Azure SAML

Overview

The following document will walk you through creating the applications necessary for the connection, configuring the required SSO (Single Sign On) link for authentication, configuring user attributes, and mapping roles to users to connect your environment to Bold Penguin.

We support a wide variety of SAML 2.0 and OAuth 2.0 identity providers for SSO into the Partner Portal component of the Bold Penguin Enterprise terminal. One of the most popular identity providers is Microsoft Azure AD.

This is specific documentation for creating a SAML 2.0 SSO link between Azure AD and the Bold Penguin Enterprise Terminal/Partner Portal. Additional information regarding Microsoft Azure AD is available at the end of this document.

Create Applications

You will create two new applications in the Azure Portal for the Bold Penguin beta and production environments.

  1. From the Azure Portal side navigation select Enterprise applications
  2. Click the button for New application

  3. Select Non-gallery application

  4. Enter a name for the application and click the Add button

  5. Select Single sign-on from the navigation side bar

  6. Select SAML

  7. In the upper right corner, select the pencil icon to edit the configuration for section 1, Basic SAML Configuration

  8. Use the table below to set the appropriate values for Identifier and Reply URL for each environment

    • Production
      • Identifier https://[domain]-auth.boldpenguin.com
      • Reply URL https://[domain]-auth.boldpenguin.com/users/auth/saml/callback
    • Beta

      • Identifier https://[domain]-auth-uat.beta.boldpenguin.com
      • Reply URL https://[domain]-auth-uat.beta.boldpenguin.com/users/auth/saml/callback
    • NOTE: Replace [domain] with your unique domain provided during on-boarding.

  9. In the upper right corner, select the pencil icon to edit the configuration for section 2, User Attributes & Claims

  10. Click Add new claim and enter the following values:

    • Enter Name: role
    • Enter Namespace: http://schemas.microsoft.com/ws/2008/06/identity/claims/role
    • For Source attribute select user.assignedroles
    • Click Save
  11. In section 2, User Attributes & Claims click on the row for Unique User Identifier (Name ID) to edit

    • For Choose name identifier format select Default
    • For Source attribute select user.objectid
    • Click Save
  12. Verify User Attributes & Claims matches the following:

  13. In section 3, SAML Signing Certificate locate the App Federation Metadata Url and click the copy button on the far right

  14. Email the metadata URL from step 13 to your Bold Penguin Project Manager

  15. After completing the beta application, repeat these steps for production.

Create Roles

You will create one or more roles in Azure AD that will map to roles within the Bold Penguin Terminal. Typically, the only predefined role in Azure AD is User. For testing in the beta application, you must make some modifications to the User role.

  1. From the Azure Portal side navigation select App registrations
  2. Under All applications locate and click the beta application

  3. Select Manifest from the navigation side bar to display the JSON text of the mainfest file

  4. In the appRoles section of the manifest locate the first role with "displayName": "User"
  5. Locate the value property and change from "value": null to "value": "User"

    • Note: This is for testing purposes. Your Project Manager will help define any additional roles.
  6. Click Save

Assign Roles

You must assign our User role (or other predefined roles) to one or more Azure AD users.

  1. From the Azure Portal side navigation select Enterprise applications
  2. Locate and select your beta application
  3. From the side navigation select Users and groups
  4. Click Add user

  5. Click Users and groups to bring up the search panel

  6. From the search panel select an existing user or group

  7. Click Select

  8. Select Role should already be User. If not, select the User role and click Assign

Testing

Your Project Manager will confirm receipt of the certificate and login URL above. You should now be able to login to the Bold Penguin Terminal using the dashboard URL for your domain:

https://[domain]-agent.boldpenguin.com/dashboard

NOTE: Replace [domain] with your unique domain provided during on-boarding.

When your users first authenticate into Azure, Bold Penguin receives the roles you mapped above in our authentication layer.

Next, you will work with your project manager to add the appropriate permissions for each role or group.

Useful Azure AD resources

results matching ""

    No results matching ""