Configure Operatr with Azure AD as a SAML 2.0 identity provider to authenticate and authorize users.
User Authentication
Configuring Azure AD
- Open the Azure Portal and select the directory to use for single sign-on.
- Navigate to Enterprise Applications > Add an Application > Non-Gallery Application.
- Pick a name for your application and click the Add button.
- You should now be in the dashboard for the Operatr application.
- Navigate to Single Sign-On, select SAML as the single sign-on method.
Configure as follows:
Basic SAML Configuration
- Identifier (Entity ID): set this to
Operatr
- Reply URL (Assertion Consumer Service URL): Your Operatr instance SAML URL, e.g:
https://operatr.corp.com/saml
- Leave the other fields blank
SAML Signing Certificate
Download the Federation Metadata XML file and optionally Certificate (Raw). Save these for later.
Integrate Operatr and Azure AD SSO
Set the following environment variables and start Operatr.
AUTH_PROVIDER_TYPE=saml
SAML_RELYING_PARTY_IDENTIFIER=
The Identifier (Entity ID)SAML_ACS_URL=
The Reply URL (Assertion Consumer Service URL)SAML_METADATA_FILE=
The path to the Federation Metadata XML file, e.g./var/saml/azure-metadata.xml
SAML_CERT=
(optional) The path to the Certificate (Raw).pem
file, e.g./var/certs/azure-saml-cert.cer
Operatr will now authenticate users with Azure AD.
User Authorization
See the guide to Role Based Access Control for full configuration details.
Integrate Azure AD and Operatr RBAC
Follow this guide to populate user.assignedroles
, then setup attribute claims within your Enterprise Application configuration like so: (note the Roles
additional claim).
Note: The default role (User
) does not get passed as an assigned role in the SAMLResponse.
Need Help?
- Raise a ticket using the help widget or email support@operatr.io
- Raise an issue in our community Github repository
- Book a video support call or training session at a time that suits your team
Comments
0 comments
Article is closed for comments.