Configuring Azure AD SSO For DataShare
To enable single sign-on with Validis DataShare, it must be configured to use Azure Active Directory as an identity provider. This guide provides information and tips on how to perform this configuration and what information to provide to Validis in order to configure the DataShare application.
Note: The web guide for using the Azure portal to configure this application can be found here.
- You must have a valid Azure tenant or subscription that supports Azure AD and SSO (Needs Premium AD subscription)
- You must be logged on with the rights to configure a third-party SAML identity provider within Enterprise applications in Azure AD.
- Validis should have provided a Reply URL such as https://datashare/validis.com/oauth/saml20
To ensure users can sign-in to Validis DataShare after it has been configured to use Azure Active
Directory, review the following tasks and topics:
- User accounts must be pre-provisioned into Validis DataShare prior to sign-in.
- Users must be assigned access to Validis DataShare in Azure AD to sign-in. To assign users, see Users.
- To configure access polices for Validis DataShare users, see Access Policies.
NOTE: this is an IDP SSO configuration not an SP
Login to Azure portal https://portal.azure.com/ (Needs to had admin rights to manage AAD/SSO)
Navigate to Azure AD and Click on Enterprise Applications (Needs Premium AD subscription)
Click New Application
Click Create your own application
Enter a name for your application such as Validis-Datashare
Click Create (this takes a few seconds)
Once Application is Created:
Add the correct Users or Groups that will use this Application (needed to test once created)
Set up Single Sign On:
- Click Single Sign On and then the SAML box
- In Box 1 – Click Edit and provide name for Identity Provider.
Note – might need to refresh page and click SAML option again if cant edit this page.
- Enter the name for the identifier and make default (green tick).This will be the portal URL (i.e. https://client-name.environment.validis.com)
- Enter the reply URL provided by Valdis such as : https://appname.validis.com/oauth/saml20
- Click Save
- In section 3, export the RAW Certificate and zip and send to Validis Implementation team.
Note: the valid user account has to be the same as set up on the Validis application and this might not be the primary email address.
Information to be provided to Validis:
- User access URL : (This is a MyApps URL such as) https://myapps.microsoft.com/signin/SSO%20For%20Validis%20DataShare/580ef8f2-XXXXX-43a2-bc3e-XXXXXX?tenantId=nnnnXXXX-b750-4b5e-nnxxx-4942b3bcnnxxx
- Certificate (Raw) – exported and zipped