What is a SAML integration with Azure AD?
Making the sign in experience for your employees seamless and easy to use is important for any application you use. At Motivosity, we want to make that a possibility and make the set up just as simple. This article will help walk you through how to set up a SAML integration within your Azure AD portal.
DISCLAIMER: If the integration is not behaving as expected after the initial setup, you'll want to double check the points below. These are three of the most common steps that we see integrated incorrectly.
Production Metadata - do not use staging or sandbox metadata.
Signed Metadata - all metadata and assertions should be signed at start and endpoints.
This integration is meant to redirect to your login page - We don't pass any information to a backend system. We will redirect your users to your login page and you send back the signed assertion to us with the unique identifier of the person being authenticated (i.e. their email).
Setting up the Azure AD SAML integration
Please follow the steps below to configure your SAML integration in your Azure Active Directory Portal:
To get started with the integration, go ahead and open/sign in to your Azure Admin Account. Begin by selecting "Enterprise Applications"
Next, select "New application"
On the next screen, select "Create your own application"
You will then create your own application. Go ahead and name the app "Motivosity" and select "Create"
After you create your application, select the second box under 'Getting Started', "Set up single sign on"
Next, select the "SAML" box
You will then start to configure the application. Go ahead and select the "Edit" button in the 'Basic SAML Configuration' step
You will then fill out the following information and select "Save":
Identifier (Entity ID): https://motivosity.com
Reply URL (Assertion Consumer Service URL): https://app.motivosity.com/sso/saml
IMPORTANT: There SHOULD NOT be a "/" at the end of either of those URLs.
From here, you'll want to jump down to step three (in Azure) and download the XML Metadata file. We'll use this to configure the integration in Motivosity.
Once you have the Metadata file saved, let's make sure that you have granted the proper access to your users on the Azure side of things. Click on Users and groups > + Add user/group ....
...and make sure that your employees are in a group that will have access to the Motivosity app, then select the correct group of users who should have access.
Please Note: If you don't have access to add a group to your application, you can use to following steps to bypass the user assignments. Please note that if auser is logging in through this method, they will need to be added to Motivosity before their
Next, head on over to Motivosity as an admin and this article will help you finish off the integration in Motivosity.
At this point, your SSO integration should be fully functional! You can now go back to your Azure application and assign users and groups so your users can use the integration to authenticate into the Motivosity platform.