HOWTO: SAML Azure AD Configuration
This page will guide you to the process of integrating your Azure AD SSO with Reemo through SAML.
Note
If your deploy mode gives you access to the Admin Area of the Reemo instance, you can enable SAML integration on the instance instead of per organization.
How To Enable SAML in Reemo
In PrivateCloud, OnPrem, Enterprise environment, SAML can be enabled instance wide and configured in the Connectors section of the Reemo Instance in the Admin Area
On the reemo.io instance (Reemo Cloud) or if you have selected the global settings : SAML Sign in per Organization, SAML must be enabled and configured in the Connectors section of each organization
SAML Connector Configuration
Create a new Connector > SAML Connector inside Reemo
Choose a Friendly Name that will be displayed to your Users, fill Issuer/ App URI ID with “Reemo”. The next fields will be filled after configuring the app in Azure AD.
Connect to your azure AD portal : portal.azure.com
Create a new application on Azure AD in App Services > Manage Azure Active Directory > Enterprise applications > New application.
Click on Create your own application at the top of the page. Fill the application name (Reemo) and select Integrate any other application you don’t find in the gallery (Non-gallery) and click on Create
Once created, open Single sign-on and select SAML.
Scroll to the step 3 and 4 of the Azure form named SAML Certificates and Set up [name of your app].
Copy and paste Login URL from Azure to IP Entry Point inside Reemo.
Download the federationmetadata.xml from your App Federation Metadata Url inside Azure
Copy the first X509 certificate value from federationmetadata.xml
Paste it in IP Certificate inside Reemo
Attributes Mapping
Username should be set to name
Email should also be set to emailaddress
Full Name should be set to displayname
Azure AD Configuration
To finish your configuration Azure requires that you set up Identifier and Reply URL on step 1 of the Azure form. Click on Edit
Click Add identifier and fill the identifier you used inside the Reemo Connector: Reemo
Click Add reply URL and fill the SAML Callback provided in your Connectors list on Reemo.
Click Save. You should now be able to scroll down to the bottom of your Azure form and click on Test to check that everything is working correctly.
Note
To get the redirect URL (callback) of your current connector, the URL is visible in your connectors list in the Configuration column
Declare your SAML Users
After configuring your SAML server, you must provision your user from your identity provider inside your organization. You can provision users inside your organization through the “Provision SAML User” button:
A popup will invite you to add users by their email inside your organization.
Provision through SCIM
Alternatively you can provision your SAML Users through SCIM. Open your Azure Portal and click on Provisioning > Get Started.
Set Provisioning Mode to Automatic
Fill Tenant URL with the SCIM API found in your connectors list on Reemo
Fill Secret Token with the SCIM Token found in your connectors list on Reemo
Click on Test Connection and on Save
You now should be able to provision your users through Azure AD using the Provisioning interface of Azure.
SAML Sign-in
In PrivateCloud, On Premise or Enterprise environment, with SAML Sign in enabled and configured in the global settings, once your users are provisioned, they can log through your identity provider by visiting the following url:
https://[portal_url]/
On the reemo.io instance (Reemo Cloud) or if you have selected the global settings : SAML Sign in per Organization and configured the SAML per Organization, once your users are provisioned, they can log through your identity provider by visiting the following url:
https://[portal_url]/login/[organization_shortname]
Select SAML option and click NEXT
