How can we help you?

Pre-Configuration of SAML Single Sign-On (SSO) within Azure Active Directory for a Non-Gallery Application (enableHR)

Follow

This article details the steps that need to be taken within Azure Active Directory before attempting to configure SAML 2.0 SSO setup with enableHR and Azure Active Directory serving as the Identity Provider.

These instructions illustrate how to configure Microsoft Azure Active Directory (AD) as the IdP for enableHR. Please refer to the Azure documentation for additional information about the steps in the Azure portal.

Please Note: Configuring and installing Azure Active Directory is beyond the scope of this guide.

Additionally, this guide is for setting up Azure Active Directory as "Authentication Only" mode in enableHR.

Pre-requisites

Please ensure that you have the following before you start configuring Azure AD as the IdP:

  • a Premium Azure Active Directory subscription (Premium P1 is the minimum level at which SAML SSO becomes available with non-gallery applications);

  • An Existing instance of Azure Active Directory.

Steps

Adding enableHR as a Non-Gallery Application

1.  In the Azure portal, on the left navigation pane, click "Azure Active Directory".

1Dashboard_-_Microsoft_Azure.png
2. Click "Enterprise applications".

Dashboard_-_Microsoft_Azure.png
3. Click "New application".

Enterprise_applications_-_Microsoft_Azure.png
4. Click Non-gallery application in the Add an application window.

2Add_an_application_-_Microsoft_Azure.png

5.  Type "enableHR".

3Add_your_own_application_-_Microsoft_Azure.png6.  Click "Add".

Configuring SAML SSO in Azure To configure SAML SSO in Azure:

1. In the Azure portal, on the left navigation pane, click "Azure Active Directory".

1Dashboard_-_Microsoft_Azure.png

2. Click "Enterprise applications".

Dashboard_-_Microsoft_Azure.png


3.  Click the "enableHR" application you added in step 5 above.

4.  Click "Single sign-on".

5Dashboard_-_Microsoft_Azure.png 

5.  For "Single Sign-on Mode", choose "SAML-based Sign-on".

For the field "Identifier (Entity ID)" use https://www.enablehr.com.au/app/saml

For the field "Reply URL (Assertion Consumer Service URL" use https://www.enablehr.com.au/app/saml

User Attributes - for "User Identifier", select "user.mail".

Select the checkbox "View and edit all other attributes"

Enter the following values and then click "Save".

 Please note: The name of the attribute MUST be exactly as shown below (spaces included). It will cause issues if there are any deviations to the name.

NAME

VALUE

Email / User ID

user.mail

Name ID

user.mail

First Name

user.givenname

Last Name

user.surname

 

Please see below for a visual reference of how the screen should look like.

15Single_sign-on_-_Microsoft_Azure.png

6.  Download the Metadata XML file as you will need the contents of this XML in the enableHR settings.

16Single_sign-on_-_Microsoft_Azure.png

 

After the Metadata XML is downloaded, it needs to be made available to enableHR staff so that we can continue with the rest of the set up on our side.

Additionally, you will need to send enableHR your User Access URL. You can find your User Access URL in the "Enterprise Application" -> "Properties" section (Please see screenshot below)

Properties_-_Microsoft_Azure.png

Once SAML SSO has been configured, we will test the login by getting you to try to login from Azure AD.

Have more questions? Submit a request

Comments

Powered by Zendesk