This article links to instructions for setting up single sign-on (SSO) between Microsoft Azure Active Directory (AD). When you set up this integration, you use Azure AD to authenticate and manage QA or QA users. This feature is available to enterprise accounts. You must be an admin to access the screen in the application where you perform this procedure.
Note: This article contains different URLs you should use in your configuration depending on whether you are using QA or QA. When you see both options, choose the URL that corresponds to the kind of account you use.
This article contains the following sections:
Azure AD SSO Tutorial
Microsoft has provided a tutorial on how to set up your integration between Azure AD. You can get to the tutorial on the Settings & Integrations screen. To get to this screen from the dashboard, click your company name in the upper-right corner and choose Settings & Integrations from the menu that appears.
The Settings & Integrations screen appears. Click the Integrations tab, and then click the Azure AD card.
A page in the Azure Marketplace appears with an overview of the QA SSO integration. Click the GET IT NOW button under the QA logo on the left to open the tutorial.
Alternately, you can go directly to the tutorial by clicking this link:
Tutorial: Azure Active Directory single sign-on (SSO) integration with QA - SSO
Setting Up Single Sign-on
You complete some steps of the tutorial within the Azure portal. Other steps you complete within QA/QA. The QA/QA steps occur on the Settings & Integrations screen described earlier in this article.
When you complete the steps in the tutorial, you choose the SSO card on this screen, rather than the Azure AD card that you used to access the tutorial.
For more information about setting up single sign-on in QA/QA, see Setting Up Single Sign-on.
Community Tips
Sometimes our users offer tips they learned while setting up their own SSO with Azure AD. Consider these community tips as you set up your SSO:
Use the Right URLs
If you have a QA account, make sure you use the QA URLs during your configuration. If you have a QA account, make sure you use the QA URLs.
Add a Custom Claim Rule to the Relying Party Trust
The default AD claims mapping may not support your SSO implementation. Try adding a custom claim rule to the relying party trust, such as the one below:
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"), query = ";objectSID,mail,givenName,sn;{0}", param = c.Value);
Comments
0 comments
Please sign in to leave a comment.