Getting started

📌Note: Before you start, you need to make sure you are the owner of your organization. Only account owners can set up SAML Authentication.

Please go to Settings > 🔑SAML Authentication and click Enable SAML authentication toggle. Leave the tab open, as you'll need the data from here.

Step 1: Microsoft Azure Setup

Once you're logged in to your Microsoft Azure account, go to Enterprise applications to create a new non-gallery app.

Once your app is created, find Single sign-on in the side menu and select SAML as a single-sign-on method.

Under Basic SAML configuration you'll need to provide:

  • Identifier (Entity ID)
  • Reply URL (Assertion Consumer Service URL )
  • Sign on URL

Microsoft Azure

Corresponding Survicate field

Example:

Identifier (Entity ID)

Not available in UI

https://panel-api.survicate.com/settings/saml/12345/metadata

Reply URL (Assertion Consumer Service URL )

ACS (Consumer) URL

https://panel-api.survicate.com/settings/saml/12345/acs

Sign on URL

Not available in UI

https://panel-api.survicate.com/settings/saml/12345/login

You can find Reply URL ( Assertion Consumer Service URL ) under ACS (Consumer) URL in Survicate:

Identifier (Entity ID) is the same URL but has a different ending with /metadata instead of /acs.

https://panel-api.survicate.com/settings/saml/{{your_organization_id}}/metadata



Sign on URL ends with /login

https://panel-api.survicate.com/settings/saml/{{your_organization_id}}/login

In the end, your settings should look like this:

Now, go to SAML Signing Certificate and download the Certificate (Base64).

Open the downloaded file with any notepad app. Copy and paste the content into the Public certificate field in Survicate settings.

Finally, copy the Login URL from Azure, and paste it into Sign on URL field, and also Azure AD Identifier to Issuer field in Survicate settings.

Survicate

Corresponding Microsoft Azure field

Example:

Sign on URL

Login URL

https://login.microsoftonline.com/a18ec2f5-5051-4200-82c1-0beb9a54d8a1/saml2

Issuer

Azure AD Identifier

https://sts.windows.net/a18ec2f5-5051-4200-82c1-0beb9a54d8a1/

Once you click "Save Configuration" you will get a list of recovery codes.

❗ Please save them; you will need those to bypass the Single Sign-On when you don't have access to SAML provider anymore.

Did this answer your question?