This article goes over how to set up SAML SSO with Microsoft Azure
Step 1. Login to Azure Portal
Login to https://portal.azure.com/.
Navigate to “Azure Active Directory” in Azure Services.
Or create a resource “Azure Active Directory” if you don’t have it.
Step 2. Create new App & Integrate with Creative Force
Navigate to “Enterprise applications”.
In the tab “All applications”, select “New Application”.
Type your unique application name in the search box, make sure that name can not be found in the applications gallery. Click the “Create” and wait for the application to be created.
After the new application is created, navigate to the “Single sign-on” in the application screen.
Configuration SAML to integrate to Creative Force
Set up Single Sign-On with SAML:
Edit default fields with values:
Basic SAML Configuration
Microsoft Azure | Creative Force |
Identifier (Entity ID) | The SP Entity ID |
Reply URL (Assertion Consumer Service URL) | The SP Assertion Consumer Service Url |
Relay State (fill this in if you want to login to CF directly from Microsoft Azure) | Relay State |
Attributes & Claims
Notes: (***) The claim“http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress” needs to be set by your idp email address.
User.userprincipalname (***) | |
user.givenname | |
user.surname |
Step 3. Assign users to the new app
In the application screen, navigate to “Users and groups” and click “Add user/group”.
Click “Users” and select the accounts that you want to assign to the app and click “Select”.
After selecting accounts, click “Assign”.
Set up SCIM
Notes: Currently, Creative Force SCIM is still only supporting UsersController.
The Provisioning on Azure Portal will be provisioned at a regularly scheduled time interval, typically every 40 minutes. More.
Or you can use “Provisioning on-demand” to provision a user into an application in seconds.
Required: Need to create a custom SAML app and set up SSO on Gamma before.
Step 1. Login to Azure Portal and select your app.
Step 2. Set up SCIM
Prepare Creativeforce SCIM token
Login to Gamma
Navigate to “STUDIO SETTINGS” > “SSO SETTINGS”
Copy SCIM BEARER TOKEN
Set up SCIM on Azure Portal
On your SAML app overview screen, click “Provisioning” and edit provisioning properties.
Fill properties in the tab Admin Credentials as below:
Name | Value |
Tenant URL | The SCIM URL |
Secret Token | *Paste the value from step Prepare* |
In the tab Mappings, enable “Provision Azure Active Directory Users”.
Click to “Provision Azure Active Directory Users”
Tick Yes under the label Enabled.
Tick Create, Update, Delete under the label Target Object Actions
Edit/Add Attribute Mappings:
Required SCIM Server Attribute Name | Value |
userName | (*)Make sure that the user email address of Azure Portal is mapped to the userName Attribute of the SCIM Server.
Mapping type: Direct Source attribute: mail (*) Target attribute: userName Match objects using this attribute: Yes
|
active | Mapping type: Expression Expression: Switch([IsSoftDeleted], , "False", "True", "True", "False") Target attribute: active |
Click On under the label Provisioning Status
Save and Start provisioning