Skip to main content

Setup SSO with Azure Active Directory using SAML in OneID

Zuora

Setup SSO with Azure Active Directory using SAML in OneID

This article describes how to configure Azure AD to enable single sign-on with OneID. For more information about SSO in OneID, see Configure single sign-on for OneID.

In this article, the following topics are covered: 

  • Add Zuora OneID application to Azure AD.
  • Obtain Azure AD IDP metadata URL.
  • Assign the Zuora OneID application to Azure users.

Step 1: Add Zuora OneID application to Azure AD

To add Zuora OneID application to Azure AD, perform the following steps:

  1. Log in to Azure AD as an administrator.
  2. Go to the Enterprise Application tab and click New Application.
  3. Click Create your own application and enter a name for the app.
  4. Select Integrate any other application you don’t find in the gallery (Non-gallery) and click Create.
  5. Select SAML 2.0 as the sign-in method in the dialog box and click Next.
  6. Click Single sign-on and select SAML as the sign-in method.
  7. Click Edit in Basic SAML Configuration and configure the following SAML settings:
    • Identity (Entity ID): Enter the entity ID of this Zuora OneID application as https://one.zuora.com/saml/metadata
    • Reply Url (Assertion Consumer Service URL): The Assertion Consumer Service (ACS) endpoints where the Zuora OneID application receives the SAML assertion as https://one.zuora.com/saml/SSO
    • Leave other fields at their default values.
  8. Click Edit in Attribute & Claims, remove all the additional claims, and configure the following Unique User Identifier (Name ID).
    • Set Name Identifier format as Email address
    • Set Source as Attribute
    • Change Source attribute to user.mail
  9. Click Save.

For more information, see Create SAML app integrations.

Step 2: Obtain Azure AD IDP metadata URL

To retrieve the identity provider metadata from Azure AD, provide the metadata URL specific to Azure AD to the Zuora OneID application.

  1. Log in to Azure AD and navigate to the Enterprise Applications tab.
  2. Click the application added for Zuora OneID SSO.
  3. Click the Single Sign On tab.
  4. In the SAML Signing Certificates section, copy the App Federation Metadata URL.
  5. Navigate to Settings in Zuora OneID and click Manage SSO Settings.
  6. Paste the App Federation Metadata URL to enable the SSO.

Step 3: Assign the Zuora OneID application to Azure AD users

  1. Log in to Azure AD and navigate to the Enterprise Applications tab.
  2. Click the application added for Zuora OneID SSO.
  3. Click the User and Groups tab.
  4. Click Add User/Group.
  5. Find the person you want to assign the Zuora OneID application and click Select.
  6. Verify the user name and click Assign.
  7. Repeat steps 5 and 6 to assign all the users you want to the Zuora OneID application.

For more information, see Assign app integrations.