Configure Operatr with Azure AD as a SAML 2.0 identity provider to authenticate and authorize users.

User Authentication

Configuring Azure AD

• Open the Azure Portal and select the directory to use for single sign-on.
• Navigate to Enterprise Applications > Add an Application > Non-Gallery Application.
• Pick a name for your application and click the Add button.
• You should now be in the dashboard for the Operatr application.
• Navigate to Single Sign-On, select SAML as the single sign-on method.

Configure as follows:

Basic SAML Configuration

• Identifier (Entity ID): set this to Operatr
• Reply URL (Assertion Consumer Service URL): Your Operatr instance SAML URL, e.g:

  https://operatr.corp.com/saml

• Leave the other fields blank

SAML Signing Certificate

Download the Federation Metadata XML file and optionally Certificate (Raw). Save these for later.

Integrate Operatr and Azure AD SSO

Set the following environment variables and start Operatr.

• AUTH_PROVIDER_TYPE=saml
• SAML_RELYING_PARTY_IDENTIFIER= The Identifier (Entity ID)
• SAML_ACS_URL= The Reply URL (Assertion Consumer Service URL)
• SAML_METADATA_FILE= The path to the Federation Metadata XML file, e.g.

  /var/saml/azure-metadata.xml

• SAML_CERT=(optional) The path to the Certificate (Raw) .pem file, e.g.

  /var/certs/azure-saml-cert.cer

Operatr will now authenticate users with Azure AD.

User Authorization

See the guide to Role Based Access Control for full configuration details.

Integrate Azure AD and Operatr RBAC

Follow this guide to populate user.assignedroles, then setup attribute claims within your Enterprise Application configuration like so: (note the Rolesadditional claim).

Note: The default role (User) does not get passed as an assigned role in the SAMLResponse.

Need Help?

• Raise a ticket using the help widget or email support@operatr.io
• Raise an issue in our community Github repository
• Book a video support call or training session at a time that suits your team