Azure AD Setup Guide

Introduction

This guide will take you through the steps to setup Azure AD as a single sign on Identity Provider for OptiTune.

Create the Azure AD Enterprise Application

Login to Azure

Login to https://portal.azure.com and search for "Azure AD", and select the feature.




On the left hand navigation section, select "Enterprise Applications"




Select "New application"





Select "Create your own application"





Create the application

Enter a name for the application, like "OptiTune", and make sure "Integrate any other application you don't find in the gallery (Non-gallery)" is selected, and press "Create".




Enterprise Application Setup

Assign users to the application

Click on "1. Assign users and groups", and add any users or groups in your organization's active directory that you want to be able to access OptiTune using SSO.




Setup up single sign on

Click on "2. Setup up single sign on"




Select "SAML" for the single sign on method

Click on "SAML"




Edit the "Basic SAML Configuration"

Press "Edit" under section 1, "Basic SAML Configuration"




Back in OptiTune, start adding the SAML Configuration

Back in the OptiTune management console, go to the SAML Configurations page, and click "Add". Enter in a name and description for the SAML Configuration, as shown below.
You will need to copy the information shown under "Identity Provider Configuration" into the Enterprise Application in Azure AD.




Copy the SAML information for the OptiTune application back into Azure AD

Copy and paste each of these fields into the appropriate area in Azure AD - Basic SAML Configuration, and press "Save".

  • Identifier (Entity ID)
  • Reply URL (Assertion Consumer Service URL)
  • Sign on URL (optional)



Download the Base64 SAML Signing certificate from Azure AD

Download the Base64 SAML Signing certificate from Azure AD, and open up the ".cer" file in notepad. It should begin with "-----BEGIN CERTIFICATE-----" and end with "-----END CERTIFICATE-----"




Add the certificate in OptiTune

Paste the contents of the certificate file into the "certificate" field in OptiTune




Add the Login URL and Logout URL to OptiTune

Copy and paste the "Login URL" and "Logout URL" from Azure AD to OptiTune




Save and Test

You must save the "SAML Configuration" in OptiTune by pressing the "Save" button at the bottom. Test that the SSO integration is working by using your organization specific Single Sign On (SSO) link shown in the SAML Configurations page.

Or, you can visit the "Sign On Url" link that is shown at the top of the OptiTune SAML Configuration page, under "Identity Provider Configuration".