In this article you will be guided through the set-up necessary to achieve SAML 2.0 logins with eloomi and your Azure powered Active directory.

All the steps to set-up an SSO with Azure AD have been described below

Add an Enterprise Application

Step1: Login to your Azure Active Directory Admin center and click on Enterprise Application

Step 2: Now click on New Application

Step 3: Click on Non-Gallery application

Step 4: Give your new application a name, etc "eloomi SSO" and create the application. This requires a single premium-account.


Adding Details:
With the new application created, you can fill in the necessary details. 

Step 1: Click on the Single sign-on menu link

Step 2: In the Single sign-on mode, select SAML-based Sign-on

Step 3: Fill in the entity id and Reply URL as below; where "team" is switched with your platform name. Click on the Show advanced URL settings checkbox, and fill in the url as below, where "team" should be switched with your platform name.

Step 4: Click Download "Metadata XML", and open the downloaded XML file in any text-editor of your liking.

Settings in eloomi

Now, navigate to https://<yourplatform>.eloomi.com/admin/settings/sso and fill in the details accordingly to your metadata-file.

The entityID goes into the SSO ENTITY ID field including the trailing slash

Like this

The SingleSignOnService field goes into the SSO HOST field in eloomi; remove the saml2 from the link so it goes only to the last slash

Like this

In SSO LOGIN and SSO LOGOUT service, write saml2

Select Email in SSO LOGIN TYPE

And set SSO LOGIN ATTRIBUTE to http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

Set the SSO NAMEID FORMAT to unspecified,

SSO AUTHCONTEXT to False

The SSO Redirect Unauthorized Requests defines wether or not an initial load to https://yourplatform.eloomi.com should directly redirect to the SSO iDP (Identity provider). If this is set to NO. You will have to navigate to https://yourplatform.eloomi.com/sso/log-in to initiate the SSO login.  
If this is set to YES. You may circumvent the SSO login by navigating to https://yourplatform.eloomi.com/login 

The X509 certificate is your trust-certificate which you will find in the beginning of the metadata file. 

You must copy and paste this in between two begin and end strings as shown below.

-----BEGIN CERTIFICATE-----

<THE COPY PASTED CERTIFICATE>

-----END CERTIFICATE-----

It should look similar to this

When done filling in the details, save the settings.

Testing

Testing the SSO login can be achieved by navigating to: https://yourplatform.eloomi.com/sso/log-in 

Important Note:

Please make sure Activation Method from platform admin > settings > company details is set to "Instant" so users are not sent an activation email.

Did this answer your question?