1. Documentation
  2. Account Management

Configuring Azure Active Directory for SSO

SSO is an Enterprise-only feature. To configure SSO, you MUST contact your Osano Support Representative

  1. Log in to your Azure dashboard as an administrator. 
  2. Navigate to the Azure Active Directory dashboard. Remember to share your authentication domain, in the case below ***.onmicrosoft.com, with Osano.
  3. Navigate to "Enterprise applications".
  4. Click the "Create your own application" button.
  5. Fill in an application name, such as "Osano" and click the "Create" button.
  6. Assign users and or groups to your application, then move on to "Set up single sign on".
  7. Select SAML for your single sign-on method.
  8. Configure your SAML SSO with the following fields:
    1. Identifier (Entity ID)
      urn:amazon:cognito:sp:us-east-1_7GtagkRKw
    2. Reply URL (make sure to replace the [YOUR-CUSTOMER-ID-GOES-HERE] with your unique Osano customer identifier)
      https://auth.osano.com/authorize?response_type=code&identity_provider=[YOUR-CUSTOMER-ID-GOES-HERE]&client_id=7di7d8bnbp79rvmktl6o9g79bc&redirect_uri=https://my.osano.com/oauth/response
  9. In the "Attributes and Claims" section, check that claims with the following names exist:
    1. https://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    2. https://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress 
    3. Each of the above can be given a value of:
      user.userprincipalname
  10. Download your SAML metadata XML file and send to Osano.
    Azure AD SAML metadata download-1