DOCUMENTATION PORTAL
senior X Platform
Note: This page was translated using automation resources with the purpose of providing content in your language more quickly. Consequently, it may have grammatical errors and similar situations. If the content is not useful in this state, in the page footer you can access the original material in Brazilian Portuguese and also give us opinions on this translation.
senior X Platform - User Manual> Definitions> Authentication> SAML> Integration with Azure Active Directory

Integration with Azure Active Directory

Azure Active Directory uses the SAML protocol, which is an open protocol for authentication and authorization between two parties: the Identity Provider and the Service Provider. To configure the platform integration with an ADFS/SAML login, contact the customer's own IT administrator to request the Azure Active Directory activation.

What you can do:

ClosedCreate a new application

With the service activated, go to Business Applications > New application. Select the Nonexistent application option in the gallery and enter a name for the application, for example wso2, and click on Add.

ClosedConfigure the SSO
  1. Access the created application and click on the Configure single sign-in option;
  2. In Basic SAML Configuration, enter the following properties:
    • Identifier (Entity ID): wso2 (same value used in the configuration of the Id tenant of the Service Provider entity);
    • Response URL (Service URL of the Claim Consumer): https://platform.senior.com.br:9443/commonauth.
  3. In User Attributes and Declarations, click on the edit icon, and select the Unique User Identifier (Name ID) attribute to return only the user (no domain).
  4. In the Source field, change the option toTransformation and click on the Edit icon. Select transformation Extract() / Before match, and enter Parameter 1 (Input) as user.userprincipalname and value @.

Note

It is important to save the Login URL, Azure AD Identifier, and Logout URL information to configure the tenant on senior X Platform.

ClosedConfigure Tenant
  1. Go to Technology > Administration > Tenant Management > Configure;
  2. Select the desired tenant and click on Configure;
  3. In the Authentication tab, select the SAML authentication option and make the following adjustments in the SAML Settings section:
    • SAML request redirect URL: https://platform.senior.com.br:9443/auth/LoginWithCodeServlet;
    • Identity Provider entity ID: Azure AD identifier (e.g. https://sts.windows.net/a5a8c8ff-1089-4b1e-85c7-629d9c7f50ba/);
    • Service Provider entity ID: Identifier (Entity ID) configured in Azure (ex: wso2);
    • URL to log in: Login URL provided by Azure. (ex: https://login.microsoftonline.com/a5a8c8ff-1089-4b1e-85c7-629d9c7f50ba/saml2);
    • URL to log out: Logout URL provided by Azure. (ex: https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0);
    • Claim that defines the user's username: the URI of the username claim returned by SAML, the same one configured in Azure. (e.g. http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name);
    • Claim that defines the user's email: the URI of the email claim returned by SAML, the same one configured in Azure. (e.g. http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress)
    • ;Claim that defines the user name: the URI of the username claim returned by SAML, the same one configured in Azure. (e.g. http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname)
    • ;Role that will be defined for new users: which initial role will be defined for users the first time they log in using the SAML/ADFS integration, even if configured on the ADFS server.
ClosedWSO2 API Manager Configuration (Senior)

This configuration is done by default, being only necessary when an error occurs with the Callback URL, only Senior can change this information.

  1. Access the WSO2 Tenant store at https://[domain]:[port]/store/?tenant=[tenantdomain] (example: *https://platoform.senior.com.br:39443/store/?tenant=saml.com*);
  2. Log in with the tenant administrator user;
  3. Select My Applications and verify the defined application;
  4. Set the value of the Callback URL property to https://[domain]:[port]/auth/LoginWithCodeServlet (e.g. *https://platform.senior.com.br:39443/auth/LoginWithCodeServlet*).

Did this article help you?

Knowledge base

Legal Requirements Portal

Documentation in other languages:

English

Spanish

seniorX Store

corporate University

Product Forum

Work with us

Blog

All copy rights reserved to Senior Sistemas SA

Unauthorized reproduction of this publication, in whole or in part, constitutes copyright infringement (Law 9,610/98).

Open topic with navigation