Skip to main content

Steps to configure Azure Active Directory as your Identity Provider (IDP)

shanshan zhao
  • Updated

Background

The doc Using Azure AD as your identity provider also gives details to configure Azure Active Directory as IDP. This article will add some screenshots to make the process more straightforward.

Prerequisites

Identity Provider: Azure Active Directory (AAD)

AAD User permission: Have one of the following roles in Azure:

  • Global Administrator
  • Cloud Application Administrator
  • Application Administrator

setup-idp URL: https://portal.biganimal.com/setup-idp/GdU3LZmDC9XrrbpKmuOpR2AX6oJBDkxb  (Please note, the URL here is an example. You will have your own setup-idp url)

Steps

1. Log into the Azure Active Directory Admin Center, go to Enterprise Applications > New application

mceclip2.png

2.  Create your own application, enter a name for your application, then select Integrate any other application you don’t find in the gallery (Non-gallery)

mceclip1.png

3. After the application is created, from the left panel, select Single sign-on, select SAML mceclip3.png

4. Edit Basic SAML Configuration, copy the Audience URI from BigAnimal setup-idp page: Connection Info to Identifier (Entity ID), copy Assertion Consumer Service URL to Reply URL

mceclip4.png

5.  In Attributes & Claims we configure the attributes by following doc 4.c mceclip5.png

6. Download the Certificate with Base64 format in SAML Certificates section mceclip6.png

7. Copy Login URL in section 4 Set up <You application name > mceclip7.png

8. Click Properties in the left pane and select if Assignment is Required or not

"If this option is set to yes, then users and other apps or services must first be assigned this application before being able to access BigAnimal."
"If this option is set to no, then all users will be able to sign in BigAnimal, and other apps and services will be able to obtain an access token to this service."

mceclip8.png

9. Go to your set-up idp URL -> Setup Config

  • Single Sign-On URL - > URL copied in step 7
  • Identity Provider Signature Certificate -> Certificate in step 6
  • Request Binding - > HTTP-POST
  • Response Signature Algorithm -> sha256 or rsa-sha1

mceclip9.png

10. Click 'Test Connection' and login with your Azure account. mceclip16.png

11.  If Test Connection is successful, then you are good to click 'Sign into BigAnimal'

mceclip14.png


Please note, if you see the BigAnimal login page, input your email address in the box under Sign in to your BigAnimal account as the below screenshot.  (Don't click Sign in for Azure Marketplace users) mceclip15.png

 

Possible error 1 

If you get the below block error AADSTS50105, it's caused by the Assignment Requirement in step 8 is Yes. But you/the users are not assigned to the application specifically.  mceclip10.png

To resolve the error, go to Users and Groups at the left pane and Add User/group

mceclip11.png

Add the specific users or groups and then click 'Assign' and go back 'Test Connection' in step 10 again.

mceclip12.png

 

Possible error 2 

If you got the error AADSTS50020 like "the user does not exist in tenant", then it's caused by browser cache then a wrong user was logged in Azure portal.

To resolve this issue, you can open a Private window or clear your browser cache and try 'Test Connection' in Step 10 again. mceclip13.png