Setting up Single Sign-On with Azure Active Directory
To set up SSO authentication using Azure Active Directory:
- Create and set up an application in Azure Active Directory.
- Go to https://portal.azure.com/ and log in to your Microsoft Azure account.
- Go to the Azure Active Directory > Enterprise applications section.
- In the Add an application window, go to the Non-gallery application section and specify a name for the new application. If several tenants are used, a separate application should be created for each.
- Go to the Users and groups section and add all required users. Give them the User role.
- Go to the Single sign-on subsection and select SAML.
- Edit the Basic SAML Configuration section as follows:
Note: The URLs should be specified in the following format: https://<cloud-host-name>/FlexiCapture12/Login/<TenantName>/AccessToken/Saml, where <cloud-host-name> is the host name of the SaaS URL of your processing location and <TenantName> is the name of your tenant in FlexiCapture Cloud.
Leave the rest of the fields blank.
- In the SAML Signing Certificate section, download your public certificate in Base64 format by clicking the link next to Certificate (Base64) .
- From the Login URL field in the Set up [application name] section, copy the URL for accessing the server of the external identity provider.
- Provide the following information to cloud support or the account manager :
a. The URL of your FlexiCapture Cloud region and your tenant name
b. The public key certificate
c. The login URL
d. The image for the new Log in with… button (images in *.svg, *.jpg, and *.png formats are supported)
e. The name of the external identity for the Log in with… button
Once the setup has been completed by cloud support, an additional login button will appear on your login page: Log in with [IdP Name].
Note: For more technical details about SAML authentication requests and responses that Azure Active Directory supports for Single Sign-On, please refer to this article on Microsoft.com.