Setting up SAML-based Single Sign-on for Microsoft Azure AD

Modified 5 months ago

Akaash Amalraj

SAML is an acronym that stands for Security Assertion Markup Language (SAML). Its primary function in online security is to allow you to access multiple web applications with a single set of sign in credentials.Before you set up SAML-based SSO for Microsoft Azure Active Directory (Azure AD) in Kissflow, you must generate your mandatory Identity provider (IdP) URL and Security key from your Azure AD account.

Generating IdP URL and Security key in Azure AD

  1. Sign in to your Azure AD account first. Then, navigate to your homepage to create your own application. Provide a name for your application and select Integrate any other application you don't find in the gallery (Non-gallery).

    Now you can create a Single Sign-on method using SAML. Go to Single sign-on > SAML. Copy the Login URL. This Login URL is the Identity provider (IdP) URL in Kissflow. 

  1. Under Single sign-on > SAML Signing Certificate, open the App Federation Metadata Url in a separate tab or window of your browser. Scroll down and find the <X509Certificate> tag. Copy the contents in between the tags. X.509 is an International Telecommunication Union (ITU) standard used in many Internet protocols.  

  1. You can format this X.509 certificate by pasting it here. Once it's formatted, copy the formatted X.509 certificate with the header and paste it here. Choose the sha256 algorithm and click CALCULATE FINGERPRINT. The Formatted FingerPrint is the Security key in Kissflow. 

Configuring SAML based SSO in Kissflow

Now that you’ve generated the Security Key and IdP URL, you can proceed to configure the SAML-based SSO inside your Kissflow account. 

  1. Sign in to Kissflow, then navigate to Account administration > Account settings. Under Account security, click Configure SAML button beside Sign in with SAML.

  1. Paste the copied Login URL from Azure AD inside the IdP URL field and the Formatted FingerPrint in the Security key field. 

  1. The final step is to do the Basic SAML Configuration in your Azure AD account. Paste https://{your_domain} in the Identifier (Entity ID) field, where {your_domain} refers to your Kissflow domain. For accounts whose Kissflow domain is followed by a .eu, paste https://{your_domain} in the Identifier (Entity ID) field. 
    For example, if is your Kissflow domain, then should be pasted in the Identifier (Entity ID) field in Azure AD.

    Similarly, copy the Consumer assertion URL from your Kissflow account and paste it in the Reply URL (Assertion Consumer Service URL) field of your Azure AD account. Save the configuration. 

  1.  Click Save to save your SAML configuration in Kissflow. 

Once the configuration is completed, you can now add users and groups in Azure AD to be authenticated in Kissflow via SAML. 

Did you find the article helpful?

Powered by HelpDocs (opens in a new tab)