Azure Active Directory (Azure AD) is Microsoft's identity and access management service that allows seamless access to various applications with a single set of credentials.
To start Insightful Single Sign-On [SSO] setup, an Azure admin needs to add an organization (application) inside Azure Active directory.
Azure admin needs to add their own email inside the newly added organization. It is important to do this before they start configuring SSO protocols through WP.
Azure admin needs to add users to a particular Enterprise application they configured inside Azure, so that the users will be able to log in to their account inside that particular organization.
Important note: When adding a new user on Microsoft Azure, please be careful to add First Name and Last name because this is necessary for successful using of Enterprise SSO login on Insightful application.
Steps-by-step Instructions
In Microsoft Azure:
On the Home page, click on Manage Active Azure Directory
2. On the left side menu, select Enterprise applications
3. Click on New application and after that on Create your own application and finish this process depending on your needs.
4. Select the created application and click on Set up single sign on, then select SAML option
5. Click on Edit button on Basic SAML configuration and enter the following information:
Identifier(Entity ID) - https://app.insightful.io
Reply URL(Assertion Consumer Service URL): https://app.insightful.io/api/v1/sso-public/saml/assertion
Leave Relay state blank until you get in after completing the first step on Insightful Security and Identity page.
6. Click on Edit button on User Attributes and Claims and enter the following information:
Name | Source attribute |
user.userprincipalname | |
firstName | user.givenname |
lastName | user.surname |
id | user.objectid |
7. Go to Insightful → Security and Identity page → click on Configure SAML and enter the following information from Azure:
Copy Login URL value and paste it in Login URL field on Insightful.
Copy Azure AD Identifier and paste it in Issuer ID field on Insightful.
8. Download SAML Signing Certificate and upload it to Identity Provider Certificate field in Insightful:
9. Click on the Next Step button.
10. Copy Default relay state value and paste it on Azure (5 step).
11. Disable Enable encryption switch track and click on Next step button.
12. Click on Verify SAML button.
13. Enter Microsoft Azure credentials.
14. Click on Yes, Link account button.
15. Enter the 6 digit code which is sent to email and click on the Verify button.
16. SSO SAML configuration is configured and verified.
How to access Insightful directly from a browser
“This is the link your users may use to access this application directly from their browser URL bars. By navigating to this link, users will be automatically signed into the application without having to go to My Apps first.“
On your Enterprise application on Azure, click on Properties tab.
Copy User access URL.
That’s it!