Azure-AD

Setting up Azure Active Directory is pretty straight-forward, but it helps to know the exact steps to follow, as configuraing SAML can be a bit daunting.

To add Exivity to your Azure AD applications, follow these steps:

In your Azure portal, go to the Azure Active Directory service:

azure-portal-aad

In the sidebar, click Enterprise applications:

azure-ad-enterprise-applications

Click the New application button:

azure-ad-new-application

Click the Non-gallery application button:

azure-ad-non-gallery-app

Enter a name for the new application (i.e. My Exivity instance) and click the Add button.
Click the Configure single sign-on (required) button:

azure-ad-configure-sso

From the Single Sign-On Mode dropdown list, select SAML-based Sign-on:

azure-ad-sso-mode

Now enter the following details on this page:

Azure AD setting	Use value
Identifier	Exivity Entity ID / Metadata URL endpoint (see endpoints)
Reply URL	Exivity Assertion Consumer Service endpoint (see endpoints)
Show advanced URL settings	Checked
Sign on URL	Optional, you can enter the URL for the Exivity interface here.
Relay State	Leave empty
User Identifier	Select user.mail

The resulting page could look something like this:

azure-ad-sso-config

Click the Configure [your application name] button:

azure-ad-configure-instance

A new pane will open with instructions. Navigate to the Exivity SAML configuration (see configuration) and copy the following options from the pane in your Azure portal:

azure-ad-instance-config

Exivity SAML setting	Use value
Entity ID	SAML Entity ID
SSO URL	SAML Single Sign-On Service URL
SLO URL	Sign-Out URL
X-509 certificate	Download the certificate by clicking the SAML SigningCertificate - Base64 encoded link. Open the `.cer` file with a text editor and remove the text `-----BEGIN CERTIFICATE-----`,`-----END CERTIFICATE-----` and all line breaks so you end up with a single-line base64 encoded string.

The Exivity configuration page could look something like this:

azure-ad-exivity-saml-settings

Now unfold the Advanced menu at the bottom of the screen, and paste the following JSON data:

{
  "security": {
    "wantXMLValidation": false
  }
}

Then in Exivity, click the Update button
And in your Azure Portal, click the Save button:

azure-ad-sso-config-save

As the last step, enable Single Sign-On in Exivity by navigating to Administration > Configuration and then clicking on the System tab. Make sure the Single Sign-On option is set to Enabled, and click the Update button:

azure-ad-exivity-configuration

SSO is now configured and enabled, and you can now use Azure AD to login to your Exivity instance. The login screen will look something like this:

exivity-login-sso

And by clicking on the Login button, you'll be taken to the Azure AD login screen. Exivity will receive the Azure AD e-mail address and create a new user with a minimal set of permissions if no existing user is found.