How to enable SSO and use Azure AD as Identity Provider

This guide will help you to enable Single-Sing-On and configure Azure as identity provider for your UTunnel Organization account.

Enabling SSO and Azure

1. To activate SSO and use Azure as identity provider on your UTunnel organization account, navigate to your Organization dashboard, select Organization tab.

2. Click Single Sign On and then click Azure. Check Enable Azure. Keep this page handy as the details will be required in the proceeding steps.

Azure Configuration

3. Now you have to perform configurations at Azure. Login to your organization’s Azure portal and select Enterprise Applications menu below Azure services.

4. Click New Application button at the top left of the screen.

5. Select Create your own Application.

6. Enter the app name. You can give your preferred name. Here we have named it UTunnel. Select Integrate any other application you don’t find in the gallery. Click Create button to create your application.

7. Now you will land on the Overview screen of the application you have created. Here it is UTunnel Overview. Click on the Set up single sign on box at the top right of the screen.

8. Select SAML.

9. Click Edit icon at the right side to edit the Basic SAML Configuration.

10.  Next, you need to configure necessary integration URLs and SAML attributes. You will need the details obtained from step #2 here.

• Identifier (Entity ID): Copy the Entity ID URL from the UTunnel dashboard and paste it here.
• Reply URL: Copy the Reply URL from the UTunnel dashboard and paste it here.
• Single sign on URL: Copy the Single Sign On URL from the UTunnel dashboard and paste it here.

Click Save at the top left of the screen.

11.  Edit User Attributes & Claims as follows:

Click the Edit icon next to User Attributes and Claims.

Now click on each claim name to manage the claims.

1. Unique User Identifier (Name ID)

Enter the details as follows:

• Source:  Select Attribute.
• Source attribute: user.mail from the drop-down.

Click Save at the top left of the screen.

Now move on to Additional claims

2. Click on the first additional claim. You will be redirected to Manage claim screen. Edit the first claims as given below:

• Name: Email
• Namespace: Delete the default content
• Source: Attribute
• Source attribute: Select user.localuserprincipalname from the drop down.

Click Save icon at the top left.

3. Click on the second additional claim. You will be redirected to Manage claim screen. Edit the first claims as given below:

• Name: FirstName
• Namespace: Delete the default content
• Source: Attribute
• Source attribute: Select user.givenname from the drop down.

Click Save icon at the top left.

4. Click on the third additional claim. You will be redirected to Manage claim screen. Edit the first claims as given below:

• Name: LastName
• Namespace: Delete the default content
• Source: Attribute
• Source attribute: Select user.surname from the drop down.

Click Save icon at the top left.

12. Now right click on the fourth additional attribute and click Delete to remove it. Click Ok to confirm the deletion.

13. Now click Close icon at the top right.

14. Scroll down to find the SAML Signing Certificate section. Find out App Federation Metadata Url. Click on the copy icon to copy the URL.

15. Now navigate to UTunnel dashboard and paste it in Metadata URL. Click SAVE CHANGES button.

Now you are good to go. Azure integration is complete now. Users with active Azure login and necessary privileges will be able to log in to your organization’s UTunnel dashboard. However, the organization owner has to log in with the registered email and password, and not with the Azure account.