Link an Azure Active Directory Application to Sailthru
This guide walks you through configuring an Azure Active Directory application to enable SAML-based Single Sign-On from Azure Active Directory for Sailthru. In this scenario, the Azure Active Directory application is the SAML Identity Provider.
Create a new Azure application
Please follow this guide to create a new non-gallery application on the Azure Active Directory portal.
Configure your new Azure application
- Decide the name of the SAML connection that will be used by Sailthru. This should be in the format of “saml-<companyname>”, e.g. “saml-sailthru”. In the following steps, you’ll insert this name in place of
- Follow this guide to configure the Azure application to enable SAML-based Single Sign-On.
- In the “Basic SAML Configuration” section, use the following settings:
urn:auth0:sailthru:SAML_CONNECTION_NAMEas the value for the Identifier (Entity ID) field
https://login.sailthru.com/login/callback?connection=SAML_CONNECTION_NAMEas the value for the Reply URL (Assertion Consumer Service URL) field
- In the “User Attributes and Claims” section,
specify “givenname”, “surname” and “name” as additional claims:
You also need to specify the user’s email address as the only required Name ID claim. There are two options to do it. You can specify “user.mail” as the value for the claim:
or you can use any available transformations to make the user’s email address dynamic:
See more details about available transformations here.
The email value sent from Azure within the Name ID claim must match the email address associated with the user within the Sailthru platform.
- Go to the “SAML Signing Certificate” section and download the certificate in the base64 format:
- Go to the “Set up <applicationName>” section
and copy the following values:
- Login URL
- Azure AD Identifier
- Logout URL
- Now it’s time to assign users to the Azure application:
For that, please follow this guide.
Pass configuration details to Sailthru
Once you have completed all these steps, please contact Sailthru with the following details
- SAML connection name
- Identity Provider Single Sign-On URL
- X.509 Certificate