Azure AD Configuration
- Option 1: Upload metadata XML file
- Option 2: Enter metadata manually
- Option 1: Link to metadata file
- Option 2: Input metadata manually
Sign into Azure as an administrator and click on the "Azure Active Directory" tile.
In the left-hand menu click on "Enterprise Applications" and then click "New application". On the next page click "Create your own application". Name your application (e.g., Sleuth), select the "Integrate any other application you don't find in the gallery (Non-gallery)" option, and click "Create":
Once the application is created, you'll be taken to its homepage. Click the "2. Set up single sign on" tile (alternatively, you can click the "Single sign-on" link in the left-hand navigation):
When prompted, select "SAML" as the single sign-on method, then proceed with one of the 2 options explained below:
Option 1: Upload metadata XML file
Option 2: Enter metadata manually
Click the "Upload metadata file" button to trigger the file import modal, select the file to upload, and click "Add":
Once the file is uploaded, you'll see a preview of the imported metadata. If needed/desired, you can still make changes, although it generally shouldn't be necessary.
One optional field that doesn't get populated automatically is "Relay State"; you can specify it manually by inputting your Sleuth org slug (find it in your URL ->
https://app.sleuth.io/<org-slug>) and clicking "Save" at the top:
On the "Basic SAML Configuration" tile click "Edit":
Fill in the necessary metadata (found in Sleuth), using the following reference, and click "Save":
AZURE AD | SLEUTH | EXAMPLE |
|---|---|---|
Identifier (Entity ID) | SAML Entity ID | https://app.sleuth.io/saml/metadata/ |
Reply URL (Assertion Consumer Service URL) | Assertion Consumer Service | https://app.sleuth.io/complete/saml/ |
Relay State (Optional) | Default Relay State | sleuth
(should be your org slug) |
Logout Url (Optional) | Single Logout Service | https://app.sleuth.io/saml/sls/ |
On the "Attributes & Claims" tile click "Edit".
Under "Required claim" click on the "Unique User Identifier (Name ID)" claim and change the "Source attribute" from
user.userprincipalname to user.mail and click "Save".
Leave the "Additional claims" as they are.
Similarly as before, you can again choose between pointing Sleuth to a URL where the IdP's metadata is now available, or entering the metadata into Sleuth manually.
Option 1: Link to metadata file
Option 2: Input metadata manually
In Azure on the "SAML Certificates" tile under your Enterprise Application, copy the value of the "App Federation Metadata Url" field:
In Sleuth, click the "point Sleuth to metadata file URL" link to trigger the input modal and paste the copied URL into the field, then click "Save":
The remaining fields in Sleuth will get populated automatically, just click "Test Metadata and Save":
Sleuth defaults all of the Advanced configuration to the most commonly used values, but depending on your IdP configuration you might need to adjust "Advanced settings".
On the Application's homepage click the "1. Assign users and groups" tile (alternatively, you can click the "Users and groups" link in the left-hand navigation):
Click the "+Add user/group" button and assign Users/Groups as needed:
Fill in the necessary metadata (found in Azure AD), using the following reference, and click "Test Metadata and Save":
SLEUTH | AZURE AD | EXAMPLE |
|---|---|---|
Entity ID | Azure AD Identifier | https://sts.windows.net/<...> |
SSO URL | Login URL | https://login.microsoftonline.com/<...> |
SLO URL | Logout URL | https://login.microsoftonline.com/<...> |
Certificate | On the "SAML Certificates" tile click "Edit", then click the 3 ellipses at the right end of the Active certificate and select "PEM certificate download". | -----BEGIN CERTIFICATE-----
<...>
-----END CERTIFICATE----- |
Open the downloaded file with a text-/code editor and copy the contents to be pasted into the "Certificate" field in Sleuth.
Last modified 5mo ago