Configure Azure Active Directory as the Identity Provider (IDP)

Before You Begin

You must have an Azure Active Directory (Azure AD) instance.

Procedure

  1. Sign in to the Azure portal.


  2. In the navigation pane, select Azure Active Directory, and then select Enterprise applications.
    The Enterprise applications – All applications page appears.


  3. Select New application.
    The Add an application section appears.


  4. Select Non-gallery application.
    The Add your own application section appears.


  5. In the Name box, enter a name for the application that you want to configure with Azure AD, and then select Add.
    The page of the added application appears.
  6. In the navigation pane of the application page, select Single sign-on.
    The Select a single sign-on method section appears.


  7. Select SAML.
    The Set up Single Sign-On with SAML section appears.


  8. In the Basic SAML Configuration section, select .
    The Basic SAML Configuration window appears.


  9. Enter the following details.
    Identifier (Entity ID)Enter a unique ID.
    Note: This ID will be used in the saml.config file for the service provider name. Therefore, note the ID.
    Reply URL (Assertion Consumer Service URL)The application callback URL where the response will be posted. Enter https://<app_server>/Meridium/api/core/security/ssologinauth.
    Sign on URL The application URL, which initiates the same sign-on. Enter https://<app_server>/meridium/index.html.
  10. Select Save.
  11. In the SAML Signing Certificate section, select Download corresponding to Certificate (Base 64).
  12. From the Set up <user name>- sso section, note the Login URL and Azure AD Identifier.
    Note: The Login URL and Azure AD Identifier will be used in the saml.config file for SingleSignOnServiceURL and PartnerIdentityProvider name, respectively.
  13. In the application server, copy the downloaded Certificate (Base 64) to C:\Program Files\Meridium\ApplicationServer\api.
  14. Modify the saml.config file as follows:
    • ServiceProvider Name with the value that you entered and noted for the Identifier (Entity ID) box.
    • PartnerIdentityProvider Name with the Azure AD Identifier.
    • SingleSignOnServiceURL with the Login URL.


  15. Add users to the enterprise application by accessing the Users and groups section.
  16. Modify the host page with the IDP URL.