Povratne informacije Uredi

Tutorial: Azure Active Directory integration with Uberflip

  • Članak
  • 5 min. za čitanje

In this tutorial, you learn how to integrate Uberflip with Azure Active Directory (Azure AD).

Integrating Uberflip with Azure AD provides you with the following benefits:

  • You can control in Azure AD who has access to Uberflip.
  • You can enable your users to be automatically signed in to Uberflip (single sign-on) with their Azure AD accounts.
  • You can manage your accounts in one central location: the Azure portal.

For details about software as a service (SaaS) app integration with Azure AD, see What is application access and single sign-on with Azure Active Directory?.

Prerequisites

To configure Azure AD integration with Uberflip, you need the following items:

  • An Azure AD subscription. If you don't have an Azure subscription, create a free account before you begin.
  • An Uberflip subscription with single sign-on enabled.

Scenario description

In this tutorial, you configure and test Azure AD single sign-on in a test environment.

Uberflip supports the following features:

  • SP-initiated and IDP-initiated single sign-on (SSO).
  • Just-in-time user provisioning.

Add Uberflip from the Azure Marketplace

To configure the integration of Uberflip into Azure AD, you need to add Uberflip from the Azure Marketplace to your list of managed SaaS apps:

  1. Sign in to the Azure portal.

  2. In the left pane, select Azure Active Directory.

    The Azure Active Directory option

  3. Go to Enterprise Applications, and then select All Applications.

    The Enterprise applications pane

  4. To add a new application, select + New application at the top of the pane.

    The New application option

  5. In the search box, enter Uberflip. In the search results, select Uberflip, and then select Add to add the application.

    Uberflip in the results list

Configure and test Azure AD single sign-on

In this section, you configure and test Azure AD single sign-on with Uberflip based on a test user named B Simon. For single sign-on to work, you need to establish a link between an Azure AD user and a related user in Uberflip.

To configure and test Azure AD single sign-on with Uberflip, you need to complete the following building blocks:

  1. Configure Azure AD single sign-on to enable your users to use this feature.
  2. Configure Uberflip single sign-on to configure the single sign-on settings on the application side.
  3. Create an Azure AD test user to test Azure AD single sign-on with B. Simon.
  4. Assign the Azure AD test user to enable B. Simon to use Azure AD single sign-on.
  5. Create an Uberflip test user so that there's a user named B. Simon in Uberflip who's linked to the Azure AD user named B. Simon.
  6. Test single sign-on to verify whether the configuration works.

Configure Azure AD single sign-on

In this section, you enable Azure AD single sign-on in the Azure portal.

To configure Azure AD single sign-on with Uberflip, take the following steps:

  1. In the Azure portal, on the Uberflip application integration page, select Single sign-on.

    Configure single sign-on option

  2. In the Select a single sign-on method pane, select SAML/WS-Fed mode to enable single sign-on.

    Single sign-on select mode

  3. On the Set up Single Sign-On with SAML pane, select Edit (the pencil icon) to open the Basic SAML Configuration pane.

    Screenshot shows the Basic SAML Configuration, where you can enter a Reply U R L.

  4. On the Basic SAML Configuration pane, do one of the following steps, depending on which SSO mode you want to configure:

    • To configure the application in IDP-initiated SSO mode, in the Reply URL (Assertion Consumer Service URL) box, enter a URL by using the following pattern:

      https://app.uberflip.com/sso/saml2/<IDPID>/<ACCOUNTID>

      Uberflip domain and URLs single sign-on information

      Note

      This value isn't real. Update this value with the actual reply URL. To get the actual value, contact the Uberflip support team. You can also refer to the patterns shown in the Basic SAML Configuration pane in the Azure portal.

    • To configure the application in SP-initiated SSO mode, select Set additional URLs, and in the Sign-on URL box, enter this URL:

      https://app.uberflip.com/users/login

      Screenshot shows Set additional U R Ls where you can enter a Sign on U R L.

  5. On the Set up Single Sign-On with SAML pane, in the SAML Signing Certificate section, select Download to download the Federation Metadata XML from the given options and save it on your computer.

    The Federation Metadata XML download option

  6. In the Set up Uberflip pane, copy the URL or URLs that you need:

    • Login URL
    • Azure AD Identifier
    • Logout URL

    Copy configuration URLs

Configure Uberflip single sign-on

To configure single sign-on on the Uberflip side, you need to send the downloaded Federation Metadata XML and the appropriate copied URLs from the Azure portal to the Uberflip support team. The Uberflip team will make sure the SAML SSO connection is set properly on both sides.

Create an Azure AD test user

In this section, you create a test user named B. Simon in the Azure portal.

  1. In the Azure portal, in the left pane, select Azure Active Directory > Users > All users.

    The Users and "All users" options

  2. At the top of the screen, select + New user.

    New user option

  3. In the User pane, do the following steps:

    The User pane

    1. In the Name box, enter BSimon.

    2. In the User name box, enter BSimon@<yourcompanydomain>.<extension>. For example, BSimon@contoso.com.

    3. Select the Show password check box, and then write down the value that's displayed in the Password box.

    4. Select Create.

Assign the Azure AD test user

In this section, you enable B. Simon to use Azure single sign-on by granting their access to Uberflip.

  1. In the Azure portal, select Enterprise Applications > All applications > Uberflip.

    Enterprise applications pane

  2. In the applications list, select Uberflip.

    Uberflip in the applications list

  3. In the left pane, under MANAGE, select Users and groups.

    The "Users and groups" option

  4. Select + Add user, and then select Users and groups in the Add Assignment pane.

    The Add Assignment pane

  5. In the Users and groups pane, select B Simon in the Users list, and then choose Select at the bottom of the pane.

  6. If you're expecting a role value in the SAML assertion, then in the Select Role pane, select the appropriate role for the user from the list. At the bottom of the pane, choose Select.

  7. In the Add Assignment pane, select Assign.

Create an Uberflip test user

A user named B. Simon is now created in Uberflip. You don't have to do anything to create this user. Uberflip supports just-in-time user provisioning, which is enabled by default. If a user named B. Simon doesn't already exist in Uberflip, a new one is created after authentication.

Note

If you need to create a user manually, contact the Uberflip support team.

Test single sign-on

In this section, you test your Azure AD single sign-on configuration by using the My Apps portal.

When you select Uberflip in the My Apps portal, you should be automatically signed in to the Uberflip subscription for which you set up single sign-on. For more information about the My Apps portal, see Access and use apps on the My Apps portal.

Additional resources