Getting started (admin setup)

Before you setup Azure SAML SSO

• Please read the pre-requisites page.
• Add your Azure Microsoft Entra ID primary domain to the Anchor primary domains.

Setup Single Sign-on with Azure enterprise application

1. Sign-in to your Azure admin portal
2. In the left menu bar, click on Microsoft Entra ID
3. Click on Enterprise applications in the left menu bar
4. In the Enterprise applications page, click on New application

5. In the Browse Microsoft Entra Gallery page, click on Create your own application

6. In the Create your own application,
   1. Enter a name for the application. For example: anchor-saml-sso-app
   2. Select Integrate any other application you don't find in the gallery (Non-gallery)

7. Click on Create button
8. In the newly created application page, select Single sign-on in the left menu bar

9. Select SAML in the Select a single sign-on method

10. In the Set up Single Sign-On with SAML page, click on Edit icon under Basic SAML configuration

11. In the configuration page, click on Add Identifier button

12. Now you will need to get the following values from the Anchor admin dashboard.
    1. Identifier (Entity ID)
    2. Reply URL (Assertion Consumer Service URL)
    3. Sign on URL
13. Sign-in to Anchor admin dashboard
14. Click on Settings -> Security -> Identity & Provisioning -> SAML SSO

15. Click on Add new SAML SSO and select Setup Azure AD SAML SSO

16. You will presented with a dialog which contains the following values:

    1. Identifier (Entity ID)
    2. Reply URL (Assertion Consumer Service URL)
    3. Sign on URL
       

17. Copy the Identifier (Entity ID), Reply URL (Assertion Consumer Service URL), and Sign on URL and paste it in the Azure Basic SAML configuration page like shown below.

19. Click on Save button

20. Click on the Permissions in the left menu bar and then click on app registration.

21. In the API permissions page, click on Add a permission

22. Add the following API permissions
    1. Microsoft Graph -> Delegated permissions -> User.Read
    2. Microsoft Graph -> Delegated permissions -> Directory.Read.All
23. Click on **Grant admin consent **

24. Go back to Enterprise applications -> find the anchor-saml-sso-app, and then click on Single sign-on.
25. Download the Base64 certificate, and copy the Login URL
26. Paste the Login URL in the Sign-in URL field on Anchor dashboard, and upload the Base64 certificate you downloaded to Anchor dashboard.

27. You will see a success dialog box if the setup is successful.

28. Click on Close or Logout and verify connection to verify the newly added SAML SSO.

How to verify the newly added SAML SSO?

1. Make sure that your Azure Microsoft Entra ID primary domain is part of the Anchor primary domains

2. Now sign-out and sign back in to the Anchor admin dashboard 3. When you sign-in, you will be provided with 2 options: 1. Continue with Email 2. Continue with SSO 4. Choose **Continue with SSO** to sign-in with your newly added Azure SAML SSO5. If sign-in is successful you will be see the home page of admin dashboard.