About SAML Single Sign-On in SMACS
Single Sign-On can be setup in SMACS against any Identity Provider (IdP) which supports SAML 2.0.
This guide covers the steps required to setup SAML SSO against Azure.
For an exhaustive list of supported IDP’s, visit SAML-based products and services.
Add SMACS as an Enterprise Application in Azure
Wildcard Certificates are not supported for SSO.
Connect to your Azure Portal.
Search for Enterprise Applications and click the result.
Click on +New Application
Provide a name and select the 3rd option Integrate any other application you don't find in the gallery (Non-gallery)
The Enterprise Application is now added ✔
Configure the Enterprise Application for Single Sign-On
Click on Single Sign-On from the left vertical menu.
Click on the SAML Single Sign-On method.
Click on Upload metadata file
Click on the folder icon and point to the SMACS SP Metadata to upload it.
Once uploaded, a panel with your Basic SAML Configuration will appear on the right hand side which will be populated with values for your Identifier and Reply URL. Click Save.
Once saved, click on the Download link next to Federation Metadata XML
Upload IdP Metadata to SMACS & Enable SSO
Go to your SMACS tenant, acces the SAML Single Sign-On Page from the vertical Admin menu.
Click Import IdP Metadata and point the file you downloaded in the previous step from Azure.
Click on the Enable Single Sign-On toggle.
Modify Attribute & Claims
From the Enterprise Application you added in the previous steps, select Attributes & Claims from the left-hand vertical menu.
Click on the ellipsis to modify the Unique User Identifier (Name ID)
Change the default Name Identifier format and Source Attribute
Name Identifier format should be set to Unspecified
Source Attribute should be set to user.onpremisesamaccountname
Click Save.
Add Users/Groups Requiring Access to SMACS to your Enterprise Application
From the Enterprise Application you added in the previous steps, select Users and groups from the left-hand vertical menu.
Click on + Add user/group
Click on None Selected
A search panel will appear on the right hand side. Use it search for and select the individual users or groups who should be able to log into your SMACS tenant via Single Sign-Onand click Select.
Test Single Sign-On from Azure
Return to the Single Sign-On section of your newly added Enterprise Application and click Test at the bottom of the page.
A panel will appear with testing options on the right hand side of the page, select Sign in as current user option and click Test sign in.
If you completed the previous steps correctly, you will be presented with the SMACS home screen.
SSO Configuration Complete ✔
Once logged in you will have initiated a Single Sign-On session which will give you access to all other applications registered to your IdP server without having to re log-in.