How to enable Azure AD for SSO

Have more questions? Submit a request
πŸ€“ Who can do this? You will need to be an admin user within Atlan to configure SSO. You will also need to work with your Azure AD administrator to carry out the tasks below in Azure AD.

To integrate Azure AD SSO for Atlan, complete the following steps.

Choose SSO provider (in Atlan)

To choose Azure AD as your SSO provider, within Atlan:

  1. From the left menu on any screen, navigate to Admin.
  2. Under the Workspace heading, click SSO.
  3. Under Choose SAML provider, select Azure AD and then click Configure.
  4. Under Service provider metadata, copy the Identifier (Entity ID), Reply URL (Assert Consumer Service URL), and Logout Url.

Set up SAML app (in Azure AD)

To set up a SAML app, within Azure's portal:

  1. From the menu on the left, open Azure Active Directory.
  2. Under Azure Active Directory | Overview click the Add button and then Enterprise application.
  3. Under Browser Azure AD Gallery click the Create your own application button:
    1. For What's the name of your app? enter a name, such as Atlan.
    2. For What are you looking to do with your application? select Integrate any other application you don't find in the gallery (Non-gallery).
    3. At the bottom of the Create your own application dialog, click the Create button.
  4. Wait for the application details to be shown β€” this can take around 1 minute.
  5. Under Getting Started and within the Set up single sign on tile, click the Get started link.
  6. Under Select a single sign-on method click the SAML tile.
  7. In the upper-right of the Basic SAML Configuration card, click the Edit button and enter:
    1. For Identifier (Entity ID) click Add identifier and enter the value you copied from Atlan above.
    2. For Reply URL (Assertion Consumer Service URL) click Add reply URL (twice) and enter the two values you copied from Atlan above. The longer URL should be enabled under the Default column.
    3. For Logout Url (Optional) enter the value you copied from Atlan above.
  8. At the top of the page, under Basic SAML Configuration, click the Save button.
  9. Close the Basic SAML Configuration dialog by clicking the X in the upper-right.

Download Azure AD's metadata file (in Azure AD)

To download Azure AD's metadata file, within the same Azure AD app's SAML-based Sign-on page:

  1. Within the SAML Signing Certificate card, to the right of Federation Metadata XML, click the Download link.
  2. Within the Set up <application> card, copy the Logout URL.

Assign users to the app (in Azure AD)

To assign users to the app, within the Azure AD application's page:

  1. Under Manage click on Users and groups.
  2. At the top of the table, click the Add user/group button.
  3. In the resulting Add Assignment dialog, under the Users heading, click the None Selected link.
  4. In the resulting Users dialog, search for users to add and click them to select them.
  5. When finished, at the bottom of the Users dialog, click the Select button.
  6. At the bottom of the Add Assignment dialog, click the Assign button.

Upload Azure AD's metadata file (in Atlan)

To complete the configuration of Azure AD SSO, within Atlan:

  1. From the left menu on any screen, navigate to Admin.
  2. Under the Workspace heading, click SSO.
  3. Under Choose SAML provider, select Azure AD and then click Configure.
  4. To the right of Identity provider metadata click the Import from XML button.
  5. Select the XML file downloaded from Azure AD above.
  6. Under Single Logout Service URL, enter the logout URL copied from Azure AD above.
  7. At the bottom of the screen, click Save.

Congratulations β€” you have successfully set up Azure AD SSO in Atlan! πŸŽ‰

πŸ’ͺ Did you know? By default, users can now log into Atlan with either Azure AD SSO or a local Atlan account (via email). To only allow logins via SSO, enable the Enforce SSO option in Atlan.

Related articles

Was this article helpful?
1 out of 1 found this helpful