Setup SSO with Azure Active Directory using SAML in OneID
This article describes how to configure Azure AD to enable single sign-on with OneID. For more information about SSO in OneID, see Configure single sign-on for OneID.
In this article, the following topics are covered:
- Add Zuora OneID application to Azure AD.
- Obtain Azure AD IDP metadata URL.
- Assign the Zuora OneID application to Azure users.
Step 1: Add Zuora OneID application to Azure AD
To add Zuora OneID application to Azure AD, perform the following steps:
- Log in to Azure AD as an administrator.
- Go to the Enterprise Application tab and click New Application.
- Click Create your own application and enter a name for the app.
- Select Integrate any other application you don’t find in the gallery (Non-gallery) and click Create.
- Select SAML 2.0 as the sign-in method in the dialog box and click Next.
- Click Single sign-on and select SAML as the sign-in method.
- Click Edit in Basic SAML Configuration and configure the following SAML settings:
- Identity (Entity ID): Enter the entity ID of this Zuora OneID application as https://one.zuora.com/saml/metadata
- Reply Url (Assertion Consumer Service URL): The Assertion Consumer Service (ACS) endpoints where the Zuora OneID application receives the SAML assertion as https://one.zuora.com/saml/SSO
- Leave other fields at their default values.
- Click Edit in Attribute & Claims, remove all the additional claims, and configure the following Unique User Identifier (Name ID).
- Set Name Identifier format as Email address
- Set Source as Attribute
- Change Source attribute to user.mail
- Click Save.
For more information, see Create SAML app integrations.
Step 2: Obtain Azure AD IDP metadata URL
To retrieve the identity provider metadata from Azure AD, provide the metadata URL specific to Azure AD to the Zuora OneID application.
- Log in to Azure AD and navigate to the Enterprise Applications tab.
- Click the application added for Zuora OneID SSO.
- Click the Single Sign On tab.
- In the SAML Signing Certificates section, copy the App Federation Metadata URL.
- Navigate to Settings in Zuora OneID and click Manage SSO Settings.
- Paste the App Federation Metadata URL to enable the SSO.
Step 3: Assign the Zuora OneID application to Azure AD users
- Log in to Azure AD and navigate to the Enterprise Applications tab.
- Click the application added for Zuora OneID SSO.
- Click the User and Groups tab.
- Click Add User/Group.
- Find the person you want to assign the Zuora OneID application and click Select.
- Verify the user name and click Assign.
- Repeat steps 5 and 6 to assign all the users you want to the Zuora OneID application.
For more information, see Assign app integrations.