Documentation
Start typing to search…

Azure Microsoft Entra ID (Active Directory)

Set up SSO with Azure

Requirements

To set up Single Sign-On (SSO) with Azure Microsoft Entra ID, ensure the following:

  • Your organization uses Azure Microsoft Entra ID for authentication.
  • You have an Admin role.

The Kubit team will provide:

  • Identifier (Entity ID): urn:amazon:cognito:sp:<CONNECTION_ID>
  • Reply URL: https://kubit-<YOUR_ORG>.auth.<REGION>.amazoncognito.com/saml2/idpresponse

Configure SAML Application

1. Create Application

To add a new application in Microsoft Entra ID:

  1. Sign in to the Azure portal.
  2. Search for and select Microsoft Entra ID.
  3. Navigate to Enterprise applications in the left sidebar.
  4. Click New application.
  5. On the Browse Microsoft Entra Gallery page, select Create your own application.
  6. Enter kubit-sso as the application name and choose Integrate any other application you don’t find in the gallery (Non-gallery). Click Create.

2. Configure App Details

To set up Single Sign-On using SAML:

  1. On the Getting started page, click Get started under Set up single sign-on.
  2. Select SAML on the next screen.
  3. In the Basic SAML Configuration section, click the edit icon.
  4. Replace the default Identifier ID (Entity ID) with the one provided by the Kubit Team.
    • Enter the Reply URL provided by the Kubit Team in the Reply URL (Assertion Consumer Service URL) field.
    • Enter the Login URL provided by the Kubit Team in the Sign on URL (Optional) field.
    • Click Save.

3. Attributes Mapping

  1. In the Attributes & Claims section, click Edit.
  2. Click Add a group claim.
  3. On the Attributes & Claims page, select Groups assigned to the application under Group Claims and leave Source attribute as Group ID. Click Save.
  4. If you have a picture/photo attribute, click Add new claim. Name it picture and use http://schemas.xmlsoap.org/ws/2005/05/identity/claims as the Namespace. Select the appropriate attribute and click Save.
  5. Note the Claim names under Additional claims and provide them to the Kubit Team.
  6. Close the Attributes & Claims screen.

4. Share Metadata URL with Kubit

Copy the App Federation Metadata Url from the SAML Signing Certificate section and provide it to the Kubit Team.

5. Test

Work with the Kubit Team to test the integration using the provided test URL.

6. Open Access

Decide whether to enable the Kubit App for everyone or a specific group.

Updated 3 days ago