Fluent Commerce Logo
Docs
Sign In

Configure Azure AD connection via SAML

How-to Guide

Author:

Fluent Commerce

Changed on:

27 Mar 2024

Key Points

  • It is possible to use the generic SAML configuration to add an external identity provider that follows the SAML standard. 
  • Steps to configure an external identity provider via SAML configuration

Steps

Registering application with Microsoft

Step arrow right iconAccess Microsoft Azure Portal

Go to Microsoft Azure portal. If one doesn’t have a Microsoft Azure account, they can create one.

Step arrow right iconAccess Azure Active Directory

Under Azure services, click Azure Active Directory.

No alt provided

Step arrow right iconAccess Enterprise applications

On the left, click Enterprise applications.

No alt provided

Step arrow right iconCreate New Application

At the top, click New application and then click button Create your own application.

Step arrow right iconConfigure Application

On the appeared drawer input application name, select Integrate any other applications you don’t find in the gallery (Non-gallery) option and then click Create button in the bottom of the drawer.

No alt provided

Configuration

Step arrow right iconAccess Enterprise Application in Azure Portal

Go to Microsoft Azure portal and select your Enterprise application.

No alt provided

Step arrow right iconNavigate to Single Sign-On: SAML

On the left menu, click Single sign-on and select SAML.

No alt provided

Step arrow right iconEdit Basic SAML Configuration

Click on Edit icon on the Basic SAML Configuration card. It is necessary to fill Identifier and Reply URL fields on the drawer. To do so, click on Add Identifier and Add reply URL buttons.

No alt provided

Step arrow right iconSet Up External IdP in PingOne

To fill the values from the previous step, we need to create an External IdP in PingOne. Go to Connections → External IDPs and click + Add Provider.

No alt provided

Step arrow right iconConfigure SAML Profile

Click SAML. Then on the Create Profile screen, enter the following:

  • Name. A unique identifier for the identity provider.
  • Description (optional). A brief characterization of the identity provider.
  • Icon (optional). An image to represent the identity provider. Use a file up to 1MB in JPG, JPEG, GIF, or PNG format.
  • Login button (optional). An image will be used for the login button that the end user will see. Use a 300 X 42-pixel image.
No alt provided

Click Continue.

Step arrow right iconCopy PingOne (SP) Entity ID to Azure

On the Configure PingOne Connection screen, copy the PingOne (SP) entity ID and put the value into the Identifier field on the Basic SAML Configuration drawer in Azure (see Edit Basic SAML Configuration step).

No alt provided

Then click Continue.

No alt provided

Step arrow right iconCopy ACS Endpoint to Azure and Save

On the Configure IDP Connection screen, copy ACS ENDPOINT and fill the copied value into the Reply URL field on the Basic SAML Configuration drawer in Azure (see Edit Basic SAML Configuration step).

No alt provided

Click the Save button on the Basic SAML Configuration drawer in Azure.

No alt provided


Step arrow right iconCopy App Federation Metadata URL and Import to PingOne

In the SAML Certificates card, copy the App Federation Metadata URL.

No alt provided

Afterward, go back to PingOne and select the option Import from URL on the Configure IDP Connection screen, paste the App Federation Metadata URL, and click Import.

No alt provided

Click Save and Continue.

Step arrow right iconComplete SAML configuration

On the Map Attributes screen, click Save&Finish.

No alt provided

Do not forget

Step arrow right iconEnable External Identity Provider and Add to Authentication Policy

1. Enable the External Identity Provider.

2. Create a new Authentication Policy and add the newly created External Identity Provider to it.

No alt provided

3. Add the Authentication Policy to the application.

No alt provided

Step arrow right iconDecide which users from the company should have access to Fluent App

Access the Microsoft Azure portal, navigate to Enterprise applications, then All applications, and select your application. Go to the Manage section and select Users and groups. Then, proceed by clicking the Add user/group button to assign users and groups to application roles for the specific application.

No alt provided


Fluent Commerce

Fluent Commerce

Copyright © 2024 Fluent Retail Pty Ltd (trading as Fluent Commerce). All rights reserved. No materials on this docs.fluentcommerce.com site may be used in any way and/or for any purpose without prior written authorisation from Fluent Commerce. Current customers and partners shall use these materials strictly in accordance with the terms and conditions of their written agreements with Fluent Commerce or its affiliates.

Fluent Logo