Azure Configuration - Add EasySSO to enterprise applications
Inside Microsoft Azure open Enterprise Applications
- Click on "New application"
- In the search bar enter 'EasySSO'
- Select the application that matches your platform. The rest of the example will continue with EasySSO for Jira
- Click "Create"
- You will be automatically navigated to the Overview page for the enterprise app you have just created
Azure Configuration - Configure EasySSO - Basic SAML Configuration
- On the EasySSO Overview page
- On the toolbar on the left-hand side of the page, click on "Single sign-on"
- On the Single Sign on page
- Select the rectangle box that says "SAML"
- Click "No, I'll save later"
- In the "Basic SAML Configuration" box, click on 'Edit' on the top right-hand corner
- On the Basic SAML configuration edit panel
- Set Identifier (Entity ID) URL to https://<YOUR ATLASSIAN SERVER BASE URL>/plugins/servlet/easysso/saml
- Set URL to https://<YOUR ATLASSIAN SERVER BASE URL>/plugins/servlet/easysso/saml
- Set Sign on URL (Optional) URL to https://<YOUR ATLASSIAN SERVER BASE URL>/plugins/servlet/easysso/saml
- Set URL to https://<YOUR ATLASSIAN SERVER BASE URL>/plugins/servlet/easysso/saml
- Set Logout URL (Optional) URL to https://<YOUR ATLASSIAN SERVER BASE URL>/plugins/servlet/easysso/saml
- Click Save
- Set Identifier (Entity ID) URL to https://<YOUR ATLASSIAN SERVER BASE URL>/plugins/servlet/easysso/saml
Azure Configuration - Configure EasySSO - Attributes & Claims
In the Single sign-on page, Edit the Attributes claims. The attribute claims must match between the Azure AD configuration and the EasySSO SAML attributes.
These are the default properties and the attributes
Property | Claim Name |
---|---|
UID Attribute | urn:oid:0.9.2342.19200300.100.1.1 |
username | urn:oid:0.9.2342.19200300.100.1.1 |
urn:oid:0.9.2342.19200300.100.1.3 | |
full name | urn:oid:2.16.840.1.113730.3.1.241 |
first name | urn:oid:2.5.4.42 |
last name | urn:oid:2.5.4.4 |
groups | urn:oid:2.5.4.31 |
In some cases properties may want to be modified, for example removing the domain from an email address property. This can be done by using Azure Special Claims transformations - https://learn.microsoft.com/en-us/entra/identity-platform/saml-claims-customization#special-claims-transformations
Azure Configuration - Copy Metadata Url for configuration of EasySSO
- In the Single sign-on page, under the SAML Certificates, copy the App Federation Metadata Url
EasySSO Configuration
- Open EasySSO and select SAML
- On the SAML configuration screen make sure Enable SAML is ticked
- Click the Certificates tab
- On the Certificates page
- Next to Load Metadata ensure the URL option is selected
- In the IdP Metadata URL text box, paste the copied App Federation Metadata Url copied earlier
- Click Load Certificate
- Click Save
- On the General page
- Configure settings for New Users which are logging in for the first time from the SAML provider, based on your needs
- Configure settings for Existing Users which have previously logged in, based on your needs
- Configure Default groups for Users to ensure that logged in users are provisioned with the correct groups and permissions
- Click Save
You've completed the configuration of EasySSO SAML with Azure!
For more customisation options, check out EasySSO with SAML - Configuration
For enabling signing, validation and encrypted assertions on Azure AD, check out EasySSO with Azure AD - Signing, Validation, Encryption