Microsoft SSO SAML Configuration Guide
- 06 May 2024
- Print
- DarkLight
- PDF
Microsoft SSO SAML Configuration Guide
- Updated on 06 May 2024
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
This feature is available in the following plans: | ||
✖ Base | ✖ Pro | ✔ Enterprise |
This article explains how to configure Microsoft SSO SAML for use with Skykit.
Before You Enable SSO SAML
Enabling SAML affects all assigned users who use the Skykit application. They will need to log in with Skykit using Microsoft SSO.
Requires a Microsoft Azure Administrator
Completing this configuration requires the Microsoft Azure Administrator Role that has permission to fully manage your Microsoft account.
Remove Existing Microsoft Azure Enterprise Applications
If you previously allowed or configured a Microsoft Azure Enterprise Application for logging into Skykit, please remove it and create a new one following the configuration steps below. A limitation in Microsoft Azure prevents you from changing to SAML SSO as the authentication method for existing Enterprise Applications.
Configuration Steps
- Go to Azure Portal.
- Under Azure Services, select Enterprise applications.
- Click on New application.
- Click Create your own application at the top
- For the application name, enter "Skykit SSO SAML".
- Choose Integrate any other application you don't find in the gallery (Non-gallery) for the application type.
- Go to the application you created in Step 4.
- In the left navigation panel, select Overview.
- Under the Getting Started section, click on Set up single sign on.
- Choose SAML as the sign-on method. This will direct you to the SAML configuration page.
- Under Manage in the left navigation panel, select Single sign-on.
- For the Basic SAML Configuration, Skykit will provide you with the configuration for the following:
- Identifier (Entity ID): msft-skykit-sp
- Reply URL (Assertion Consumer Service URL): https://login.skykit.com/__/auth/handler
- Sign on URL: https://login.skykit.com/
- Click the Save button at the top, and click the 'X' in the top right corner to close the window
- For Attributes & Claims, click on each claim name to update as follows:
- Unique User Identifier (Name ID): user.userprincipalname
- email: user.mail
- Remove the Namespace value
- firstName: user.givenname
- Remove the Namespace value
- name: user.userprincipalname
- Keep the Namespace value
- lastName: user.surname
- Remove the Namespace value
- Click the 'X' in the top right corner to close the claims window after you're finished
- If you are sent back to the Azure home screen, navigate back to the Enterprise application you created in Step 4.
- Back on the Single Sign-On setup screen, under SAML Certificates, click on "Download" next to Certificate (Base64) to download the certificate. Provide this certificate to Skykit.
- Under Step 4 or Set up Skykit SSO SAML, provide Skykit with the following information:
- Login URL
- Microsoft Entra Identifier
- Lastly, add users or groups to the application to enable SSO functionality, under the Manage > Users and Groups section.
Send Us Your Configuration
Please send an email to support@skykit.com with the subject "Microsoft SSO SAML Setup", and include:
- Certificate from Step 15
- Login URL and Microsoft Entra Identifier from Step 16
The Skykit Support Team will contact your shortly with further instructions once your configuration has been set.
If you encounter any issues or have any questions, please reach out to support@skykit.com.
Was this article helpful?