All Collections
IT/Security
Single Sign On
Setup on SAML SSO Microsoft Azure
Setup on SAML SSO Microsoft Azure
Ian Mitchell avatar
Written by Ian Mitchell
Updated over a week ago

This article goes over how to set up SAML SSO with Microsoft Azure

Step 1. Login to Azure Portal

  • Login to https://portal.azure.com/.

  • Navigate to “Azure Active Directory” in Azure Services.
    Or create a resource “Azure Active Directory” if you don’t have it.

Step 2. Create new App & Integrate with Creative Force

Navigate to “Enterprise applications”.

In the tab “All applications”, select “New Application”.

Type your unique application name in the search box, make sure that name can not be found in the applications gallery. Click the “Create” and wait for the application to be created.

After the new application is created, navigate to the “Single sign-on” in the application screen.

Configuration SAML to integrate to Creative Force

Set up Single Sign-On with SAML:

  • Edit default fields with values:

Basic SAML Configuration

Identifier (Entity ID)

The SP Entity ID

Reply URL (Assertion Consumer Service URL)

The SP Assertion Consumer Service Url

Attributes & Claims

Notes: (***) The claim“http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress” needs to be set by your idp email address.

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

User.userprincipalname (***)

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

user.givenname

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

user.surname

Step 3. Assign users to the new app

  • In the application screen, navigate to “Users and groups” and click “Add user/group”.

  • Click “Users” and select the accounts that you want to assign to the app and click “Select”.

  • After selecting accounts, click “Assign”.

Set up SCIM

Notes: Currently, Creative Force SCIM is still only supporting UsersController.


The Provisioning on Azure Portal will be provisioned at a regularly scheduled time interval, typically every 40 minutes. More.

Or you can use “Provisioning on-demand to provision a user into an application in seconds.

Required: Need to create a custom SAML app and set up SSO on Gamma before.

Step 1. Login to Azure Portal and select your app.

Step 2. Set up SCIM

Prepare Creativeforce SCIM token

  • Login to Gamma

  • Navigate to “STUDIO SETTINGS” > “SSO SETTINGS

  • Copy SCIM BEARER TOKEN

Set up SCIM on Azure Portal

  • On your SAML app overview screen, click “Provisioning” and edit provisioning properties.

  • Fill properties in the tab Admin Credentials as below:

Name

Value

Tenant URL

The SCIM URL

Secret Token

*Paste the value from step Prepare*

  • In the tab Mappings, enable “Provision Azure Active Directory Users”.

    • Click to “Provision Azure Active Directory Users

    • Tick Yes under the label Enabled.

    • Tick Create, Update, Delete under the label Target Object Actions

    • Edit/Add Attribute Mappings:

Required SCIM Server Attribute Name

Value

userName

(*)Make sure that the user email address of Azure Portal is mapped to the userName Attribute of the SCIM Server.

Mapping type: Direct

Source attribute: mail (*)

Target attribute: userName

Match objects using this attribute: Yes

active

Mapping type: Expression

Expression: Switch([IsSoftDeleted], , "False", "True", "True", "False")

Target attribute: active

  • Click On under the label Provisioning Status

  • Save and Start provisioning

Did this answer your question?