Setting up SAML based SSO with Azure AD

There are 5 steps for enabling SSO with Azure Active Directory

Prerequisites

An Azure account with an active subscription. Create an account for free.
One of the following roles: Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal.
Completion of the steps in Quickstart: Create and assign a user account.

Go to the Azure Active Directory Admin Center (https://aad.portal.azure.com/) and sign in using one of the roles listed in the prerequisites.
In the left menu, select Enterprise applications. The All applications pane opens and displays a list of the applications in your Azure AD tenant.
Press “New application” , a new panel, “Browse Azure AD gallery” opens,
Press “Create your own application”, a new panel opens,
Enter the name of your app as “Manifestly”, select “Integrate any other application you don’t find in the gallery” from the list of options and press “Create”
Your application is created and you’ll be able to find it in the Enterprise applications page for the next steps

Find and open your application page in the “Enterprise applications” panel.
Find and open “Single sign-on” page from the left menu.
Select SAML as the single sign-on method, a new page to set up SAML options opens, follow the instructions below about each step of the configuration :

(Step 1) Basic SAML Configuration

Press “Edit” button next to “Basic SAML Configuration”, a new page opens,
Add “https://app.manifest.ly/users/saml/metadata” as your “Entity ID”. Make it the default one.
Add “https://app.manifest.ly/users/saml/auth” as the “Reply URL”
Leave the “Sign on URL” field empty
Leave the “Relay State” field empty
Leave “Logout Url” field empty
Press “Save” to save your settings.

(Step 2) Attributes & Claims

Press “Edit” button next to “Attributes & Claims” title
Keep the required claim as is
Remove all “Additional claims” and create 3 new claims by pressing “Add new claim” button and entering details as below. ( statements: [name (Source) – value] ). You can leave “Namespace” field empty.

Press “Save” to finish setting up claims

(Step 3) SAML Signing Certificate

Click on “Download” link next to “Certificate (Base64)” to download your certificate. You’ll need this file later.

(Step 4) Set up your app

Copy “Azure AD Identifier” value, you’ll need this later.
Finally, visit the “Properties” page of your Enterprise App to copy the “User Access Url” value, you’ll need this value later as well.
On the properties page you can also add an icon to your SSO to indicate it is for Manifestly. We recommend using our Checkmark Logo.

Visit your new apps “Users and groups” page to assign users or groups that are allowed to access this application.

In manifestly app, go to “Settings” -> “SSO” -> “Set up SAML Sign On” page
Enter your desired custom sign in page url, your users will use this url to sign in with SSO.
Open the Base64 certificate file you downloaded from azure portal, with a text editor, copy and paste the contents into SAML Cert field.
Copy and paste the “Azure AD Identifier” that you have taken from the previous steps into the “SAML Entity” field.
Copy and paste the “User access URL” that you can find on the SSO admin page into the “SAML URL” field. The URL should start with https://launcher.myapps.microsoft.com/api/signin
Save your settings without setting to active
Navigate to the URL you set in step 2 above and test that you can sign in with SAML SSO
Once the test works, set your SSO setting to active

At this point, all users will be required to use the SSO you have set up through your IdP.

Updated on March 28, 2024