Workshop allows you to set up SAML SSO with Azure ActiveDirectory. View the instructions below to add this capability for your organization.
- To begin, navigate to Microsoft Entra ID Gallery in ActiveDirectory and create a new non-gallery application
- Create a new non-gallery application and give it a unique, recognizable name
- When the setup is completed, you will automatically be redirected to the landing page for that application
- Assign users and groups to the application
Users/Groups added here will be the only users allowed to access Workshop
- Return to the `Overview` page and set up single sign on (SAML)
- Edit the SAML Certificate Options
- For signing option, choose "Sign SAML response and assertion" and select save
- Copy the App Federation Metadata URL from Azure
- In Workshop, begin the SSO setup Workflow. Settings>SSO>Add SAML
- In the IdP metadata URL box, paste the App Federation Metadata URL from Azure and select `Create SSO`
- Scroll down to the three boxes under Service Provider Configuration and copy/paste the SP configuration URLs into Azure
- In Azure, under Basic Configuration copy and paste the 3 URLs in the order given, the rest can be left blank:
- Entity ID/Trust identifier URL ➡️ Identifier (Entity ID)
- Assertion Customer Service (ACS) URL ➡️ Reply URL (Assertion Consumer Service URL)
-
Service Provider Login URL ➡️ Sign on URL
- Entity ID/Trust identifier URL ➡️ Identifier (Entity ID)
- Back in Workshop, Perform a test login in order to active SAML SSO. Once SAML is enabled, it will restrict user/password logins and all users will be required to use SSO in order to log in.