Configure SAML in Azure AD

This guide describes the steps required to create a working SAML integration between GoBright and Azure AD.

Create the Enterprise application for the GoBright platform

  1. Login to your Azure Active Directory admin center
  2. Click ‘Azure Active Directory’ in the left-hand menu, and confirm that your Azure AD is ‘Azure AD Premium P1’ or higher
    AzureAD1-0.png
  3. Click ‘Enterprise applications’ and choose ‘New application’
    AzureAD1-1.png
  4. Choose ‘Non-gallery application’, give it the name with ‘GoBright’, and choose ‘Add’
    AzureAD2.png
  5. Now wait for Azure AD while it processes adding the application, this might take a minute, then Azure AD will open the overview of the application.
    AzureAD3.png
  6. Now add the users and groups you want to give access to this application (you can start off with a few test users):
    AzureAD3-2.png
  7. Now configure SAML for this enterprise application:
    Go to ‘Single sign-on’ and choose ‘SAML’
    AzureAD4.png
  8. You are now on the ‘Set up Single Sign-on with SAML’ page proceed with the next parts below.

Enterprise application configuration: Set up Single Sign-on with SAML

  • Basic SAML Configuration:
    Fill ‘Identifier (Entity ID)’ with ‘Relying party identifier / Entity Id
    Fill ‘Reply URL (Assertion Consumer Service URL)’ with the ‘Reply URL (Assertion Consumer Service URL)‘ which you have found in step 1.
    AzureAD5.1.png

User Attributes & Claims
Configure the claims, whereas the images below show the minimum claims:
AzureAD5.2.1.pngAzureAD5.2.2.png

CLAIM NAME VALUE REQUIRED
http://schemas.microsoft.com/identity/claims/displayname user.displayname yes
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier user.userprincipalname yes
gobright.pincode [your pincode field] no
gobright.nfc [your nfc field] no
gobright.defaultcostcenteridorname
[your default costcenter field] no

To use the optional Pincode and NFC claims, specify the field using the specific claims and values.

Note: the Claim ‘nameidentifier’ will be used as the email address of the user in GoBright. It is important that this is the primary email address of the users mailbox. In most cases, the User Principle Name is the same as the primary email address, but for your specific case this might be different.

  • SAML Signing Certificate
    Download the ‘Certificate (Base64)’ and save the file to a location of your preference, for example in ‘C:tokencertificate.cer
    Now open ‘Notepad’ and load the exported certificate (for example ‘C:tokencertificate.cer‘).

    You will now see the text contents, in the following format:
    -----BEGIN CERTIFICATE-----
    ..........DATA.............
    -----END CERTIFICATE-----

    You will need this in step 3 to configure the GoBright portal.

    AzureAD5.3.png

  • Set up GoBright
    Copy the ‘Login URL’ and ‘Logout URL’, you will need this in step 3 to configure the GoBright portal.
    AzureAD5.4.png

Next

Proceed to step 3 of the SAML2 federated identity integration article and finish your SAML integration.

This article comes from the Help Center of GoBright.

View original article

FAQ

Ask us anything! Find the answers to the most frequently asked questions here.

Browse the FAQs

Help Center

A goldmine for all IT and Facility Managers. Dive into the technical stuff concerning our products and solutions.

Visit the Help Center

Newsletter

Wanna stay informed of all developments within the smart office and our new features? Subscribe now.

Subscribe now