Edisen is able to provide it's users with SAML based authentication and single sign-on (SSO) access to the application through an identity provider (IdP) of your choice.
Note that we do not support SCIM provisioning at this point.
There are two simple steps to configure and enable Single Sign-On for Edisen users with your company's identity provider:
Configuring SSO with Microsoft Azure AD
In this article, we will cover the second step, Configuring SSO with Microsoft Azure AD - via the "Single Sign-On" button and "SSO Configuration" panel. Any identity provider of your choice can be used (like Okta, OneLogin, ADFS by Microsoft, Auth0, Google), but in this article we will cover setting up with Microsoft Azure AD.
You will be able to enable and configure SSO once you have a verified a domain and it is in Active status.
Before configuring SSO
Before configuring SAML single sign-on, create an Edisen account (ask an Edisen admin to send you an invitation) with an admin access so that you can use to access your organization even if SAML has been misconfigured. This account must not use an email address from a domain you have verified for this organization. This ensures that the account will not redirect to SAML single sign-on when you login in.
Consider this account as temporary: you'll be able to remove admin access from it when you are satisfied that SAML single sign-on is working as expected for your users.
Setup SAML single sign-on with Microsoft Azure AD
It is strongly recommended to configure the feature in a separate incognito mode window of your browser. This way you keep the session in the standard window, allowing you to switch off the SSO authorization in case something is configured incorrectly.
Once we have a verified active domain, we are able to configure SSO. In the Service Provider Information section, use the following information:
Entity ID = https://api.edisen.com
Callback URL = https://api.edisen.com/v3/auth/saml/callback
Signature Algorithm = SHA - 256
Adding and Configuring the app
Create a new application in the Azure AD Enterprise Application Gallery
Click Setup single sign on and select the SAML sign-on method.
You will see basic SAML configuration is already in place.
Creating the Certificate
Scroll to SAML Signing Certificate section and click to Add a certificate.
Click +New Certificate and choose the Signing Option = Signed SAML Assertion or Signed SAML response and assertion. Assertion must be signed.
Click More options for the certificate and first make the certificate active and then download the Base64 file and save it on your computer.
Configuring SSO in your Edisen organization
Open the downloaded file in a text editor and copy-paste the x509 certificate from the file to the SAML Certificate text area in the panel above.
In the Azure settings and find Login URL and paste it to Sign-in URL field in Edisen.
Copy Azure AD Identifier value from Azure portal, paste it in the Identity Provider Issuer URL textbox in Edisen.
Make sure that you have added at least one company domain before hitting the Save button.
And that's all, your SSO Configuration is now complete.
Full-screen view of the article:
Hope you found this article useful. Please feel free to give us feedback, comments or reach out for questions at firstname.lastname@example.org
For submitting a support request, please see this article https://app.intercom.com/a/apps/ajhtc3bt/articles/articles/3168393/show