Create an Azure AD enterprise application
Open Azure Portal https://portal.azure.com, on the right side menu, choose “Azure Active Directory”
If there is no such service, Open “All services” and type “Azure Active Directory”
In Active Directory menu choose “Enterprise applications”:
In the opened section choose “New Application”:
Pick “Non-gallery application” type for your application
Type “ERIN” as the name of your application and press “Add”. Now your application is created and time to connect it to AWS User Pool.
Setup Single sign-on. In your Azure AD enterprise application choose section “Single sign-on”, in the dropdown list choose “SAML-based Sign-on”:
In the section “Domain and URLs” set next information:
- Identifier. Identifier contains your User Pool id (from AWS) and built with next pattern:
ERIN CUSTOMER SUCCESS WILL SEND YOUR IDENTIFIER
- Reply URL. The Reply URL is where from application expects to receive the authentication token. This is also referred to as the “Assertion Consumer Service” (ACS) in SAML. Is should follow the pattern:
ERIN CUSTOMER SUCCESS WILL SEND YOUR REPLY URL
Save your changes and download SAML File:
SEND YOUR METADATA XML FILE TO YOUR CUSTOMER SUCCESS REP
Add a User to your app. In your Azure AD select “Enterprise applications” and choose your application. Select “Users and groups”->“Add user”.
Invite new users or select from existing. These users will be able to login with this Azure AD account to your application. When you’ll finish adding a user select “Assign”.
This is all settings in the Azure portal. At the end of this section you should have:
- SAML file with XML format;
- user(s) to login.
Architecture Overview for Azure AD SSO with ERIN: