1. Help Center
  2. Getting started
  3. Getting Started with Microsoft

How to configure Microsoft ActiveDirectory SAML SSO

Workshop allows you to set up SAML SSO with Azure ActiveDirectory. View the instructions below to add this capability for your organization.

  • Create a new non-gallery application and give it a unique, recognizable name 
     
  • When the setup is completed, you will automatically be redirected to the landing page for that application
  • Assign users and groups to the application

Users/Groups added here will be the only users allowed to access Workshop

  • Return to the `Overview` page and set up single sign on (SAML)
  • Edit the SAML Certificate Options
  • For signing option, choose "Sign SAML response and assertion" and select save 
  • Copy the App Federation Metadata URL from Azure

  • In Workshop, begin the SSO setup Workflow. Settings>SSO>Add SAML
  • In the IdP metadata URL box, paste the App Federation Metadata URL from Azure and select `Create SSO`
  • Scroll down to the three boxes under Service Provider Configuration and copy/paste the SP configuration URLs into Azure

  • In Azure, under Basic Configuration copy and paste the 3 URLs in the order given, the rest can be left blank:
    • Entity ID/Trust identifier URL ➡️ Identifier (Entity ID)
       
    • Assertion Customer Service (ACS) URL ➡️ Reply URL (Assertion Consumer Service URL)
    • Service Provider Login URL ➡️ Sign on URL 

  • Back in Workshop, Perform a test login in order to active SAML SSO. Once SAML is enabled, it will restrict user/password logins and all users will be required to use SSO in order to log in.