This article describes how Azure Active Directory can be configured as a SAML based External-Identity provider that can authenticate Software AG Cloud users. Software AG Cloud supports only Service Provider Initiated SSO.
- Log on to Azure as a user with Administrator privileges.
- If your Azure account does not include users or groups, add them.
- Add a Web Security Service as an application and configure it. This example uses the Software AG Cloud gallery application
a. Go to the Azure Active Directory page and click Enterprise Applications.
b. Go to New application and search for Software AG Cloud application and add it to your profile.
c. Click on the Software AG Cloud application and navigate to the Set up single sign-on link.
d. In the Basic SAML Configuration section, complete the fields as shown below. For the Reply URL and Sign on URL values, go to Software AG Cloud, go to the Configuration tab, copy the Software AG Cloud redirect URI, and paste it in the fields.
e. The user attributes in the user attributes & claims section will be configured by default. The namespace for the attributes will be set by default and so the attribute name along with the namespace needs to be mapped in Software AG Cloud.
f. Add an attribute named roles and set it to user.assignedroles.
g. If you want to import the Azure SAML settings into Software AG Cloud instead of entering them manually, go to the SAML Signing Certificate section in Azure Active Directory and either copy the App Federation Metadata URI or save the federation metadata to a file. Then import the metadata using this URL or file in Software AG Cloud.
h. To make users available for authentication, go to the Azure Software AG Cloud application, click Users and Groups, select the users to include in the Add user/group screen and click the Assign button.
You can grant access to all users in a group by assigning a role with the desired access permissions to the group.
You can also create and assign custom roles to this application from the App roles UI. Navigate to App Registrations and select the Software AG Cloud application and create new app roles.
Repeat step 3h to assign the new custom role to users.