SSO with Azure Active Directory (SAML)
  • 27 Dec 2023
  • 2 Minutes to read
  • Contributors
  • Dark
    Light

SSO with Azure Active Directory (SAML)

  • Dark
    Light

Article summary

⚠︎ SSO is available on particular plans. For details, please confirm this page.

The SSO feature is available as a paid option on Autify.
This page describes how to set up SSO using Azure Active Directory (Azure AD), one of the services that you can integrate with Autify.

Register Autify as an Application with Azure

Register an app with Azure AD

For instructions on how to register an app with Azure AD, please refer to Microsoft's support document, Quickstart: Register an application with the Microsoft identity platform.

Use https://auth.autify.com/login/callback as the redirect URI.

If you have more than one Azure AD directory, ensure that the app is registered in the correct directory.

Create a client secret

For details on how to create a client secret, please refer to Microsoft's support document, Quickstart: Register an application with the Microsoft identity platform - Add credentials.

Take note of the generated string

If you create a secret with an expiration date, be sure to take note of the expiration date. To avoid service disruptions, you will need to update the secret before it expires.

Add permissions

To add permissions, please refer to Microsoft's support document, Quickstart: Configure a client application to access a web API - Add permissions to access your web API.

You need to set permissions for the Microsoft Graph API as follows:

  • Users > Users.Read
  • Directory > Directory.Read.All

Send us the necessary information

Please send the following information to Autify:

  • Azure AD domain
  • Client secret
  • Client ID
  • Domain used by the user when logging in
    • For example, if the email address is (test@autify.com), the domain will be (@autify.com).
  • Login ID
    • By default, the login ID is set to UPN (UserPrincipalName), but it can be changed. If you change it, please let us know the alternative login ID.

Set up SAML authentication with Azure AD as the IdP

Set the Identifier and Reply URL in "Basic SAML Configuration"

We will send you the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL), so please enter them in the "Basic SAML Configuration" section.
If you want to set the Sign on URL, please set it to "https://app.autify.com/users/sign_in".

Send us the sign-in domain name and SAML federation metadata XML

Once you have everything ready, please send the following to Autify:

  • Domain used by the user when logging in
    • For example, if the email address is (test@autify.com), the domain will be (@autify.com).
  • Login ID (email address)
    • By default, the login ID is set to UPN (UserPrincipalName), but it can be changed. If you change it, please let us know the alternative login ID.
  • Federation Metadata XML
    • The metadata XML of the SAML federation

Verify that you can log in

Once the configuration is complete on our end, go to the login page and verify that you can log in.
Enter your email address and click [Continue]. If you log in successfully, the setup is complete.

Notes

  • If you use a logo, please use the following logo.
    logo_Autify_yoko_c_RGB
  • If the setup doesn't work for some reason, we will revert the authentication method back to email and password.

Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.