Workshop allows you to set up SAML SSO with Azure ActiveDirectory. View the instructions below to add this capability for your organization.
- To begin, navigate to Microsoft Entra ID Gallery in ActiveDirectory and create a new non-gallery application
- Create a new non-gallery application and give it a unique, recognizable name
- When the setup is completed, you will automatically be redirected to the landing page for that application
- Assign users and groups to the application
- Users/Groups added here will be the only users allowed to access Workshop
- Navigate to the "Setup Custom SSO page" in Workshop
- Choose Provide IdP Metadata later
- Copy Workshop Issuer (Entity ID) and ACS URL (Reply URL)
- Return to the `Overview` page in Azure and set up single sign on (SAML)
- Edit the SAML Certificate Options
- In Azure, under Basic Configuration copy and paste the 3 URLs in the order given, the rest can be left blank:
- Issuer (Entity ID) ➡️ Identifier (Entity ID)
- ACS URL (Reply URL) ➡️ Reply URL (Assertion Consumer Service URL)
- For signing option, choose "Sign SAML response and assertion" and select save
- Copy the App Federation Metadata URL from Azure
- Back in Workshop, scroll to the identity provider card and paste the App Federation Metadata URL from Azure and click the "Create Provider"
- Perform a test sign in from within Workshop or your identity solution to activate SSO