Configuring Azure AD SSO For DataShare
Overview
To enable single sign-on with Validis DataShare, it must be configured to use Azure Active Directory as an identity provider. This guide provides information and tips on how to perform this configuration in on Client’s Azure AD and on the Validis Platform.
Note: The web guide for using the Azure portal to configure this application can be found here.
Prerequisites
- You must have a valid Azure tenant or subscription that supports Azure AD and SSO (Needs Premium AD subscription)
- You must be logged on with the rights to configure a third-party SAML identity provider within Enterprise applications in Azure AD.
- Validis should have provided a Reply URL such as https://datashare/validis.com/oauth/saml20
Next steps
To ensure users can sign-in to Validis after it has been configured to use Azure Active
Directory, review the following tasks and topics:
- User accounts must be pre-provisioned into Validis DataShare prior to sign-in.
- Users must be assigned access to Validis DataShare in Azure AD to sign-in. To assign users, see Users.
- To configure access polices for Validis DataShare users, see Access Policies.
NOTE: this is an IDP SSO configuration not an SP
Login to Azure portal https://portal.azure.com/ (Needs to had admin rights to manage AAD/SSO)
Navigate to Azure Entra ID and Click on Enterprise Applications (Needs Premium AD subscription)
Click New Application
Click Create your own application
Enter a name for your application such as Validis-Portal
Click Create (this takes a few seconds)
Once the Application is Created:
Add the correct Users or Groups that will use this Application (needed to test once created)
Set up Single Sign On:
- Click Single Sign On and then the SAML box
- In Box 1 – Click Edit and provide name for Identity Provider.
Note – might need to refresh page and click SAML option again if cant edit this page.
- Enter the name for the identifier and make default (green tick). This will be the portal URL (i.e. https://client-name.environment.validis.com)
- Enter the reply URL provided by Validis such as : https://appname.validis.com/oauth/saml20
- Click Save
- In section 3, export the RAW Certificate and zip and send to Validis Implementation team.
-
Copy and Paste the 3 URLs and send to Validis Implementation team
Once Validis have set up the certificate, configured site and then added the test user – we are now ready to:
-
TEST the application. Using button at bottom of page please test this SSO connection – using either logged on user or another user whose credentials are known.
Note: the valid user account has to be the same as set up on the Validis application and this might not be the primary email address.
Information to be provided to Validis:
- User access URL : (This is a MyApps URL such as) https://myapps.microsoft.com/signin/SSO%20For%20Validis%20DataShare/580ef8f2-XXXXX-43a2-bc3e-XXXXXX?tenantId=nnnnXXXX-b750-4b5e-nnxxx-4942b3bcnnxxx
- Certificate (Raw) – exported and zipped