In this article you will be guided through the set-up necessary to achieve SAML 2.0 logins with eloomi and your Azure powered Active directory.
All the steps to set-up an SSO with Azure AD have been described below
Add an Enterprise Application
Step1: Login to your Azure Active Directory Admin center and click on Enterprise Application
Step 2: Now click on New Application
Step 3: Click on Non-Gallery application
Step 4: Give your new application a name, etc "eloomi SSO" and create the application. This requires a single premium-account.
With the new application created, you can fill in the necessary details.
Step 1: Click on the Single sign-on menu link
Step 2: In the Single sign-on mode, select SAML-based Sign-on
Step 3: Fill in the entity id and Reply URL as below; where "team" is switched with your platform name. Click on the Show advanced URL settings checkbox, and fill in the url as below, where "team" should be switched with your platform name.
Step 4: Click Download "Metadata XML", and open the downloaded XML file in any text-editor of your liking.
Settings in eloomi
Now, navigate to https://<yourplatform>.eloomi.com/admin/settings/sso and fill in the details accordingly to your metadata-file.
The entityID goes into the SSO ENTITY ID field including the trailing slash
The SingleSignOnService field goes into the SSO HOST field in eloomi; remove the saml2 from the link so it goes only to the last slash
In SSO LOGIN and SSO LOGOUT service, write saml2
Select Email in SSO LOGIN TYPE
And set SSO LOGIN ATTRIBUTE to http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
Set the SSO NAMEID FORMAT to unspecified,
SSO AUTHCONTEXT to False
The SSO Redirect Unauthorized Requests defines wether or not an initial load to https://yourplatform.eloomi.com should directly redirect to the SSO iDP (Identity provider). If this is set to NO. You will have to navigate to https://yourplatform.eloomi.com/sso/log-in to initiate the SSO login.
If this is set to YES. You may circumvent the SSO login by navigating to https://yourplatform.eloomi.com/login
The X509 certificate is your trust-certificate which you will find in the beginning of the metadata file.
You must copy and paste this in between two begin and end strings as shown below.
<THE COPY PASTED CERTIFICATE>
It should look similar to this
When done filling in the details, save the settings.
Testing the SSO login can be achieved by navigating to: https://yourplatform.eloomi.com/sso/log-in
Please make sure Activation Method from platform admin > settings > company details is set to "Instant" so users are not sent an activation email.