Getting started (admin setup)
- 2 Minutes to read
- Print
- DarkLight
- PDF
Getting started (admin setup)
- 2 Minutes to read
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Before you setup Azure SAML SSO
- Please read the pre-requisites page.
- Add your Azure Microsoft Entra ID primary domain to the Anchor primary domains.
Setup Single Sign-on with Azure enterprise application
- Sign-in to your Azure admin portal
- In the left menu bar, click on Microsoft Entra ID
- Click on Enterprise applications in the left menu bar
- In the Enterprise applications page, click on New application
- In the Browse Microsoft Entra Gallery page, click on Create your own application
- In the Create your own application,
- Enter a name for the application. For example: anchor-saml-sso-app
- Select Integrate any other application you don't find in the gallery (Non-gallery)
- Click on Create button
- In the newly created application page, select Single sign-on in the left menu bar
- Select SAML in the Select a single sign-on method
- In the Set up Single Sign-On with SAML page, click on Edit icon under Basic SAML configuration
- In the configuration page, click on Add Identifier button
- Now you will need to get the following values from the Anchor admin dashboard.
- Identifier (Entity ID)
- Reply URL (Assertion Consumer Service URL)
- Sign on URL
- Sign-in to Anchor admin dashboard
- Click on Settings -> Security -> Identity & Provisioning -> SAML SSO
- Click on Add new SAML SSO and select Setup Azure AD SAML SSO
You will presented with a dialog which contains the following values:
- Identifier (Entity ID)
- Reply URL (Assertion Consumer Service URL)
- Sign on URL
Copy the Identifier (Entity ID), Reply URL (Assertion Consumer Service URL), and Sign on URL and paste it in the Azure Basic SAML configuration page like shown below.
- Click on Save button
- Click on the Permissions in the left menu bar and then click on app registration.
- In the API permissions page, click on Add a permission
- Add the following API permissions
- Microsoft Graph -> Delegated permissions -> User.Read
- Microsoft Graph -> Delegated permissions -> Directory.Read.All
- Click on **Grant admin consent **
- Go back to Enterprise applications -> find the anchor-saml-sso-app, and then click on Single sign-on.
- Download the Base64 certificate, and copy the Login URL
- Paste the Login URL in the Sign-in URL field on Anchor dashboard, and upload the Base64 certificate you downloaded to Anchor dashboard.
- Click on Close or Logout and verify connection to verify the newly added SAML SSO.
How to verify the newly added SAML SSO?
- Make sure that your Azure Microsoft Entra ID primary domain is part of the Anchor primary domains
Was this article helpful?