Add the enterprise application in Azure AD SAML SSO for OneList

Prerequisite

The following information from IQX:

• Identifier (Entity ID): https://jbs-tst.onelistapprovals.com

• Reply URL (Assertion Consumer Service URL): https://jbs-tst.onelistapprovals.com/rolemanager/saml-azure
  
  

To add new application in Azure AD

1. Log in to the Azure Portal.

2. In the Azure Services section, choose Azure Active Directory.

3. In the left sidebar, choose Enterprise applications.

4. Choose New application.

5. Click Create your own application

6. Enter a name for your application, as shown in Figure 1. Choose Create.
    

   Open

   

    

It will take few seconds for the application to be created in Azure AD, then you should be redirected to the Overview page for the newly added application.

To set up Single Sign-on using SAML

1. On the Getting started page, in the Set up single sign on tile, choose Get started, as shown in Figure 2.
    

   Open

   

    

2. On the next screen, select SAML.

3. In the middle pane under Set up Single Sign-On with SAML, in the Basic SAML Configuration section, choose the edit icon.

4. In the right pane under Basic SAML Configuration, replace the default Identifier ID (Entity ID) with the Identifier (Entity ID) received from IQX. In the Reply URL (Assertion Consumer Service URL) field, enter the Reply URL received from IQX, as shown in Figure 3. Choose Save.
   
   

   
    

5. In the middle pane under Set up Single Sign-On with SAML, in the Attributes & Claims section, choose Edit.

6. Click the Unique User Identifier (Name ID) claim to open the Manage Claim page. Select the Default in the Name identifier format field, select user.objectid in the Source attribute, as shown in Figure 4. Choose Save.

7. Select the additional claims:

   1. http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

   2. http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

   3. http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
      
      

8. Close the Attributes & Claims page to go back to the SAML-based Sign-on page.

9. Scroll down to the SAML Signing Certificate section and copy the App Federation Metadata Url, as shown in Figure 5.

10. Send the App Federation Metadata Url to IQX to complete the configuration.

11. Select the Properties on the left panel and enable or disable the user assignment required option, as shown in Figure 6

12. If the user assignment required option is enabled, select the Users and groups on the left panel and specify the users and groups. Note: only the users directly assigned or are members of the user groups can sign in with this application.