Setup SAML/SSO on Azure Active Directory (AD)

This guide will walk you through the steps to configure Single Sign-On (SSO) for Volumez using Azure Active Directory (AD). This involves creating a non-gallery application in Azure AD, configuring SAML-based authentication, and setting up necessary parameters for seamless integration with Volumez's AWS Cognito User Pool.

Step 1: Create a New Application in Azure AD

1. Login to Azure Portal: Navigate to the Azure portal and sign in with your admin credentials.

1. Go to Enterprise Applications:

   • In the left-hand menu, select Enterprise applications.

   • Click on + New application.

2. Create Your Own Application:

   • Select Create your own application.

   • Enter a name for your application.

   • Choose Integrate any other application you don't find in the gallery (Non-gallery).

   • Click Create.

   

Step 2: Configure SAML-based Single Sign-On

1. Navigate to Single Sign-On Configuration:

   • After the application is created, in the left pane menu, go to Manage -> Single sign-on.

   • Select SAML as the SSO method.

   

2. Edit Basic SAML Configuration:

   • Under Basic SAML Configuration, click on Edit.

3. Fill in the Required Fields:

   • Identifier (Entity ID): Set this field to your Volumez AWS Cognito User Pool ID for users (not M2M pool), prefixed by "urn:amazon:cognito:sp:".

     • Example: "urn:amazon:cognito:sp:us-east-1_FrCG5stEj"

   • Reply URL (Assertion Consumer Service URL): Enter the URL of your Volumez AWS Cognito User Pool's domain, postfixed with "/saml2/idpresponse".

     • Example: "https://volumez-test1.auth.us-east-1.amazoncognito.com/saml2/idpresponse"

   • Sign on URL: Leave this field empty.

   • Relay State: Enter the values in a single string format:

     • Example:

       codeidentity_provider=ayal-azure-saml-test&client_id=1jpfhr4nj9tr6588jkpnio4s5n&redirect_uri=https://wr5ft74e33.execute-api.us-east-1.amazonaws.com/dev/saml&response_type=code&scope=openid
       

   • Logout URL: Similar to the Reply URL, set it to your Volumez AWS Cognito User Pool's domain, postfixed with "/saml2/logout".

     • Example: "https://volumez-test1.auth.us-east-1.amazoncognito.com/saml2/logout"

4. Save the Configuration: Click on Save to apply the settings.

   

Step 3: Assign Users and Groups

1. Add Users/Groups:

   • Navigate to Manage -> Users and groups.

   • Click on Add user/group.

   • Add the users or groups that should have access to the application.

   

   2. add users to the security group associated with application registration.

Step 4:  Assign security group to Volumez tenant.

   1. Copy the security group ID. it will be the ‘object ID’ under the group properties:

2. Go to Volumez console, under “Setup” click on “Single Sign On”
   

   3. Select “Azure EntraID” and paste the recorded security group ID from Azure EntraID. click “Apply”
   

Step 5: Sign In

Go to your Microsoft Apps page (https://myapps.microsoft.com/index.htm) - Volumez should be listed. upon clicking on Volumez icon you will be redirected to your Volumez account.

Conclusion

By following these steps, you've successfully configured SSO for Volumez using Azure Active Directory. Users will now be able to seamlessly sign in to Volumez through Azure AD as soon as they reach the Volumez website.