Skip to main content

IdP Configuration

Microsoft Entra ID (Azure AD) Configuration

  1. Login to your “Microsoft Azure Portal”.
  2. Select Manage -> “Enterprise Applications” from the left menu.
  3. Click the “New Application” button on the Enterprise Applications page.
  4. Click the “Create your own application” button.
  5. Enter a recognizable application name such as “StartLeft-SSO” and select “Integrate any other application you don’t find in the gallery (Non-gallery)”.
  6. Click the “Create” button.
  7. Select Option 2. “Set up single sign on”
  8. Select “SAML” as a single sign-on method.
  9. Click the “Edit” button in the “Basic SAML Configuration” panel.
  10. Fill in the “Entity ID” and “Assertion Consumer Service URL” fields and click the “Save” button.
Identifier (Entity ID) - the ID of the service provider Reply URL (Assertion Consumer Service URL) - the identity provider must be configured to return the SAML response to the ACS URL: 
https://tauruseer-auth-prod.us.auth0.com/login/callback
Both of these fields can be found in the SLS Platform by navigating to Configure on the left hand menu and selecting SSO settings. SSO
  1. Download the public key certificate in Base64 format and ensure the file extension is saved as .pem

Configure Attributes & Claims

In Entra ID, you must configure the Unique User Identifier (Name ID) value to be set to the user’s email address, in Azure AD this value must be set to user.mail
  • email - set to user.mail
  • first_name - set to user.givenname
  • last_name - set to user.surname
Group claims (Optional) – Set to Groups assigned to the application, the name of the claim should be defined as groups. This may be used in the future to map users belonging to specific groups to SLS platform roles (Admin, Dev, .etc). Claims In the SLS Platform:
  1. Set the Single Sign On URL to the App Federation Metadata Url or Login URL from Entra ID
  2. Set the Domain name to your company’s domain.
  3. Upload to the X590 Certificate.
  4. Click Save SSO Settings.

Testing

Note: You cannot use the Test button feature in the IdP, this only works for IdP initiated logins. You must navigate to the SLS platform login screen and validate for SP initiated logins.