-
Go to portal.azure.com and select the Azure Active Directory service followed by Enterprise applications
-
Create a new enterprise app, name it
amberSearch - Enterprise Application
- Set up Single Sign On. Go to the Single sign-on and then select Saml
-
Input
Identifier (Entity ID)
andReply URL (Assertion Consumer Service URL)
. These values are provided separately by the amberSearch Team. -
Depending on the existing attributes/claims new claims might be needed after consultation with the amberSearch Team. In case of a hybrid setup, where local Active Directory is synchronized with Azure Active Directory add the following claims.
-
Edit the Attributes & Claims area
-
Add new claims
-
Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/distinguishedname and Source attribute user.onpremisesdistinguishedname
-
Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/sid and Source attribute user.onpremisesecurityidentifier
-
- Save
-
-
(Optional) Go to Properties und set Assignment required to No
-
Navigate to Properties and set Assignment required to No.
- This allows all users within your organization to access amberSearch. However, as amberSearch uses a licensing model, this approach is generally not recommended.
- Instead, keep Assignment required set to Yes and create a dedicated group in Azure AD, preferably with a name that clearly identifies it as related to amberSearch.
- Add all users who should have access to amberSearch to this group.
- Go to the amberSearch enterprise application and assign the group under Users and groups.
- Alternative: If your Azure AD license does not support group assignment to enterprise applications, you can manually assign individual users under Users and groups.
-
Navigate to Properties and set Assignment required to No.
- Create an account for testing purposes, e.g ambersearch@customername.com It will be used for verifying the correctness and maintaining the SSO flow. The credentials of this account should be provided to amberSearch Team.
Â
If you need assistance please reach out to us via IT@ambersearch.de
Comments
0 comments
Please sign in to leave a comment.