Search…
Azure-AD
Setting up Azure Active Directory is pretty straight-forward, but it helps to know the exact steps to follow, as configuraing SAML can be a bit daunting.
To add Exivity to your Azure AD applications, follow these steps:
    In your Azure portal, go to the Azure Active Directory service:
azure-portal-aad
    In the sidebar, click Enterprise applications:
azure-ad-enterprise-applications
    Click the New application button:
azure-ad-new-application
    Click the Non-gallery application button:
azure-ad-non-gallery-app
    Enter a name for the new application (i.e. My Exivity instance) and click the Add button.
    Click the Configure single sign-on (required) button:
azure-ad-configure-sso
    From the Single Sign-On Mode dropdown list, select SAML-based Sign-on:
azure-ad-sso-mode
    Now enter the following details on this page:
Azure AD setting
Use value
Identifier
Exivity Entity ID / Metadata URL endpoint (see endpoints)
Reply URL
Exivity Assertion Consumer Service endpoint (see endpoints)
Show advanced URL settings
Checked
Sign on URL
Optional, you can enter the URL for the Exivity interface here.
Relay State
Leave empty
User Identifier
Select user.mail
The resulting page could look something like this:
azure-ad-sso-config
    Click the Configure [your application name] button:
azure-ad-configure-instance
    A new pane will open with instructions. Navigate to the Exivity SAML configuration (see configuration) and copy the following options from the pane in your Azure portal:
azure-ad-instance-config
Exivity SAML setting
Use value
Entity ID
SAML Entity ID
SSO URL
SAML Single Sign-On Service URL
SLO URL
Sign-Out URL
X-509 certificate
Download the certificate by clicking the SAML Signing Certificate - Base64 encoded link. Open the .cer file with a text editor and remove the text -----BEGIN CERTIFICATE-----, -----END CERTIFICATE----- and all line breaks so you end up with a single-line base64 encoded string.
The Exivity configuration page could look something like this:
azure-ad-exivity-saml-settings
    Now unfold the Advanced menu at the bottom of the screen, and paste the following JSON data:
1
{
2
"security": {
3
"wantXMLValidation": false
4
}
5
}
Copied!
    Then in Exivity, click the Update button
    And in your Azure Portal, click the Save button:
azure-ad-sso-config-save
    As the last step, enable Single Sign-On in Exivity by navigating to Administration > Configuration and then clicking on the System tab. Make sure the Single Sign-On option is set to Enabled, and click the Update button:
azure-ad-exivity-configuration
SSO is now configured and enabled, and you can now use Azure AD to login to your Exivity instance. The login screen will look something like this:
exivity-login-sso
And by clicking on the Login button, you'll be taken to the Azure AD login screen. Exivity will receive the Azure AD e-mail address and create a new user with a minimal set of permissions if no existing user is found.
Last modified 2yr ago
Export as PDF
Copy link