Example of Configuring Microsoft Azure to Connect to Software AG Cloud as the SAML Identity Provider
- Log on to Azure as a user with Administrator privileges.
- If your Azure account does not include users or groups, add them.
- Add a Web Security Service as an application and configure it. This example uses the Symantec Web Security Service (WSS) application
a. Go to the Azure Active Directory page and click Enterprise Applications.
b. Search for Symantec Web Security Service (WSS) and add it to your profile.
c. Click Single Sign-on and then click SAML.
d. In the Basic SAML Configuration section, complete the fields as shown below. For the Reply URL and Sign on URL values, go to Software AG Cloud, go to the Configuration tab, copy the Software AG Cloud redirect URI, and paste it in the fields.
e. The user attributes in the user attributes & claims section will be configured by default. The namespace for the attributes will be set by default and so will display the claim name as a URL. You can remove the namespace for these attributes if necessary.
f. Add an attribute named roles and set it to user.assignedroles.
g. If you want to import the Azure SAML settings into Software AG Cloud instead of entering them manually, go to the SAML Signing Certificate section in Azure and either copy the App Federation Metadata URI or save the federation metadata to a file.
h. To make users available for authentication, go to the Azure Symantec Web Security Service application, click Users and Groups, select the users to include, and click the Assign button.
You can grant access to all users in a group by assigning a role with the desired access permissions to the group.
For information on configuring the role claim issued in the SAML token for enterprise applications, go to https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-enterprise-app-role-management