EasySSO SAML with Azure AD

Describes configuration necessary to integrate EasySSO with Azure AD using SAML 

Azure Configuration

Inside Microsoft Azure open Enterprise Applications

  1. Click on "New application"
  2. In the search bar enter 'EasySSO' 
    1. Select the application that matches your platform. The rest of the example will continue with EasySSO for Jira
  3. Click "Create" 

    1. You will be automatically navigated to the Overview page for the enterprise app you have just created
  4. On the EasySSO Overview page

    1. On the toolbar on the left-hand side of the page, click on "Single sign-on"
  5. On the Single Sign on page

    1. Select the rectangle box that says "SAML"
    2. Click "No, I'll save later"

  6. In the "Basic SAML Configuration" box, click on 'Edit' on the top right-hand corner
  7. On the Basic SAML configuration edit panel

    1. Set Identifier (Entity ID) URL to https://<YOUR ATLASSIAN SERVER BASE URL>/plugins/servlet/easysso/saml
    2. Set  URL to https://<YOUR ATLASSIAN SERVER BASE URL>/plugins/servlet/easysso/saml
    3. Set Sign on URL (Optional) URL to https://<YOUR ATLASSIAN SERVER BASE URL>/plugins/servlet/easysso/saml
    4. Set  URL to https://<YOUR ATLASSIAN SERVER BASE URL>/plugins/servlet/easysso/saml
    5. Set Logout URL (Optional) URL to https://<YOUR ATLASSIAN SERVER BASE URL>/plugins/servlet/easysso/saml
    6. Click Save
  8. In the Single sign-on page, under the SAML Certificates, copy the App Federation Metadata Url 

EasySSO Configuration

  1. Open EasySSO and select SAML 
  2. On the SAML configuration screen make sure Enable SAML is ticked
  3. Click the Certificates tab
  4. On the Certificates page

    1. Next to Load Metadata ensure the URL option is selected
    2. In the IdP Metadata URL text box, paste the copied App Federation Metadata Url copied earlier
    3. Click Load Certificate
    4. Click Save
  5. On the General page

    1. Configure settings for New Users which are logging in for the first time from the SAML provider, based on your needs
    2. Configure settings for Existing Users which have previously logged in, based on your needs
    3. Configure Default groups for Users to ensure that logged in users are provisioned with the correct groups and permissions
    4. Click Save


Add Signing and Validation (Optional)

This will also allow for Single Logout (SLO) and IdP initiated logout.

EasySSO Configuration

  1. On the Certificates page

    1. Click the Generate Certificates button
    2. Paste the contents of the SP Signing certificate into a text file and then change the filename to cert.cer
    3. Remove the header (-----BEGIN CERTIFICATE-----) and footer (-----END CERTIFICATE-----)
  2. On the General page
    1. Make sure Sign SP Login request is ticked
    2. For Logout Binding Type select POST 
    3. Copy POST Binding URL and paste into Single Logout URL text box
    4. Make sure Sign SP Logout request is ticked
    5. Make sure Sign SP Logout response is ticked
    6. Make sure Verify SP Logout Request Signature is ticked
    7. Make sure Verify SP Logout Response Signature is NOT ticked
    8. Click Save

Azure Configuration

Inside Azure Enterprise Applications - EasySSO

  1. On the Single sign-on panel for EasySSO
  2. On the SAML Certificates Verification certificates (optional), click Edit

  3. On the Edit page for Verification certificates (optional)

    1. Make sure Require verification certificates is ticked
    2. Make sure Allow requests signed with RSA-SHA1 is ticked
    3. Click the Upload certificate button and upload the previously saved cert.cer file
    4. Click Save

Encrypted Assertions (Optional)

Azure Encrypted assertions requires Microsoft Entra ID Premium

EasySSO Configuration

  1. Open the EasySSO Admin page
  2. Click the SAML button to be taken to the SAML Admin configuration
  3. Check the 'Encrypt Assertions' check box
  4. Click the Save button at the bottom of the page to save the updated configuration
  5. Click the 'Certificates' tab
  6. Click the button to download the SP Certificate. This certificate is in a CER format

Azure Configuration

  1. Open your SAML Administration page
  2. Open the SAML Client configuration
  3. In the side panel, in the security section, click "Token encryption" and then click to import certificate
  4. Upload the SP Certificate previously downloaded into the encrypted certificate section (If your client only allows .crt or .pem certificates, copy the contents of the sp certificate text box into a new file and save it with the name of 'myeasyssosp.crt' or 'myeasyssosp.pem' as appropriate).
  5. Click the ellipsis button (...) and then click to Activate token encryption certificate





You've completed the configuration of EasySSO SAML with Azure!

For more customisation options, check out EasySSO with SAML - Configuration.

EasySSO articles

Try for free

EasySSO for Jira, Confluence, Bamboo, Bitbucket and Fisheye/Crucible

Try for free