required) button:
From the Single Sign-On Mode dropdown list, select SAML-based Sign-on:
Now enter the following details on this page:
The resulting page could look something like this:
Click the Configure [your application name] button:
A new pane will open with instructions. Navigate to the Exivity SAML configuration (see configuration) and copy the following options from the pane in your Azure portal:
The Exivity configuration page could look something like this:
In Exivity, click the Update button.
In your Azure Portal, click the Save button:
As the last step, enable Single Sign-On in Exivity by navigating to Administration > Configuration and then clicking on the System tab. Make sure the Single Sign-On option is set to Enabled, and click the Update button:
SSO is now configured and enabled, and you can now use Azure AD to login to your Exivity instance. The login screen will look something like this:
And by clicking on the Login button, you'll be taken to the Azure AD login screen. Exivity will receive the Azure AD e-mail address and create a new user with a minimal set of permissions if no existing user is found.
Azure AD setting
Use value
Identifier
Exivity Entity ID / Metadata URL endpoint (see endpoints)
Reply URL
Exivity Assertion Consumer Service endpoint (see endpoints)
Show advanced URL settings
Checked
Sign on URL
Optional, you can enter the URL for the Exivity interface here.
Relay State
Leave empty
User Identifier
Select user.mail
Exivity SAML setting
Use value
Entity ID
SAML Entity ID
SSO URL
SAML Single Sign-On Service URL
SLO URL
Sign-Out URL
X-509 certificate
Download the certificate by clicking the SAML Signing Certificate - Base64 encoded link. Open the .cer
file with a text editor and remove the text -----BEGIN CERTIFICATE-----
, -----END CERTIFICATE-----
and all line breaks so you end up with a single-line base64 encoded string.