If you are not able to set up SAML with your AzureAD subdescription level, you can still set up SSO using OpenId Connect: https://helpdesk.intuo.io/support/solutions/articles/19000114646-google-azure-office365-sso-using-openid-connect
SAML Endpoint configuration:
Your SAML provider may send the following attributes:
- mail (email, mandatory)
- givenName (first name, mandatory)
- sn (last name, mandatory)
- businessCategory (department name, optional)
The above are all valid SAML attributes for us that make it possible to create a valid user on our system. To be on the safe side, the param names that your system needs to send are in italics, not in brackets.
IMPORTANT: If you are using Azure AD, these values are already configured.
Supported return values in your SAML authentication provider are as follows:
- Email: mail or http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
- First Name: givenName or http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
- Last Name: sn or http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
- GUID/UUID/Unique user ID used on your system is automatically picked up from the Subject > NameID field in your SAML Response
Steps to enable SAML authentication (as a client)
If you are using AzureAD the please follow these instructions: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications
- As an admin user go to Settings > Integrations > Unit4 Talent Management tab
- Scroll to the SAML Authentication settings box, and enable the setting.
- Fill in the SAML metadata URL with the location of your metadata xml file. This URL looks like:
https://myserver.domain.com/FederationMetadata/2007-06/FederationMetadata.xml. As the XML is being generated on the fly, we need the URL and not the XML content in order to set up the SAML authentication for you.
- Fill in the Login button text with a friendly text you want to show on the landing page SAML button. e.g. SAML Authentication
- Click Save changes
- Sign out and you will see a button with the content from step 5 of this guide. Click it to test your SAML Single Sign On configuration.
Your SAML provider configuration
In case you run into problems or have any other questions, do not hesitate to contact us at email@example.com