Prerequisites:

  • An existing Azure Active Directory instance with at least one user or user group already defined that you would like to utilize SSO with.

  • Silo Admin Console access for the org you wish to setup SSO with.


A8 Admin Console

  1. Define your vanity URL e.g. mitchmurray (fictional customer) by editing your Org name.

  2. Enable SAML

  3. Download the SP Encryption Certificate SP_cert.crt to your computer.

  4. Do not hit save, leave page open.


Microsoft Azure Portal

  1. Open Azure Active Directory / Enterprise Application

  2. New Application / Non-gallery application

  3. Supply a display name e.g. Authentic8 Silo

  4. Optionally upload our logo file

  5. Click Single sign-on / SAML / Edit (pencil icon)

  6. Identifier (Entity ID): SP Entity ID e.g. https://getsilo.com/sso/saml/mitchmurray/login

  7. Reply URL: SP Post Back URL e.g. https://getsilo.com/sso/saml/mitchmurray/login

  8. Relay State: 2

  9. Click Save / Properties then back to Single sign-on

  10. Click the pencil to edit User Attributes & Claims

  11. Click the … next to ...name for user.userprincipalname, click delete

  12. Click the pencil to edit Name identifier value. Choose Source attribute: user.mail.

  13. Click Save

  14. Click the pencil to edit SAML Signing Certificate

  15. Click the three dots next to the certificate, download Base64 certificate.

  16. Change Signing Option to Sign SAML response.


Recommended - Enable Token encryption (Preview)

  1. Click Token encryption (Preview)

  2. Upload the SP_cert.crt then click Add

  3. Click the … next to the Thumbprint and choose Activate token encryption


Required - Assign Users

  1. Click Users and groups / Add user

  2. Follow the wizard to select a user group or a single user, click Select / Assign.


A8 Admin Console

Transfer the following information from the Azure Portal Single Sign On

  1. Idp Issuer: Azure AD Identifier e.g. https://sts.windows.net/abc123/

  2. IdP Login URL: Azure AD Login URL e.b. https://login.microsoftonline.com/abc123/saml2

  3. IdP Signing Certificate: Upload the Azure AD SAML Signing Certificate (Base64).

  4. Click Save.


Validating

  1. Click Validate from Single sign-on in the Azure Portal Application. You should see “Azure AD successfully issued a token (SAML response) to the application (service provider).”

Errors

PERMISSIONDENIED: FAILED TO PARSE SAML IDP TOKEN: 'NONETYPE' OBJECT HAS NO ATTRIBUTE 'ATTRIB'

  • Ensure you have set your Signing Option to Sign SAML response


Failed to Parse SAML Token

  • Ensure that the user you are trying to sync exists in Silo and Azure AD with the same email address

  • It may be necessary to upload your IdP Signing Cert to the Silo Admin Console in Unix Line Format. Open the cert in Notepad++ or similar, click Edit, EOL Conversion, Unix LF.


User Not Found

  • Your user may not be provisioned with their email address in Azure matching their Silo username.

  • You may need to update nameidentifier to user.localprincipalname depending on your Azure AD configuration


*Note: Authentic8 makes no warranty on third-party software. We assume no responsibility for errors or omissions in the third-party software or documentation available. Using such software is done entirely at your own discretion and risk.



Screenshots of the Authentic8 Customer Success Test Environment


image1.png



image2.png



image3.png




image4.png


Please contact Support if you have any additional questions and/or require further information.