This document is a step-by-step guide to setting up an Azure app as your IDP (identity provider) to allow SAML authentication.
1. Navigate to https://aad.portal.azure.com and click Enterprise Applications from the left hand menu
2. Click new application:
3. Select non-gallery application
4. Enter a name for the Application and click add
5. Select set up single sign on
6. On the next screen select SAML
7. For the Identifier, enter any unique string, this will be used later
8. The two steps are from the Avanan portal. From the menu click Configuration → Settings, then click Configure SAML
9. In the Configure SAML window copy the SSO URL
10. Paste the URL copied in the previous step, into the Reply URL field
11. Place the URL for your Avanan portal in the sign-on URL field and then click save in the top left corner of the window
12. Click the edit pencil in the User Attributes and Claims box
13. Set the unique user identifier to user.mail or user.userprinciplename.
Once the value is saved click X in the top right corner to close this window.
Note: When choosing user.mail make sure the field is populated for all relevant users, otherwise it will be impossible to authenticate users.
14. Download the Federation Metadata XML File
15. Back in the Avanan portal Configure SAML window, upload the metadata file:
16. Check off the Are you running Azure AD box. Under the Azure AD entity ID, input the Identifier you entered in Azure from step 7, then click Save.
17. Back in the Azure portal, the next step is to assign users to this new application. Click Users and Groups from the menu and then click Add Users
18. Select the User or Group you want to grant access and click Assign
19. You should now be able to login to the Avanan portal using the Login with SAML button.
