Azure AD - SAML SSO
Azure AD can be used to manage Single Sign on Permissions with Spoke. For more information on SAML SSO, check out our overview.
To add Spoke to Azure, you will need to be an administrator on both Azure and Spoke.
Adding a new application
Begin by navigating to Enterprise Applications, then choose New Application
Under Add your own app, choose Non-gallery application
Name the application you’re adding (Spoke)then press Add. This will push you onto the App overview page for Spoke.
Assign the app to yourself to test the connection. From the app overview screen, choose Users and groups.
On the Users and groups page choose + Add User.
Assign yourself the application for testing. Once you have assigned yourself the app, navigate back to Single Sign-on
From the left bar, choose Single Sign-on.
For Single Sign-on type choose SAML
Azure Step 1 - Basic SAML Configuration
Choose the Pencil icon next to step 1 to edit the ACS URL and the Entity ID
In another window, Log into your Spoke account.
Navigate to Settings then choose the SSO menu. Scroll to the bottom of the page, and copy the ACS URL.
In Azure, these will be pasted into the “Assertion consumer service URL” field in Step 1.
Press Save then choose the X in the top right of the SAML Configuration pane to return to the app overview screen.
Step 2 - User Claims
Choose the pencil icon to update the user claims and mappings.
Azure uses the field “Unique User Identifier” - This claim needs to be mapped to “User.mail” To Edit this, click on the name identifier field, and choose user.mail from the dropdown. Press Save when you’re finished.
Use the X in the top right of the User Claims pane to return to the overview page.
Step 3 - SAML Certificate
Download the Base64 Certificate onto your computer. Open the file using TextEdit if on a mac, or Notepad if on a PC.
Navigate to Spoke, and copy the certificate contents into the Public Certificate field
Step 4 - Set up Spoke
Copy the Login URL from Azure
Paste into the Sign On URL field in Spoke
Copy the AD Identifier from Azure
Paste it into the Issuer field in Spoke
Press Test SAML Connection to test the configuration. Spoke will test the configuration.
Press Enable SAML
Confirm that you would like to enable SAML by choosing Yes, enable SAML and log out
You will be logged out, and need to log back into Spoke. SAML is turned on.