All Collections
Integrations
Microsoft Azure Configuration
Microsoft Azure Configuration
Stephen Krzeminski avatar
Written by Stephen Krzeminski
Updated over a week ago

Microsoft Azure with SAML Configuration

Please Note: If you are planning to use this integration with a custom domain, make sure your SSL certificate is valid.

Click here to view the list of supported SAML claims.

Click here to view our help article on our Azure AD IAM integration.

Connect to the Microsoft Azure Active Directory website as an Administrator.

Select Enterprise applications then All applications. Next, click New application and choose Non-gallery application.

Give your application a name, such as SkyPrep, and press Add. An application window will open, then click on Single Sign-on in the left sidebar and select SAML.

In the SAML configuration page, you will need to provide the Identifier (Entity ID), as well as the Reply URL (Assertion Customer Service URL).

For the Identifier, you can use any text you want. Save this for later because it will also need to be entered in SkyPrep to finish the SAML configuration.

For the Reply URL, use:

https://[mycompany].skyprepapp.com/saml/consume

Replace [mycompany] with the name of your platform.

If you have a custom domain app active and configured, please use the custom domain instead of the skyprepapp URL, for example:

https://[mycompany]/saml/consume

Replace [mycompany] with your custom domain name.

Next, save the information and close the window using the X in the upper-right. If prompted to test the Single sign-on, click No, I’ll test later.

In the Setup Single Sign-On with SAML – Preview page, go to the SAML Signing Certificate block and download the Federation Metadata XML.

Once finished, head over to your SkyPrep platform. In the System Configuration area, scroll to the bottom of the Settings tab and click the Manage SAML Settings button.

Make sure the setting is Enabled and toggle the applicable checkboxes:

  • Automatically Create / Add Users: Enabled just in time creation. If a user attempts to sign in without an account, one will be created for them using the information passed in via SSO.

  • Automatically Add Users to Existing Groups: If you decide to pass in the User.GroupList or User.Department SAML attributes, users will be enrolled into the Groups that match what they have in the respective fields. Separate multiples with a comma.

  • Automatically Create Groups: If the above is enabled and no group matching the user's entry is found, one will be created.

  • Remove Users from Groups They Are No Longer Part Of: If a user was originally enrolled in a SkyPrep group via Azure, they will be unenrolled once the group has been removed from their Azure profile.

Next, take the idP Metadata you downloaded from Azure and paste the text into the idP Metadata (XML) field in SkyPrep. Below, you can enter the names of the Groups that all users should be enrolled into, separated with commas.

Next, enter the SP Issuer Name. Please note that the SP Issuer Name in SkyPrep needs to match the Identifier (Entity ID) value in Azure.

Enter the SP Login URL next and enter:

https://[mycompany].skyprepapp.com/saml/init

Replace [mycompany] with your custom domain name.

The Sign-in Page Flow determines what happens when a user tries to access your platform's URL:

  • None: The default login page with no SSO functionality.

  • Create Link to SP Login URL: Adds a button to sign in with SSO on the login page.

  • Auto-Redirect to SP Login URL: Redirects users from the login page to sign in with SSO.

Lastly, you can opt to enter an email address where debug emails will be sent to.

Did this answer your question?