Single Sign-On (SSO) Setup Guide with Azure AD

This guide explains how to configure Single Sign-On (SSO) for your Springdel environment using Azure Active Directory (Azure AD). Integrating SSO helps you streamline user authentication, improve security, and simplify access management across your organization.

Key Benefits of SSO

• One set of credentials for secure access
• Simplified user onboarding and offboarding
• Centralized identity management through your existing Azure AD
• Enhanced security with multi-factor authentication (MFA) options

Before You Begin

To complete this setup, you’ll need:

• An active Azure AD tenant with admin permissions
• Access to your Springdel Admin Console

Step 1: Register Springdel in Azure AD

1. Sign in to the Azure Portal with an account that has Global Administrator rights.
2. Navigate to Azure Active Directory > Enterprise Applications.
3. Click New Application.
4. Choose Create your own application, enter a name (e.g., Springdel SSO), and select Integrate any other application you don’t find in the gallery.
5. Click Create.

Step 2: Configure SAML-based SSO

1. After the application is created, go to Single sign-on and select SAML.
2. In the Basic SAML Configuration, click Edit and enter the following:

• Identifier (Entity ID):
  https://edge.springdel.com/uis/v1/sso/saml/metadata?provider=azure&organizationid=<organization_id>
  
  
• Reply URL (Assertion Consumer Service URL):
  https://edge.springdel.com/uis/v1/sso/saml/?provider=azure&organizationid=<organization_id>

1. Click Save once it is successfully configured.

Replace <organization_id> with your actual Springdel tenant name.

Step 3: Add User Attribute & Claim

After setting up your Basic SAML Configuration, add a custom claim:

1. Under User Attributes & Claims, click Edit and then select Add new claim.
2. In the Name field, enter: OrganizationId
3. In the Source attribute field, enter your Organization ID value the same as Step 2; with your actual Springdel tenant name.
4. Click Save once it is successfully configured.

Step 4: Download Metadata

1. Under SAML Signing Certificate, download the Federation Metadata XML file.
2. Copy the following items in a text file
   • Login URL
   • Organization ID
   • Azure AD Identifier
   • Application Name
3. Keep this file — you will upload it in Springdel in the next step.

Step 5: Configure SSO in Springdel

1. Log in to your Springdel Admin Console.
2. Navigate to Settings > SSO tab.
3. Fill in the details accordingly
   • Login URL
   • Organization ID
   • Azure AD Identifier
   • Application Name
4. Upload the Federation Metadata XML file you downloaded from Azure AD.
5. Confirm the details and save your settings.

Step 6: Assign Users in Azure AD

1. In Azure AD, navigate back to your Springdel application.
2. Go to Users and groups, then click Add user/group.
3. Select the users or groups who should have access to Springdel via SSO.
4. Click Assign.

Or alternatively, you can allow any users from your Azure AD to login through your SAML application.

1. In Azure AD, navigate back to your Springdel application.
2. Go to Properties.
3. At Assignment Required, toggle to No
4. Click Save once it is successfully configured.
5. This will then allow any users from your Azure AD to login through your SAML application

Step 7: Enable and test Your SSO

1. In Azure AD, navigate back to your Springdel application.
2. Go to Properties.
3. At - Enabled for users to sign-in toggle to Yes.
4. Click Save once it is successfully configured.
5. Then on the Springdel login page https://edge.springdel.com, select Sign in with an SSO Provider and enter your Organization ID configured in Step 2 linked to Azure AD.
6. You should be redirected to your Microsoft sign-in page to authenticate.
7. If successful, you will be logged into your Springdel account.