Chris Walls

Samanage SAML Single Sign-on with Azure AD

Discussion created by Chris Walls Administrator on Feb 3, 2015
Latest reply on Jun 9, 2017 by Yum Darling

The following document will guide you in the setup of single sign-on into Samanage using Azure Active Directory.

Please follow these steps (the blue highlighted numbers on the following screenshots):

  1. Go to your Active Directory settings: https://manage.windowsazure.com  (Azure Management Console > Active Directory)

  2. Enter the desired Active Directory settings



  1. Click on "Applications" tab

  2. Add a new Application



  1. Choose "Add an application my organization is developing"



  1. Name your app (you can call it 'Samanage'), and choose "Web Application And/Or Web API."



  1. Enter your helpdesk url (whether it's a subdomain of Samanage or your custom  domain) in both 'Sign-On URL' and 'APP ID URI' fields. If you wish to use both - see appendix at end.



  1. The newly created app's settings will show up. Open "View Endpoints" (in the bottom of the page).

  2. Copy the text from the field 'SAML-P SIGN-ON ENDPOINT'.



  1. In another browser/tab, open up your Samanage Single Sign-On settings. (Samange > Setup > Single Sign-On).



  1. Enable Single Sign-On with SAML

  2. Paste the 'SAML-P SIGN-ON ENDPOINT' string you copied at [9] inside 'Identity Provider URL'.
    (you do not need to modify the Login URL)



  1. Inside the field 'SAML Issuer,' put the exact same string you set in 'APP ID URI,' at [7].



  1. Go back to the App Endpoints window inside your Azure management console, and copy the URL from 'FEDERATION METADATA DOCUMENT' field (xml file).



  1. Open the Xml file, and copy the entire string from the X509Certificate tag.  (EntityDescriptor > ds:Signature > KeyInfo > X509Data > X509Certificate)



  1. Back in your Samanage console, paste the X509 Certificate in the X.509 field. Don't worry about the certificate format, the page will auto fix it when you leave the field.



  1. Choose your preferred setup for the last two options, and click 'Update.'



  1. Go back to your Azure Management Console and go into 'Users' tab in your new app settings.

  2. Assign the users you want to grant SSO access for through this application.

 

And we're finished! Try your new SSO option by logging into the Samanage website - either by the link from the 'Login URL' field (see [12]), or using your custom domain/Samanage CNAME if you preferred to redirect to SAML login by default, at [18].

 

If you encounter any issues, please contact our support and we'll be glad to help you out.

 

AppendixSupport for login both from custom domain name and samanage subdomain
In the Azure Management Console under your application settings - click on configure as shown below:

 

 

In the Single Sign-On section, under 'Reply URL' enter the additional URL (the one with the Samanage subdomain) in the following format: https://companyname.samanage.com/saml/companyname as shown in the screenshot below and then click on Save.

 

Outcomes