Azure-AD

Setting up Azure Active Directory is pretty straight-forward, but it helps to know the exact steps to follow, as configuraing SAML can be a bit daunting.

To add Exivity to your Azure AD applications, follow these steps:

  • In your Azure portal, go to the Azure Active Directory service:

azure-portal-aad
  • In the sidebar, click Enterprise applications:

azure-ad-enterprise-applications
  • Click the New application button:

azure-ad-new-application
  • Click the Non-gallery application button:

azure-ad-non-gallery-app
  • Enter a name for the new application (i.e. My Exivity instance) and click the Add button.

  • Click the Configure single sign-on (required) button:

azure-ad-configure-sso
  • From the Single Sign-On Mode dropdown list, select SAML-based Sign-on:

azure-ad-sso-mode
  • Now enter the following details on this page:

Azure AD setting

Use value

Identifier

Exivity Entity ID / Metadata URL endpoint (see endpoints)

Reply URL

Exivity Assertion Consumer Service endpoint (see endpoints)

Show advanced URL settings

Checked

Sign on URL

Optional, you can enter the URL for the Exivity interface here.

Relay State

Leave empty

User Identifier

Select user.mail

The resulting page could look something like this:

azure-ad-sso-config
  • Click the Configure [your application name] button:

azure-ad-configure-instance
  • A new pane will open with instructions. Navigate to the Exivity SAML configuration (see configuration) and copy the following options from the pane in your Azure portal:

azure-ad-instance-config

Exivity SAML setting

Use value

Entity ID

SAML Entity ID

SSO URL

SAML Single Sign-On Service URL

SLO URL

Sign-Out URL

X-509 certificate

Download the certificate by clicking the SAML Signing Certificate - Base64 encoded link. Open the .cer file with a text editor and remove the text -----BEGIN CERTIFICATE-----, -----END CERTIFICATE----- and all line breaks so you end up with a single-line base64 encoded string.

The Exivity configuration page could look something like this:

azure-ad-exivity-saml-settings
  • Now unfold the Advanced menu at the bottom of the screen, and paste the following JSON data:

{
"security": {
"wantXMLValidation": false
}
}
  • Then in Exivity, click the Update button

  • And in your Azure Portal, click the Save button:

azure-ad-sso-config-save
  • As the last step, enable Single Sign-On in Exivity by navigating to Administration > Configuration and then clicking on the System tab. Make sure the Single Sign-On option is set to Enabled, and click the Update button:

azure-ad-exivity-configuration

SSO is now configured and enabled, and you can now use Azure AD to login to your Exivity instance. The login screen will look something like this:

exivity-login-sso

And by clicking on the Login button, you'll be taken to the Azure AD login screen. Exivity will receive the Azure AD e-mail address and create a new user with a minimal set of permissions if no existing user is found.