How to configure Azure for SSO

This topic details how to configure Microsoft Azure for single sign-on (SSO). Azure is a cloud computing service used for building, testing, deploying, and managing applications through Microsoft-managed data centers.

This topic is part of Phase Two in Configuring SAML SSO authentication. For an overview of the complete process, see Working with SAML for single sign-on (SSO).

IMPORTANT  Before completing these steps, you will need to follow the steps in Prepare Venafi Platform for SAML SSO. You will need configuration information from the Venafi Service Provider Metadata XML file to complete this process.

You must have an existing functional Azure deployment to use these steps. These instructions detail how to add a new Application (Venafi Platform) to Azure.

You will want to consult with your identity provider management team to determine who should be able to authenticate to Venafi Platform via Azure. You'll need that information near the end of the procedure below.

IMPORTANT  While Venafi makes an effort to provide accurate information on third-party integration steps, these steps may differ for your service provider, especially as identity providers release new updates. If you have questions about how to use this third-party integration, we recommend you start with the vendor's documentation and support teams. These instructions should be considered a template, not definitive steps. Your specific steps may vary, depending on how your organization integrates with each third-party platform.

To configure Azure for single sign-on

  1. Log in to the Azure portal and go to Enterprise Applications.

  2. Click + New application.

  3. Switch to the old app gallery experience.

  4. Click Non-gallery application.

  5. Enter a name for the Venafi Platform cluster you are integrating with, then click Add.

    This process may take a minute or more without a visual sign of progress, so be patient.

  6. From the new application Overview page browse to Manage > Users and Groups, and click + Add user.

  7. In Add Assignment, click the Users and Groups bar to pull out a Users and Group list.

  8. Enter the search pattern for the new group or user, select the new user from the results, and click Select.

    You'll be taken back to Add Assignment, where you will see a count of users selected.

  9. Click Assign to complete the assignment

  10. Click Manage > Single sign-on and select SAML as the single sign-on method.

    You'll see the SAML-based Sign-on page.

  11. Click Upload metadata file.

    For the next step, you'll need the Service Provider Metadata XML file.

  12. Browse to the Service Provider Metadata XML file you exported from Venafi Platform and click Add.

    You will see the contents of the XML file in the Basic SAML Configuration panel.

  13. Click Save.
  14. Close the panel and click No, I'll test it later.
  15. In User Attributes & Claims, click Edit.
  16. In SAML Signing Certificate > Signing Option select Sign SAML response, and click Save.
  17. Close the panel and click No, I'll test it later.

  18. In SAML Signing Certificate Federation Metadata XML, click Download.

    The IDP Metadata XML file will be downloaded. Save it to a place where you will be able to find it easily.

  19. In Set up <APPLICATION NAME> copy the Logout URL and paste it to a blank text file on the Venafi server.

You are ready to finish configuring SSO in Venafi Configuration Console. See Importing Identity Provider Metadata XML into Venafi Configuration Console for SAML.