Azure

Azure AD – Add An Enterprise Utility, Configure SAML SSO And Automate Consumer Provisioning

We will use the Azure Lively Listing Admin Middle so as to add an enterprise software to your Azure Lively Listing (Azure AD) tenant. Azure AD has a gallery that comprises 1000’s of enterprise functions which have been pre-integrated. Lots of the functions your group makes use of are in all probability already within the gallery. With simply few clicks we will add them to your tenant.

As an administrator this makes our job simpler when consumer enters or leaves a corporation, we have now a single id for all of the functions our workforce will use and handle them from AAD portal itself.

On this information, we are going to see the right way to add software (DropBox for Enterprise), SAML Single Signal-On integration with the app and automating the consumer provisioning to the applying. We will use different authentication strategies comparable to OAuth, OpenID as nicely.

Earlier than that allow’s perceive the fundamentals about SAML shortly!

It’s an open commonplace protocol used for exchanging authentication and authorization between id supplier (IdP) and repair supplier (SP)

In our case,

IdP = Azure AD

SP = Dropbox

Add an enterprise software

Step 1

Go to AAD portal and click on on Azure Lively ListingàEnterprise Functions à “+ New App”

Step 2

Seek for Dropbox and click on Create

We will rename the app as nicely. Within the properties we will see computerized provisioning is supported in addition to SAML SSO which makes it good for our case.

Step 3

Inside few seconds the applying will seem below All Functions Part.

Step 4

You possibly can assign this to customers/teams. Let’s assign one consumer, the identical consumer whom I will probably be utilizing as Admin for creating DropBox for Enterprise trial

Step 5

Now we are going to create a trial in DropBox for whom we assigned the applying in Azure AD.

Consumer will obtain an electronic mail for verification. Click on on it to confirm.

Step 6

As soon as verified you’ll be requested to do some fundamental settings like Workforce Identify and so forth, after which you’ll land on the under web page.

Azure AD - Add an enterprise application, Configure SAML SSO and Automate User Provisioning

Discover that you’ll discover Admin Console the place we are going to discover the settings for SSO.

Step 7

You’ll be redirected to the Admin console. Click on SettingsàSingle Signal-on

Step 8

Copy the SSO sign-in URL. Paste this in a notepad, you’ll need this later in AAD portal.

This would be the touchdown web page as soon as SSO is verified.

Step 9

Now click on Overview and choose single signal on and choose SAML within the subsequent dialog field

Step 10

There will probably be numbering on the Steps as you’ll be able to see under. Click on edit on Step 1

Step 11

We’ll fill Signal on URL, Entity ID and Reply URL as they’re necessary fields

Entity ID will probably be populated mechanically. If not, we are going to fill the under URL.

Scroll down to seek out Signal on URL and paste the hyperlink which we copied from Dropbox Admin Console from Step 8

Click on on Reply URL and paste the under URL within the field. Reply URL is the one which the IdP – Azure AD ship response through UserBrowser

Step 12

As Step 2 of the set-up, we are going to point out the anchoring attributes which will probably be used to establish consumer and map them. We will restrict these attributes and resolve which knowledge might be shared with service supplier.

Step 13

Obtain the certificates, XML file supplies Metadata that can have particulars to ascertain the belief between the 2 events and confirm the authenticity of the SAML response. Metadata included are SAML Model, Assertion Shopper service URL (Reply URL in AAD), Issuer ID (Entity ID), and so forth.

We should add this in Dropbox Admin middle.

Step 14

These Login URL and Logout URL are utilized in Dropbox Admin middle, and this would be the URL when consumer tries to log in and log off respectively.

In any other case, the consumer will keep signed to even when not utilizing Dropbox and won’t be logged out.

Step 15

Now go to the Dropbox Admin Middle and add the downloaded certificates.

Paste the Login and Logout URL within the under field respectively.

Step 16

On this step, choose the dropdown and change the SSO as elective or required. I’ll select required.

Step 17

Now let’s go to workplace.com and register because the consumer for whom we assigned Dropbox. Once we click on on it, we will probably be taken to this web page.

Once we click on Proceed, we will probably be taken to the Dropbox web page. If you happen to come throughout any challenges, revisit the necessary hyperlinks which have been pasted and take a look at with the accurately assigned customers or submit a remark right here for help!

Step 18

Now to reveal Auto-provisioning we are going to assign another consumer (myself).

From Overview pane on proper facet, choose Provisioning and choose Get began

Step 19

Within the mode, we are going to choose Automated and click on Authorize to attach the 2 companies through the admin account.

We will probably be redirected to API request web page and click on Enable

Be aware: Make sure you use portal.azure.com to Authorize the connection

Step 20

We’ll depart the Mappings settings to default. Right here you’ll be able to outline the scope of customers to assign or all of the customers and the attributes to id with.

Step 21

Click on on Begin Provisioning

Step 22

After it’s accomplished, we are going to discover that from the Dropbox Admin Portal, a brand new invite has been despatched out.

Step 23

Checking within the inbox (in my case, Junk folder) we discover the invite hyperlink to hitch the group.

Azure AD - Add an enterprise application, Configure SAML SSO and Automate User Provisioning

Click on on it to enroll and it’s finished.

You possibly can view the logs for provisioning from provisioning tab, as soon as it’s accomplished to verify for any anomalies.

Reference

Show More

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button