Azure Configuration - Add EasySSO to enterprise applications

Inside Microsoft Azure open Enterprise Applications

  1. Click on "New application"
  2. In the search bar enter 'EasySSO' 
    1. Select the application that matches your platform. The rest of the example will continue with EasySSO for Jira
  3. Click "Create" 

    1. You will be automatically navigated to the Overview page for the enterprise app you have just created

Azure Configuration - Configure EasySSO - Basic SAML Configuration

  1. On the EasySSO Overview page

    1. On the toolbar on the left-hand side of the page, click on "Single sign-on"
  2. On the Single Sign on page

    1. Select the rectangle box that says "SAML"
    2. Click "No, I'll save later"

  3. In the "Basic SAML Configuration" box, click on 'Edit' on the top right-hand corner
  4. On the Basic SAML configuration edit panel

    1. Set Identifier (Entity ID) URL to https://<YOUR ATLASSIAN SERVER BASE URL>/plugins/servlet/easysso/saml
    2. Set  URL to https://<YOUR ATLASSIAN SERVER BASE URL>/plugins/servlet/easysso/saml
    3. Set Sign on URL (Optional) URL to https://<YOUR ATLASSIAN SERVER BASE URL>/plugins/servlet/easysso/saml
    4. Set  URL to https://<YOUR ATLASSIAN SERVER BASE URL>/plugins/servlet/easysso/saml
    5. Set Logout URL (Optional) URL to https://<YOUR ATLASSIAN SERVER BASE URL>/plugins/servlet/easysso/saml
    6. Click Save

Azure Configuration - Configure EasySSO - Attributes & Claims

In the Single sign-on page, Edit the Attributes claims. The attribute claims must match between the Azure AD configuration and the EasySSO SAML attributes.


These are the default properties and the attributes 

Property

Claim Name

UID Attribute

urn:oid:0.9.2342.19200300.100.1.1

usernameurn:oid:0.9.2342.19200300.100.1.1
emailurn:oid:0.9.2342.19200300.100.1.3
full nameurn:oid:2.16.840.1.113730.3.1.241
first nameurn:oid:2.5.4.42
last nameurn:oid:2.5.4.4
groupsurn:oid:2.5.4.31

In some cases properties may want to be modified, for example removing the domain from an email address property. This can be done by using Azure Special Claims transformations - https://learn.microsoft.com/en-us/entra/identity-platform/saml-claims-customization#special-claims-transformations

Azure Configuration - Copy Metadata Url for configuration of EasySSO

  1. In the Single sign-on page, under the SAML Certificates, copy the App Federation Metadata Url 

EasySSO Configuration

  1. Open EasySSO and select SAML 
  2. On the SAML configuration screen make sure Enable SAML is ticked
  3. Click the Certificates tab
  4. On the Certificates page

    1. Next to Load Metadata ensure the URL option is selected
    2. In the IdP Metadata URL text box, paste the copied App Federation Metadata Url copied earlier
    3. Click Load Certificate
    4. Click Save
  5. On the General page

    1. Configure settings for New Users which are logging in for the first time from the SAML provider, based on your needs
    2. Configure settings for Existing Users which have previously logged in, based on your needs
    3. Configure Default groups for Users to ensure that logged in users are provisioned with the correct groups and permissions
    4. Click Save


You've completed the configuration of EasySSO SAML with Azure!

For more customisation options, check out EasySSO with SAML - Configuration

For enabling signing, validation and encrypted assertions on Azure AD, check out EasySSO with Azure AD - Signing, Validation, Encryption



EasySSO articles

Try for free

EasySSO for Jira, Confluence, Bamboo, Bitbucket and Fisheye/Crucible

Try for free