SAML Configuration for Azure

This document is a step-by-step guide to setting up an Azure app as your IDP (identity provider) to allow SAML authentication.
 
1. Navigate to https://aad.portal.azure.com and click Enterprise Applications from the left hand menu
 
SAML-Azure-1
 
 
2. Click new application:
 
SAML-Azure-2
 
 
3. Select non-gallery application
 
SAML-Azure-3
 
 
4. Enter a name for the Application and click add
 
SAML-Azure-4
 
 
5. Select set up single sign on
 
SAML-Azure-5
 
 
6. On the next screen select SAML
 
SAML-Azure-6
 
 
7. For the Identifier, enter any unique string, this will be used later
 
SAML-Azure-7
 
 
8. The two steps are from the Avanan portal. From the menu click Configuration → Settings, then click Configure SAML
 
Configure-SAML
 
 
9. In the Configure SAML window copy the SSO URL
 
SSO-URL
 
 
10. Paste the URL copied in the previous step, into the Reply URL field
 
SAML-Azure-10
 
 
11. Place the URL for your Avanan portal in the sign-on URL field and then click save in the top left corner of the window
 
SAML-Azure-11
 
 
12. Click the edit pencil in the User Attributes and Claims box
 
SAML-Azure-12
 
 
13. Set the unique user identifier to user.mail or user.userprinciplename.
 
SAML-Azure-13a
 
SAML-Azure-13b
 
Once the value is saved click X in the top right corner to close this window.
Note: When choosing user.mail make sure the field is populated for all relevant users, otherwise it will be impossible to authenticate users. 
 
14. Download the Federation Metadata XML File
 
SAML-Azure-14
 
 
15. Back in the Avanan portal Configure SAML window, upload the metadata file:
 
Configure-SAML-new
 
 
16. Check off the Are you running Azure AD box. Under the Azure AD entity ID, input the Identifier you entered in Azure from step 7, then click Save.
 
 
17. Back in the Azure portal, the next step is to assign users to this new application. Click Users and Groups from the menu and then click Add Users
 
SAML-Azure-17
 
 
18. Select the User or Group you want to grant access and click Assign
 
SAML-Azure-18
 
 
19. You should now be able to login to the Avanan portal using the Login with SAML button.
 Avanan-Login-Page