Tutorial: Azure Active Directory integration with Velpic SAML
In this tutorial, you learn how to integrate Velpic SAML with Azure Active Directory (Azure AD).
Integrating Velpic SAML with Azure AD provides you with the following benefits:
- You can control in Azure AD who has access to Velpic SAML
- You can enable your users to automatically get signed-on to Velpic SAML (Single Sign-On) with their Azure AD accounts
- You can manage your accounts in one central location - the Azure Management portal
If you want to know more details about SaaS app integration with Azure AD, see What is application access and single sign-on with Azure Active Directory.
To configure Azure AD integration with Velpic SAML, you need the following items:
- An Azure AD subscription
- A Velpic SAML single-sign on enabled subscription
To test the steps in this tutorial, we do not recommend using a production environment.
To test the steps in this tutorial, you should follow these recommendations:
- You should not use your production environment, unless this is necessary.
- If you don't have an Azure AD trial environment, you can get an one-month trial here.
In this tutorial, you test Azure AD single sign-on in a test environment. The scenario outlined in this tutorial consists of two main building blocks:
- Adding Velpic SAML from the gallery
- Configuring and testing Azure AD single sign-on
Adding Velpic SAML from the gallery
To configure the integration of Velpic SAML into Azure AD, you need to add Velpic SAML from the gallery to your list of managed SaaS apps.
To add Velpic SAML from the gallery, perform the following steps:
In the Azure Management Portal, on the left navigation panel, click Azure Active Directory icon.
Navigate to Enterprise applications. Then go to All applications.
Click Add button on the top of the dialog.
In the search box, type Velpic SAML.
In the results panel, select Velpic SAML, and then click Add button to add the application.
Configuring and testing Azure AD single sign-on
In this section, you configure and test Azure AD single sign-on with Velpic SAML based on a test user called "Britta Simon".
For single sign-on to work, Azure AD needs to know what the counterpart user in Velpic SAML is to a user in Azure AD. In other words, a link relationship between an Azure AD user and the related user in Velpic SAML needs to be established.
This link relationship is established by assigning the value of the user name in Azure AD as the value of the Username in Velpic SAML.
To configure and test Azure AD single sign-on with Velpic SAML, you need to complete the following building blocks:
- Configuring Azure AD Single Sign-On - to enable your users to use this feature.
- Creating an Azure AD test user - to test Azure AD single sign-on with Britta Simon.
- Creating a Velpic SAML test user - to have a counterpart of Britta Simon in Velpic SAML that is linked to the Azure AD representation of her.
- Assigning the Azure AD test user - to enable Britta Simon to use Azure AD single sign-on.
- Testing Single Sign-On - to verify whether the configuration works.
Configuring Azure AD single sign-on
In this section, you enable Azure AD single sign-on in the Azure Management portal and configure single sign-on in your Velpic SAML application.
To configure Azure AD single sign-on with Velpic SAML, perform the following steps:
In the Azure Management portal, on the Velpic SAML application integration page, click Single sign-on.
On the Single sign-on dialog, as Mode select SAML-based Sign-on to enable single sign on.
Enter the details in the Velpic SAML Domain and URLs section-
a. In the Sign-on URL textbox, type the value as:
b. In the Identifier textbox, paste the ‘Single sign on URL’ value
Please note that the Sign on URL will be provided by the Velpic SAML team and Identifier value will be available when you configure the SSO Plugin on Velpic SAML side. You need to copy that value from Velpic SAML application page and paste it here.
On the SAML Signing Certificate section, click Metadata XML and then save the XML file on your computer.
Click Save button.
On the Velpic SAML Configuration section, click Configure Velpic SAML to open Configure sign-on window. Copy the SAML Entity ID from the Quick Reference section.
In a different web browser window, log into your Velpic SAML company site as an administrator.
Click on Manage tab and go to Integration section where you need to click on Plugins button to create new plugin for Sign-In.
Click on the ‘Add plugin’ button.
Click on the SAML tile in the Add Plugin page.
Enter the name of the new SAML plugin and click the ‘Add’ button.
Enter the details as follows:
a. In the Name textbox, type the name of SAML plugin.
b. In the Issuer URL textbox, paste the SAML Entity ID you copied from the Configure sign-on window of the Azure portal.
c. In the Provider Metadata Config upload the Metadata XML file which you downloaded from Azure portal.
d. You can also choose to enable SAML just in time provisioning by enabling the ‘Auto create new users’ checkbox. If a user doesn’t exist in Velpic and this flag is not enabled, the login from Azure will fail. If the flag is enabled the user will automatically be provisioned into Velpic at the time of login.
e. Copy the Single sign on URL from the text box and paste it in the Azure portal.
f. Click Save.
Creating an Azure AD test user
The objective of this section is to create a test user in the Azure Management portal called Britta Simon.
To create a test user in Azure AD, perform the following steps:
In the Azure Management portal, on the left navigation pane, click Azure Active Directory icon.
Go to Users and groups and click All users to display the list of users.
At the top of the dialog click Add to open the User dialog.
On the User dialog page, perform the following steps:
a. In the Name textbox, type BrittaSimon.
b. In the User name textbox, type the email address of BrittaSimon.
c. Select Show Password and write down the value of the Password.
d. Click Create.
Creating a Velpic SAML test user
This step is usually not required as the application supports just in time user provisioning. If the automatic user provisioning is not enabled then manual user creation can be done as described below.
Log into your Velpic SAML company site as an administrator and perform following steps:
Click on Manage tab and go to Users section, then click on New button to add users.
On the “Create New User” dialog page, perform the following steps.
a. In the First Name textbox, type the first name of Britta Simon.
b. In the Last Name textbox, type the last name of Britta Simon.
c. In the User Name textbox, type the user name of Britta Simon.
d. In the Email textbox, type the email address of Britta Simon account.
e. Rest of the information is optional, you can fill it if needed.
f. Click SAVE.
Assigning the Azure AD test user
In this section, you enable Britta Simon to use Azure single sign-on by granting her access to Velpic SAML.
To assign Britta Simon to Velpic SAML, perform the following steps:
In the Azure Management portal, open the applications view, and then navigate to the directory view and go to Enterprise applications then click All applications.
In the applications list, select Velpic SAML.
In the menu on the left, click Users and groups.
Click Add button. Then select Users and groups on Add Assignment dialog.
On Users and groups dialog, select Britta Simon in the Users list.
Click Select button on Users and groups dialog.
Click Assign button on Add Assignment dialog.
Testing single sign-on
In this section, you test your Azure AD single sign-on configuration using the Access Panel.
When you click the Velpic SAML tile in the Access Panel, you should get login page of Velpic SAML application. You should see the ‘Log In With Azure AD’ button on the sign in page.
Click on the ‘Log In With Azure AD’ button to log in to Velpic using your Azure AD account.