- Print
- DarkLight
SSO with Azure Active Directory (SAML)
The SSO feature is available as a paid option on Autify.
This page describes how to set up SSO using Azure Active Directory (Azure AD), one of the services that you can integrate with Autify.
Register Autify as an Application with Azure
Register an app with Azure AD
For instructions on how to register an app with Azure AD, please refer to Microsoft's support document, Quickstart: Register an application with the Microsoft identity platform.
Use https://auth.autify.com/login/callback
as the redirect URI.
If you have more than one Azure AD directory, ensure that the app is registered in the correct directory.
Create a client secret
For details on how to create a client secret, please refer to Microsoft's support document, Quickstart: Register an application with the Microsoft identity platform - Add credentials.
If you create a secret with an expiration date, be sure to take note of the expiration date. To avoid service disruptions, you will need to update the secret before it expires.
Add permissions
To add permissions, please refer to Microsoft's support document, Quickstart: Configure a client application to access a web API - Add permissions to access your web API.
You need to set permissions for the Microsoft Graph API as follows:
- Users > Users.Read
- Directory > Directory.Read.All
Send us the necessary information
Please send the following information to Autify:
- Azure AD domain
- Client secret
- Client ID
- Domain used by the user when logging in
- For example, if the email address is (test@autify.com), the domain will be (@autify.com).
- Login ID
- By default, the login ID is set to UPN (UserPrincipalName), but it can be changed. If you change it, please let us know the alternative login ID.
Set up SAML authentication with Azure AD as the IdP
Set the Identifier and Reply URL in "Basic SAML Configuration"
We will send you the Identifier (Entity ID)
and Reply URL (Assertion Consumer Service URL)
, so please enter them in the "Basic SAML Configuration" section.
If you want to set the Sign on URL
, please set it to "https://app.autify.com/users/sign_in".
Send us the sign-in domain name and SAML federation metadata XML
Once you have everything ready, please send the following to Autify:
- Domain used by the user when logging in
- For example, if the email address is (test@autify.com), the domain will be (@autify.com).
- Login ID (email address)
- By default, the login ID is set to UPN (UserPrincipalName), but it can be changed. If you change it, please let us know the alternative login ID.
- Federation Metadata XML
- The metadata XML of the SAML federation
Verify that you can log in
Once the configuration is complete on our end, go to the login page and verify that you can log in.
Enter your email address and click [Continue]. If you log in successfully, the setup is complete.
Notes
- If you use a logo, please use the following logo.
- If the setup doesn't work for some reason, we will revert the authentication method back to email and password.