SSO with SAML 2.0 (MS Azure AD sample)

Document created by lscaburri Employee on Mar 21, 2019Last modified by arocchietti on Apr 18, 2019
Version 2Show Document
  • View in full screen mode

The Scope of the current document is to provide an overview of the configuration needed in order to configure Azure AD application to SSO with BOARD Cloud or On-Premise.

 

CONFIGURING SAML SSO APPLICATION


In order to use BOARD SSO in the cloud with SAML 2.0 protocol an application endpoint must be created on the IdP directory. The following sample is based on Microsoft AZURE AD.

 

The configuration must be done on the customer Azure AD.

 

1) On the AZURE Portal go under Azure AD page.
2) Click on the directory you need to grant access.
3) From the main menu select: Enterprise Application
4) From the button menu choose: New Application
5) Select “Non-gallery application”

 

 

Follow the instruction and set an Application NAME and then click add.

 


A page will appear with the application overview:
1. On the left menu choose “Single sign-on”
2. On the right panel that appear choose SAML and click on it.

 

 

3. A setup configuration page will appear.
4. On the 1 step click on the pencil icon to edit and fill the 2 mandatory field.

 

 

The value for Identifier must be:
https://<instance_host>.board.com

 

The value for the parameter Reply URL must be:

https://<instance_host>.board.com/identity/sso/Acs


NOTE: Replace <instance_host> with the corresponding host name according to the activation information provided.

On the step 3, download the Federation Metadata XML.
On the step 4 copy all 3 parameter and save it on a text file.

 

 

ENABLE BOARD CLOUD INSTANCE FOR SSO

Once finished, you have to send all information retrieved on the information page (step 3 and 4) to BOARD Support when requesting the SAML SSO activation.
On customer request BOARD can disable the standard user and password authentication method.

 


ENABLE BOARD ON-PREMISE INSTANCE FOR SSO

SAML configuration "saml2.config" file is usually located under "C:\Program Files (x86)\Board\Board WebApi Server\App_Data\config"
By default the configuration file is empty. Below a standard configuration for AAD:

 

<saml2configurations UseSHA256="true">
<add key="sso" caption="SSO Login" entityId="https://<instance_host>.board.com" modulePath="/sso">
<identityProvider entityId="https://sts.windows.net /xxxxx-xxxx-xxxx-xxxx-...." loadMetadata="true"
metadataUrl="https://myadfsserver/FederationMetadata/2007-06/FederationMetadata.xml" allowUnsolicitedAuthnResponse="false" />

</add>
</saml2configurations>

Attachments

    Outcomes