Overview
Before enabling single sign-on with Validis DataShare, your SSO application must be configured to use Azure Active Directory as an identity provider. This guide provides information and tips on how to perform this setup process using Azure AD and the Validis Portal.
Note: The web guide to configure this application using the Azure portal can be found here.
Prerequisites
- You must have a valid Azure tenant or subscription that supports Azure AD and SSO (Needs Premium AD subscription)
- You must be logged on with the rights to configure a third-party SAML identity provider within Enterprise applications in Azure AD.
Creating the Azure AD SSO Application
To ensure users can sign in to Validis using your Azure Active Directory, please review the following:
- User accounts must be pre-provisioned in the Validis Portal.
- Users must be assigned access to the Validis DataShare in Azure AD to sign in. To assign users, see Users.
- To configure access polices for Validis DataShare users, see Access Policies.
Note: This is an IDP SSO configuration, not an SP
Log in to the Azure portal (https://portal.azure.com/) (You need to have admin rights to manage AAD/SSO)
Navigate to Azure Entra ID and click on Enterprise Applications (Needs Premium AD subscription)
Click New Application
Click Create your own application
Enter a name for your application, such as Validis-DataShare. Then click Create (this takes a few seconds)
Configuring the Azure AD SSO Application
Once the application is created:
Add the correct Users or Groups that will use this Application (needed to test once created)
Set up Single Sign On:
- Click Single Sign On and then the SAML box
In Box 1 – Click Edit and provide a name for the Identity Provider.
Note: You might need to refresh the page and click the SAML option again if you can't edit this page.
Please enter a name for the identifier and make it the default by clicking the green tick. This will be your Validis portal URL (i.e., https://client-name.environment.validis.com)
Enter the reply URL such as: https://client-name.environment.validis.com/oauth/saml20
Click Save
In section 3, export the RAW Certificate and save it in a zipped folder.
Note: The user's account identifier must match the SSO ID set up on the Validis application, and this might not be the primary email address.
Locating the User Access URL
To find the user access URL for an application in Azure AD (now Microsoft Entra ID), follow these steps:
-
Navigate to Enterprise Applications:
- Sign in to the Azure portal.
- Search for and select Microsoft Entra ID.
- In the left-hand menu, under Manage, select Enterprise applications.
-
Select the Application:
- Find the specific application for which you want to retrieve the user access URL. You can use the search bar to filter the list.
- Click on the application's name to open its details.
-
Access Application Properties:
- In the application's details, under the Manage section in the left-hand menu, select Properties.
-
Locate the User Access URL:
- On the Properties page, you will find a field labeled User access URL. This is the direct sign-on link for the application.
- Copy/Save this URL. Users can use this link to access the application directly
Information to be provided to Validis
Now that the setup is complete, please send the following information to the Validis team.
- User access URL : (This is a MyApps URL, such as) https://myapps.microsoft.com/signin/SSO%20For%20Validis%20DataShare/580ef8f2-XXXXX-43a2-bc3e-XXXXXX?tenantId=nnnnXXXX-b750-4b5e-nnxxx-4942b3bcnnxxx
- Certificate (Raw) – exported and zipped