Azure AD - SAML SSO

Updated 2 months ago by Andrew White

Azure AD can be used to manage Single Sign on Permissions with Spoke. For more information on SAML SSO, check out our overview.

To add Spoke to Azure, you will need to be an administrator on both Azure and Spoke.

Adding a new application

Begin by navigating to Enterprise Applications, then choose New Application

Under Add your own app, choose Non-gallery application

Name the application you’re adding (Spoke)then press Add. This will push you onto the App overview page for Spoke.

Assign the app to yourself to test the connection. From the app overview screen, choose Users and groups.

On the Users and groups page choose + Add User.

Assign yourself the application for testing. Once you have assigned yourself the app, navigate back to Single Sign-on

From the left bar, choose Single Sign-on.

For Single Sign-on type choose SAML

Azure Step 1 - Basic SAML Configuration

Choose the Pencil icon next to step 1 to edit the ACS URL and the Entity ID

In another window, Log into your Spoke account.

Navigate to Settings then choose the SSO menu. Scroll to the bottom of the page, and copy the ACS URL.

In Azure, these will be pasted into the “Assertion consumer service URL” field in Step 1.

Press Save then choose the X in the top right of the SAML Configuration pane to return to the app overview screen.

Step 2 - User Claims

Choose the pencil icon to update the user claims and mappings.

Azure uses the field “Unique User Identifier” - This claim needs to be mapped to “User.mail” To Edit this, click on the name identifier field, and choose user.mail from the dropdown. Press Save when you’re finished.

Use the X in the top right of the User Claims pane to return to the overview page.

Step 3 - SAML Certificate

Download the Base64 Certificate onto your computer. Open the file using TextEdit if on a mac, or Notepad if on a PC.

Navigate to Spoke, and copy the certificate contents into the Public Certificate field

Step 4 - Set up Spoke

Copy the Login URL from Azure

Paste into the Sign On URL field in Spoke

Copy the AD Identifier from Azure

Paste it into the Issuer field in Spoke

Press Test SAML Connection to test the configuration. Spoke will test the configuration.

Press Enable SAML

When you click Enable Saml all users will be logged out, and need to log in through the SAML Single Sign-on flow

Confirm that you would like to enable SAML by choosing Yes, enable SAML and log out

You will be logged out, and need to log back into Spoke. SAML is turned on.


How did we do?


Powered by HelpDocs