How to enable SSO and use Azure AD as Identity Provider

This guide will help you to enable Single-Sing-On and configure Azure as identity provider for your UTunnel Organization account.

Enabling SSO and Azure

1. To activate SSO and use Azure as an identity provider on your UTunnel organization account, navigate to your Organization dashboard, and select Organization tab.

How to enable SSO and use Azure AD as identity provider dashboard

2. Navigate to the Single Sign On option in the left side menu and then click on the Azure option. Select the Enable Azure option checkbox. Keep this page handy as the details will be required in the proceeding steps.

How to enable SSO and use Azure AD as identity provider enable Azure in UTunnel

Azure Configuration

3. Now you have to perform configurations at Azure. Log in to your organization’s Azure portal and select the Enterprise Applications menu below Azure services.

How to enable SSO and use Azure AD as identity provider Azure Services

4. Click on the New Application button at the top left of the screen.

How to enable SSO and use Azure AD as identity provider enterprise applications

5. Select Create your own Application option.

How to enable SSO and use Azure AD as identity provider Azure AD gallery

6. Enter the app name. You can give your preferred name. Here we have named it UTunnel. Select Integrate any other application you don’t find in the gallery. Click on the Create button to create your application.

How to enable SSO and use Azure AD as identity provider provide a display name

7. Now you will land on the Overview screen of the application you have created. Here it is UTunnel Overview. Click on the Set up single sign on box at the top right of the screen.

How to enable SSO and use Azure AD as identity provider application overview

8. Select SAML.

How to enable SSO and use Azure AD as identity provider select SAML

9. Click on the Edit icon on the right side to edit the Basic SAML Configuration.

How to enable SSO and use Azure AD as identity provider edit basic SAML configuration

10.  Next, you need to configure the necessary integration URLs and SAML attributes. You will need the details obtained from step #2 here.

  • Identifier (Entity ID): Copy the Entity ID URL from the UTunnel dashboard and paste it here.
  • Reply URL: Copy the Reply URL from the UTunnel dashboard and paste it here.
  • Single sign on URL: Copy the Single Sign On URL from the UTunnel dashboard and paste it here.

Click Save at the top left of the screen.

How to enable SSO and use Azure AD as identity provider configure integration URLs and SAML attributes

11. a.  Next you need to edit User Attributes & Claims. For that, navigate to the Attributes & Claims section and click on the Edit icon.

How to enable SSO and use Azure AD as identity provider edit user attributes and claims

b. Now click on each claim name to manage the claims.

How to enable SSO and use Azure AD as identity provider click to edit each claim

c. Unique User Identifier (Name ID)

Enter the details as follows:

  • Source:  Select Attribute.
  • Source attribute: user.mail from the drop-down.

Click on the Save button at the top left of the screen.

How to enable SSO and use Azure AD as identity provider manage unique user identifier claim

Now navigate back to Attributes & Claims.

d. Click on the first additional claim. You will be redirected to the Manage Claim screen. Edit the first claims as given below:

  • Name: Email
  • Namespace: Delete the default content
  • Source: Attribute
  • Source attribute: Select user.localuserprincipalname from the drop down.

Click on the Save icon at the top left.

How to enable SSO and use Azure AD as identity provider manage the first additional claim

e. Click on the second additional claim. You will be redirected to the Manage Claim screen. Edit the second claims as given below:

  • Name: FirstName
  • Namespace: Delete the default content
  • Source: Attribute
  • Source attribute: Select user.givenname from the drop down.

Click on the Save icon at the top left.

How to enable SSO and use Azure AD as identity provider manage the second additional claim

f. Click on the third additional claim. You will be redirected to the Manage Claim screen. Edit the third claims as given below:

  • Name: LastName
  • Namespace: Delete the default content
  • Source: Attribute
  • Source attribute: Select user.surname from the drop down.

Click on the Save icon at the top left.

How to enable SSO and use Azure AD as identity provider manage the third additional claim

12. Now right-click on the fourth additional attribute and click on the Delete icon to remove it. Click on the Ok button to confirm the deletion.

How to enable SSO and use Azure AD as identity provider delete the fourth additional attribute

13. Now click on the Close icon at the top right.

How to enable SSO and use Azure AD as identity provider click on the close icon

14. Scroll down to find the SAML Signing Certificate section. Find out App Federation Metadata Url. Click on the copy icon to copy the URL.

How to enable SSO and use Azure AD as identity provider copy App Federation Metadata Url

15. Now navigate to the UTunnel dashboard and paste it into Metadata URL field. Click on the SAVE CHANGES button.

How to enable SSO and use Azure AD as identity provider paste metadata url in UTunnel

Now you are good to go. Azure integration is complete now. Users with active Azure login and necessary privileges will be able to log in to your organization’s UTunnel dashboard. However, the organization owner has to log in with the registered email and password, and not with the Azure account.

Popular Support Articles

How to enable SSO and integrate with OneLogin

How to Convert an Organization From SSO to Non-SSO

How to Add a User to an Organization Server

How to enable SSO and use Okta as Identity Provider

How to signup as Organization

How to Convert an Organization From Non-SSO to SSO

How to Add Users to an Organization