SSO with Azure Active Directory (SAML)

Updated on 27 Dec 2023
2 Minutes to read
Contributors

Print
Share
Dark
Light

Article Summary

Share feedback

Thanks for sharing your feedback!

⚠︎ SSO is available on particular plans. For details, please confirm this page.

The SSO feature is available as a paid option on Autify.
This page describes how to set up SSO using Azure Active Directory (Azure AD), one of the services that you can integrate with Autify.

Register Autify as an Application with Azure

Register an app with Azure AD

For instructions on how to register an app with Azure AD, please refer to Microsoft's support document, Quickstart: Register an application with the Microsoft identity platform.

Use https://auth.autify.com/login/callback as the redirect URI.

If you have more than one Azure AD directory, ensure that the app is registered in the correct directory.

Create a client secret

For details on how to create a client secret, please refer to Microsoft's support document, Quickstart: Register an application with the Microsoft identity platform - Add credentials.

Take note of the generated string

If you create a secret with an expiration date, be sure to take note of the expiration date. To avoid service disruptions, you will need to update the secret before it expires.

Add permissions

To add permissions, please refer to Microsoft's support document, Quickstart: Configure a client application to access a web API - Add permissions to access your web API.

You need to set permissions for the Microsoft Graph API as follows:

Users > Users.Read
Directory > Directory.Read.All

Send us the necessary information

Please send the following information to Autify:

Azure AD domain
Client secret
Client ID
Domain used by the user when logging in
- For example, if the email address is (test@autify.com), the domain will be (@autify.com).
Login ID
- By default, the login ID is set to UPN (UserPrincipalName), but it can be changed. If you change it, please let us know the alternative login ID.

Set up SAML authentication with Azure AD as the IdP

Set the Identifier and Reply URL in "Basic SAML Configuration"

We will send you the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL), so please enter them in the "Basic SAML Configuration" section.
If you want to set the Sign on URL, please set it to "https://app.autify.com/users/sign_in".

Send us the sign-in domain name and SAML federation metadata XML

Once you have everything ready, please send the following to Autify:

Domain used by the user when logging in
- For example, if the email address is (test@autify.com), the domain will be (@autify.com).
Login ID (email address)
- By default, the login ID is set to UPN (UserPrincipalName), but it can be changed. If you change it, please let us know the alternative login ID.
Federation Metadata XML
- The metadata XML of the SAML federation

Verify that you can log in

Once the configuration is complete on our end, go to the login page and verify that you can log in.
Enter your email address and click [Continue]. If you log in successfully, the setup is complete.

Notes

If you use a logo, please use the following logo.
If the setup doesn't work for some reason, we will revert the authentication method back to email and password.

Was this article helpful?

What's Next

Sequential Execution

Table of contents

Register Autify as an Application with Azure
Set up SAML authentication with Azure AD as the IdP