Microsoft Azure SSO
Configure single-sign-on (SSO) to Minimus via Azure
Add single-sign-on (SSO) to Minimus in Azure, by configuring Minimus as a custom SAML app.
Prepare the SSO form in Minimus
-
Open the Minimus SSO form. You can use this direct link or navigate as follows: Go to Manage > Users. Then click Configure SSO.
Keep this form open and available in another browser tab as you configure the SAML app in Azure.
-
The form has 3 parts:
- Configure Minimus as a custom app in your identity provider - You will copy these parameters from Minimus to Azure in the next steps.
- SP Entity ID
- Reply URL (Callback / ACS URL)
- Relay State (optional) - If you leave the Relay State blank, users will only be able to login with SSO from the Minimus homepage.
- Connect Minimus to your identity provider - You will fetch these parameters from your Azure custom app and save them to the Minimus form.
- Login SSO URL
- IdP Entity ID
- Certificate
- SAML Attribute Mapping - Azure uses the standard AD claim formats. Copy the relevant schema for each parameter as shown below:
Minimus Parameter Azure Attribute Name Schema Email user.mail http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress Full Name user.userprincipalname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name - Configure Minimus as a custom app in your identity provider - You will copy these parameters from Minimus to Azure in the next steps.
Add Minimus as a custom app under Azure Enterprise Applications
Create a Minimus application in Azure
- The first step is to create the Minimus App in Azure and link it to your Minimus Console. Go to Enterprise Applications to begin.
- Select the option New application.
- In the top bar, select the option to Create your own application.
- Name the application. (We’ll assume the name Minimus App was used for the rest of this guide.)
- Select the option to Integrate any other application you don’t find in the gallery (Non-gallery).
- Click Create.
- Wait for the success confirmation. It may take a minute or so.
Copy Azure entity ID to Minimus
-
You will be automatically navigated to the Minimus App overview page.
-
Copy the Azure Application ID to the IdP Entity ID in the Minimus form.
Configure the SAML app
Select Single sign-on from the left menu, then select SAML.
This will open the form Set up Single Sign-On with SAML. The form includes numbered steps.
- Select Edit for Step 1 - Basic SAML Configuration.
- Copy the following from the Minimus SSO form to Azure:
| To copy from Minimus form | And paste in Azure form |
|---|---|
| SP Entity ID | Identifier (Entity ID) |
| Reply URL (Callback / ACS URL) | Reply URL (Assertion Consumer Service URL) |
| Relay State | Relay State (Optional) |
- Save the form.
Copy Azure attributes & claims to Minimus
This step repeats the instructions for the previous step - Prepare the SSO form in Minimus.
If you haven’t already done so, copy the relevant schema to the SAML Attribute Mapping section in the Minimus SSO form as shown below.
- Select Edit for Step 2 - Attributes & Claims.
- You will see a table of the default claims.
- Copy the schema for the
user.mailand theuser.userprincipalnameto the Minimus form.
| Minimus Parameter | Azure Attribute Name | Schema |
|---|---|---|
| user.mail | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress | |
| Full Name | user.userprincipalname | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Download Base64 Certificate
- In Azure, continue to Step 3 - SAML Certificates.
- Download the Base64 Certificate.
- Open the certificate in notepad or another code viewer, and copy the code (including “-----BEGIN CERTIFICATE… and …END CERTIFICATE-----”).
- Copy the certificate to the Minimus SSO form.
Copy Azure Login URL to Minimus
-
In Azure, continue to Step 4 - Set up Minimus.
-
Copy the Azure Login URL to the field Login SSO URL in the Minimus SSO form.
Save the Minimus SSO form
You are now ready to save the SSO configuration form in Minimus to complete the configuration.
Assign access in Azure
Grant Azure groups and/or users access to Minimus.
- In Azure, select Enterprise Applications.
- Select your Minimus App to open its details.
- Select Users and Groups from the left menu.
- Select Add user/group and follow the instructions on the page.
Troubleshooting SSO access
When copying the certificate to Minimus, make sure there is no whitespace before or after the certificate. Also, check that the expected prefix and suffix are included.