Azure AD SSO

Follow these steps to add Azure as the single sign-on provider for your workspace:

  1. Open Buddy SSO settings in one browser tab.
  2. In another tab, sign in to Azure and open Azure Active Directory:

  1. From the left navigation, select Enterprise Applications:

  1. Click the +New application button:

  1. Click +Create your own application, define the app name, and click Create:

  1. Go to Single sign-on and select SAML:

  1. Edit the Basic SAML Configuration:

  1. Fill in the application details with the data copied from Buddy SSO configuration:

    • Reply URL (Assertion Consumer Service URL) → ACS / SP Assertion Consumer Service / Single Sign-On from Buddy
    • Identifier (Entity ID) → SP Entity ID / Audience URI from Buddy

  2. Save the changes.
  3. Save the data required for SSO configuration in Buddy for later use: Login URL, Azure AD Identifier, and download the certificate.
  4. Go to Users and groups and assign users to the application according to your need:

To see the Azure SSO identifier in the People tab:

  1. In Azure, go to Single sign-on → Attributes & Claims
  2. Set the Unique User Identifier to user.mail:

  1. Return to Buddy's SSO settings tab and provide the information you copied from Azure:

    • SSO URL / SAML Endpoint / Identity Provider Single Sign-On URL → Login URL from Azure
    • Issuer → Azure AD Identifier from Azure
    • Certificate → upload the Azure certificate you downloaded
    • Signature / Digest Method → leave at Most popular

  2. Click Test the configuration and enable the SSO on success.
  3. Sign in to your Azure account to save the SSO configuration.