Skip to main content

Privacera Documentation

Set up Azure AD SAML-SSO on PrivaceraCloud

This topic describes how to create an Azure AD application and configure SAML within it.

Create Azure AD application

For more information about how to create Azure AD application, see Create an Azure AD application.

Tip

When configuring delegated permissions for application registration, search for and select the following permissions under the Select permissions search box, or you can find these permissions using the right side expand all button:

  • Directory: Directory.Read.All

  • User: User.Read.All

  • Group: Group.Read.All

Configuring SAML in Azure AD

The following steps describe how to configure SAML in Azure AD application:

  1. Log in to Azure portal.

  2. On the left navigation pane, select the Azure Active Directory service.

  3. Navigate to Enterprise Applications and then select All Applications.

  4. To add a new application, select New application.

    Note

    If you have an existing Azure AD SAML Toolkit application, select it, and then go to step 8 to continue with the rest of the configuration.

  5. In the Add from the gallery section, type Azure AD SAML Toolkit in the search box.

  6. Select Azure AD SAML Toolkit from the results panel and then add the app.

  7. On the Azure AD SAML Toolkit application integration page, in the Manage section and select single sign-on.

  8. On the Select a single sign-on method page, select SAML.

  9. Click the pen icon for Basic SAML Configuration to edit the settings.

  10. On the Basic SAML Configuration page, enter the values for the following fields, and then click Save. You can assign a unique name for the Entity ID.

    • Entity ID = privacera-portal

    • Reply URL = https://${APP_HOSTNAME}/SingleSignOnService/receiveResponse

    • Sign-on URL = https://${APP_HOSTNAME}/SingleSignOnService/receiveResponse

  11. Use claim name in the Attributes and Claims section. It should be used when configuring the Privacera SAML application.

  12. In the SAML Signing Certificate section, find Federation Metadata XML and select Download to download the certificate and save it on your virtual machine.

  13. On the Set up Azure AD SAML Toolkit section, copy the Azure AD Identifier URL.

  14. In the Manage section and select Users and groups.

  15. In the Users and groups dialog, select the user or user group who should be allowed to log in with SSO, then click the Select.

You can now connect your IdPs with the PrivaceraCloud account. For more information, see Connect IdP (Okta and Azure AD).