Configuring SAML in Azure AD
- In your Azure Active Directory (AD), click on Enterprise Applications in the left sidebar.
- Click on New application at the top.
- Click on Create your own application at the top.
- Give the app a name (eg. Estateably) and make sure Integrate any other application you don’t find in the gallery (Non-gallery) is selected. Click on Create at the bottom.
- In the left sidebar, click on Single sign-on, then click on SAML
- Click the Edit button of the Basic SAML Configuration section. In the drawer that opens...
- Replace the current value in the Identifier (Entity ID) input field with `https://app.estateably.com` and select the Default checkbox.
- Paste `https://xxxx.app.estateably.com/api/v1/auth/saml/login` where `xxxx` is your company domain in the Reply URL (Assertion Consumer Service URL) input field and select the Default checkbox.
- Paste the same `https://xxxx.app.estateably.com/api/v1/auth/saml/login` in the Sign on URL input field.
- Click on Save at the top of the drawer, then close the drawer.
- In the SAML Signing Certificate section, download the Certificate (Base64) file, and open that file with a text editor. You’ll need its contents in the next step. Also keep your Azure AD page open for the next step.
- In the Estateably application, go to your organization’s Settings page, then click on Single sign-on in the left sidebar. Fill the form…
- Select the Set up SSO with a Third-party Identity Provider
- In the Identity Provider Name select box, choose Azure AD
- In the Identity Provider Single Sign-On URL (SAML 2.0 Endpoint) input field enter the URL found in the Azure AD page in the Login URL box of the Set up Estateably section.
- In the Identity Provider Issuer (Entity ID) input field enter the URL found in the Azure AD page in the Azure AD Identifier box of the Set up Estateably section.
- In the Identity Provider Certificate, paste the text value of the certificate you downloaded and opened in Step 8.
- Click on Save Changes at the top of the Estateably Settings page.
- Add any users and groups to this app in Azure AD as normal.
Configuring SCIM in Azure AD
- In your Azure Active Directory (AD), if you’ve already created an app for Estateably, click on Provisioning in the left sidebar. If you haven’t created an app, follow steps 1-4 in the Configuring SAML in Azure AD section.
- Click on the Get Started button. In the new window, change the Provisioning Mode to Automatic.
- In the Tenant URL input field, paste `https://xxxx.app.estateably.com/api/v1/scim?aadOptscim062020` where `xxxx` is your company domain (the parameter aadOptscim062020 is to ensure compliance with the SCIM protocol).
- Keep your Azure AD page open and go to the Estateably application in your organization’s Settings page. At the bottom, in the SCIM Configuration section, click on the generate button of the API Key field. Copy the key.
- Back in Azure AD, paste the key copied in Step 4 in the Secret Token input field.
- Click on Test Connection to make sure you don’t get an error message.
- Click on Save at the top of the page.
Please sign in to leave a comment.