Before proceeding with this article, ensure that you have read our article about SAML Single Sign-on 🔐
Here, we will outline the steps to set up Azure AD as an Identity Provider.
1️⃣ Create an Azure enterprise application
Sign in to the Azure portal using your Azure AD administrator account.
In the Azure portal, click on the Azure Active Directory in the left-hand navigation menu.
Navigate to Enterprise Applications and then select All Applications
Click on New application, then Create your own application
Enter a name for your application (e.g. "Fabriq") and select Non-gallery application as the application type. Then click Add to create your application
2️⃣ Configure the application for SAML SSO
Navigate to the Single sign-on tab
Select SAML as the single sign-on method
On the Set up single sign-on with SAML page, you will need to enter the following information, ℹ️ reach out to us so that we can provide it to you:
Identifier (Entity ID)
Reply URL (Assertion Consumer Service URL)
Click Save to apply the changes
3️⃣ Configure the attributes for SAML SSO
Within Attributes & Claims, click on Edit
Click on Unique User Identifier (Name ID), set the Name identifier format to Persistent and the Source attribute to user.objectid or any other attribute that is and identifier and is also unique. Then, click on Save. The claims should look like as follows:
⚠️ The name claim that is set to user.userprincipalname needs to align with the email addresses of your users in Fabriq. If there's any discrepancy, you should modify it to user.mail or any other user field that matches the users' emails.
4️⃣ Assign users to Fabriq
Navigate to the Users and groups tab
Click the Add user/group button
On the Add Assignment page, select the users you want to assign to the application and click Select to confirm your selection
5️⃣ Send us the App Federation Metadata Url
Within the Single sign-on tab, navigate to section 3 SAML Certificates
Copy the App Federation Metadata Url and send it to [email protected]