search

How to set up SSO SAML 2.0 with Azure

This document explains, how to configure SAML 2.0 SSO between Azure AD and DocStudio using IdP metadata (URL or XML), certificates, and attribute mappings.

Single Sign-On (SSO) is an authentication method that enables users to securely log in to various applications, platforms, or websites using a single set of credentials. SSO functions based on a trust relationship between a service provider application and an identity provider (IdP) such as Google, Okta, OneLogin, or Microsoft AD FS. This trust is typically established through a certificate exchanged between the IdP and the service provider:

Benefits of using SSO:

  • Users sign in with existing credentials. They type passwords less often.

  • Your IdP stays the source of truth for authentication.

  • You do not need to sync passwords with the IdP.

In DocStudio, you can configure Single Sign-On to allow employees to access DocStudio through their Identity Provider (IdP), removing the need for passwords during the login process, ensuring secure and quick access.

DocStudio's single sign-on system is based on Security Assertion Markup Language 2.0 (SAML 2.0), which is the leading industry standard for exchanging authentication and authorisation data across web applications.

In the 'Integrraions' tab, you can add your SSO providers to set up SSO authentication for corporate users. To 'Create an SSO provider', click on the corresponding button and complete the fields in the modal window:

You can choose the type of metadata (URL or XML). After filling out the details, click the button.

The providers added this way can be edited pencil or deleted trash (although deletion requires confirmation)

hashtag
Configuring on the Azure Side

To proceed, register the application in the Azure Active Directory (Azure AD) with a corporate identity management administrator account.

Then navigate to the menu and go to ‘Enterprise apps’ -> ‘New app’ -> ‘Create a custom app’

Once the application is added and visible in the ‘Enterprise apps’ list. Configure SAML (Single Sign-On options) by selecting ‘Single sign-on’ in the ‘Management’ section and then choosing SAML.

Next, you need to configure the Single Sign-on parameters

Basic SAML Configuration

After adding the URLs and saving the basic configuration, these settings will be available in the system:

  • Attributes and Validations

  • SAML certificates

You will need to configure the SSO connection in DocStudio as follows

  • First Name Match = user.givenname

  • Surname Match = user.surname

  • Phone number match = user.mail

circle-info

These settings may vary depending on your Active Directory (AD) configuration

In the SAML Certificates section, upload the XML file.

To finish the setup in DocStudio, select XML as the metadata type.

Copy the content from your Azure metadata file, paste it into the SSO XML field, and click the button.

circle-info

Don’t forget to enable access for your users on the Azure side and enable SSO in the Domain settings

Previous​How to Add and Manage DomainsNextHow to set up SSO OAuth 2.0 with Azure

Last updated