Setting Up SSO-SSL with the Aisera Admin UI and Azure AD (Microsoft Entra ID) Portal

This topic contains the following sections:

Create SAML SSO on app using the Azure AD portal

  1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.

  2. From the left navigation pane, select the Microsoft Entra ID service.

  3. Navigate to Enterprise Applications and then select All Applications.

  4. To add a new application, select “New application”.

  1. Find and select Microsoft Entra SAML Toolkit

  1. Name the application and select Create.

Configure SAML SSO app on the Azure AD portal

Follow these steps to enable Azure AD SSO in the Azure portal.

  1. In the Azure portal, on the application integration page, find the Manage section and select single sign-on.

  2. On the Select a single sign-on method page, select SAML.

  1. On the Set up single sign-on with SAML page, click the pencil icon for Basic SAML Configuration to edit the settings.

  1. Set the following values:

Name

Description

Identifier (Entity ID)

This should be cluster specific vanity of the tenant.

Example Admin UI : https://acme.login.aisera.cloud/

Reply URL (Assertion Consumer Service URL)

This is tenant vanity url + /aisera/ssoLoginCallback

Example Admin UI: https://acme.login.aisera.cloud/aisera/ssoLoginCallback

Default RelayState

The default relay state is used to access the Admin UI from the Idp portal.

Admin UI: The vanity urlExample Admin UI: https://acme.login.aisera.cloud

Primary attributes

The user email address should be returned as the primary attribute

Secondary attributes

The full name of the user should be returned as a value of the key name

The following screenshot is an example of a Basic SAML configuration:

Copy or download values from the Active Directory

  • Certificate (Base64)

  • Login URL

  • Logout Url

Configure SSO Authentication in the Aisera Admin UI

  1. In the Aisera Admin UI, navigate to Settings > Configuration > Authentication > Select SSO Authentication

  2. Add the following values:

Login URL

Use the value provided by customer.

Logout URL

Set it up if customer has provided this information

Issuer

Use the same value you provided to the customer as Entity ID; see above

Skip Compression

If checked then the SAML request from the service provider will not be compressed. Normally this should be unchecked, but it is needed to be checked for some versions of Microsoft AD SSO.

If AD is used and you get an invalid request error then you can try to check this box.

x509 certificate

Copy and paste content of certificate here.

Admin UI only extra fields

Separate Window

Normally this should be unchecked. It should be checked only if the Idp is configured to support only HTTP Redirect and not HTTP POST

PreviousSetting Up SSO AuthenticationNextInventory Transparency

Last updated