To set up Azure SSO to connect with Paligo:
-
Create an enterprise app registration for Paligo. For instructions, see the official Microsoft documentation at Quickstart: Add an enterprise application.
-
Find the SSO settings in Enterprise Applications.
-
Select the app you registered and then Single sign-on.
-
Enter the Basic SAML configuration. You need to provide the following details and replace instancename with the name of your Paligo instance, for example, https://acme.paligoapp.com.
-
Identifier
https://instancename.paligoapp.com/saml/metadata
-
Reply URL
https://instancename.paligoapp.com/saml/acs
-
Sign On URL
https://instancename.paligoapp.com/saml/login
-
Relay State and Logout URL
https://instancename.paligoapp.com
-
-
Select Edit next to Attributes and Claims.
-
Select Add a new claim and then enter the details for the new claim. For Paligo, you will need to create 5 claims, so you will repeat this step. We have included the name and source attribute details for each claim below.
Name
Source attribute
user.email
user.mail
user.firstname
user.givenname
user.lastname
user.surname
paligo.usergroup
user.assignedroles
Unique User Identifier
user.mail
Note
Each claim should be a regular claim, not a group claim. This applies to all of the claims for Paligo, including the paligo.usergroup claim.
-
Repeat the previous step until you have added all 5 of the required claims and their appropriate source attributes.
-
Create the App roles for each Paligo user group.
-
Go to Microsoft Entra ID.
-
Select App registrations.
-
Select Paligo (or whatever you named the app during registration).
-
Select App roles.
-
Select Create app role.
-
Enter the details for the app role. For Paligo, you will need to create several app roles and so you will repeat this process. We have included the details for each app row below.
Display name*
Description*
Allowed member types
Value
Enable app role?
Admin
Paligo admin
Users/Groups
paligo.admin
Yes (check box)
Contributor
Paligo contributor
Users/Groups
paligo.contributor
Yes (check box)
User
Paligo user
Users/Groups
paligo.user
Yes (check box)
Reviewer
Paligo reviewer
Users/Groups
paligo.reviewer
Yes (check box)
* The Display name and Description can be anything, the entries we have provided are just suggestions. But note that the Allowed member types and Value have to match exactly what is shown above and all of the app roles have to be enabled.
-
Repeat the previous two steps until you have created all of the required app roles.
-
-
Return to your Paligo Enterprise application settings and select Users and groups. Here, you are going to add the Azure users that you created in the Microsoft Entry ID directory.
-
Create the users:
-
Return to your Paligo enterprise application settings. In the Single sign-on settings, create a certificate.
-
Download the Federation metadata XML.
-
Sign in to Paligo using a user account that has administrator permissions.
-
Select the avatar in the top-right corner.
-
Select Settings from the menu.
-
Select the Integrations tab.
-
Select Add or Change in the SAML SSO panel.
-
Use Upload metadata file to upload the Federation metadata XML file from Azure.
-
After your metadata uploads, expand the Advanced settings and delete the Single Signout Service URL. It is important that this field is empty.
-
Make sure that Enable sign-in alternative is checked for first-time testing of the SSO sign-in.
-
Check the Enable SSO box.
-
Select Save.
Your Azure service should now be connected to Paligo. Try signing in using SSO.
If you are able to sign in using SSO, go back to the SAML SSO panel and clear the Enable sign-in alternative box.
If you are unable to sign in using SSO, go back through the steps above and make sure you have followed the instructions carefully. Look out for typing mistakes and copy and paste mistakes, as they are often the cause of problems. If you continue to have problems signing in, please contact customer support.
Comments
0 comments
Article is closed for comments.