Sign in to Azure, then navigate to the Enterprise application. Select single sign-on, then edit the basic SAML configuration.
- Navigate to Identifier
- Select Add Identifier.
- Enter “https://{{YourDomain}}”
- Select the default checkbox to set this as the default URL.
- Navigate to Reply URL
- Select Add Reply URL.
- Enter “https://{{YourDomain}}/site/handlers/samlhandler.ashx/ProcessRequest”
- Select the default checkbox to set this as the default URL.
- Navigate to Sign on URL
- Delete the sign-on URL text, and enter “https:///{{YourDomain}}/site/SAMLLogin.aspx?IgnoreRedirect=true”
- Select Save.
Add Claim Rules
- Navigate to Enterprise application -> Set up Single Sign-On with SAML
- Click edit on the second item “Attribute & claims”
- You will create four claim rules: NameID, emailaddress, givenname, surname
-
NameID is the username that appears in the system. The following steps will apply a username that reflects the left half of the email address before the “@”. If this is not your desired format, select a field that meets your organization needs.
- Namespace : http://schemas.xmlsoap.org/ws/2005/05/identity/claims
- Name identifier format : select the name identifier format as Email address
- In Source, select transformation.
- Select Edit transformation. -> manage transformation
- Select the transformation as ExtractMailPrefix()
- Select the attribute name as user.userprincipalname
- Click the Add button
- Add each of the other aforementioned claims (see image below). Most will not use transformations. All claims must exist and be nonblank for authentication to automatically create users.
The following screenshots may or may not exactly match what's available to you in your Azure configuration--they are examples of what you may encounter.