Skip to main content
Sign in
Deutsch

🔓Set Up SSO (Single Sign On) with Microsoft through Saml

Support amberSearch
  • Updated

  1. Go to portal.azure.com and select the Azure Active Directory service followed by Enterprise applications

    azure_enterprise_applications.png

  2. Create a new enterprise app, name it amberSearch - Enterprise Applicationazure_enterprise_app_create.png

  3. Set up Single Sign On. Go to the Single sign-on and then select Samlazure_single_sign_on_initial_step.png

  4. Input Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL). These values are provided separately by the amberSearch Team.azure_sso_configuration.png

  5. Depending on the existing attributes/claims new claims might be needed after consultation with the amberSearch Team. In case of a hybrid setup, where local Active Directory is synchronized with Azure Active Directory add the following claims.

    1. Edit the Attributes & Claims area

    2. Add new claims

      1. Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/distinguishedname and Source attribute user.onpremisesdistinguishedname

      2. Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/sid and Source attribute user.onpremisesecurityidentifier

    3. Save
  6. (Optional) Go to Properties und set Assignment required to No
    • Navigate to Properties and set Assignment required to No.
      • This allows all users within your organization to access amberSearch. However, as amberSearch uses a licensing model, this approach is generally not recommended.
    • Instead, keep Assignment required set to Yes and create a dedicated group in Azure AD, preferably with a name that clearly identifies it as related to amberSearch.
    • Add all users who should have access to amberSearch to this group.
    • Go to the amberSearch enterprise application and assign the group under Users and groups.
    • Alternative: If your Azure AD license does not support group assignment to enterprise applications, you can manually assign individual users under Users and groups.
  7. Create an account for testing purposes, e.g ambersearch@customername.com It will be used for verifying the correctness and maintaining the SSO flow. The credentials of this account should be provided to amberSearch Team.

 

If you need assistance please reach out to us via IT@ambersearch.de

Related to

Related articles

Comments

0 comments

Please sign in to leave a comment.