Configure SAML in Azure AD

This guide describes the steps required to create a working SAML integration between GoBright and Azure AD.

Create the Enterprise application for the GoBright platform
  1. Login to your Azure Active Directory admin center
  2. Click 'Azure Active Directory' in the left-hand menu, and confirm that your Azure AD is 'Azure AD Premium P1' or higher
  3. Click 'Enterprise applications' and choose 'New application'
  4. Choose 'Non-gallery application', give it the name with 'GoBright', and choose 'Add'
  5. Now wait for Azure AD while it processes adding the application, this might take a minute, then Azure AD will open the overview of the application.
  6. Now add the users and groups you want to give access to this application (you can start off with a few test users):
  7. Now configure SAML for this enterprise application:
    Go to ‘Single sign-on’ and choose ‘SAML’
  8. You are now on the ‘Set up Single Sign-on with SAML’ page proceed with the next parts below.
Enterprise application configuration: Set up Single Sign-on with SAML
  • Basic SAML Configuration:
    Fill ‘Identifier (Entity ID)’ with ‘Relying party identifier / Entity Id
    Fill ‘Reply URL (Assertion Consumer Service URL)’ with the 'Reply URL (Assertion Consumer Service URL)' which you have found in step 1.

User Attributes & Claims
Configure the claims, whereas the images below show the minimum claims:

CLAIM NAME VALUE REQUIRED user.displayname yes user.userprincipalname yes
gobright.pincode [your pincode field] no
gobright.nfc [your nfc field] no
[your default costcenter field] no

To use the optional Pincode and NFC claims, specify the field using the specific claims and values. 

the Claim 'nameidentifier' will be used as the email address of the user in GoBright. It is important that this is the primary email address of the users mailbox. In most cases, the User Principle Name is the same as the primary email address, but for your specific case this might be different.

  • SAML Signing Certificate
    Download the ‘Certificate (Base64)’ and save the file to a location of your preference, for example in 'C:\tokencertificate.cer'
    Now open 'Notepad' and load the exported certificate (for example 'C:\tokencertificate.cer').

    You will now see the text contents, in the following format:
    -----END CERTIFICATE-----

    You will need this in step 3 to configure the GoBright portal.

  • Set up GoBright
    Copy the 'Login URL' and 'Logout URL', you will need this in step 3 to configure the GoBright portal.


Proceed to step 3 of the SAML2 federated identity integration article and finish your SAML integration.

1 out of 1 found this helpful