Steps to Configure Azure AD as External IDP for Cymmetri
Setting up Cymmetri Service Provider for External Identity Provider Configuration
Login into the Cymmetri Administration Console for the below configuration
Note: The user interface may differ but the configuration options will remain the same.
Click on “Add New”.
Navigate to External IDP in Identity Provider.
Configure Azure AD for Creating Identity provider configuration
Click on Edit basic SAML configuration.
Add Identifier (Entity ID) and Assertion Consumer Service URL from the xml file downloaded in step 3 (For Azure, Sign on and ACS URL is the same) and save the configuration.
Continue configuration of Identity Provider In Cymmetri Administration Console
Copy Azure AD Identifier from Set up, navigate to azure-idp in Cymmetri and paste it in Entity ID. Similarly, copy login URL and paste it in Single Sign On Service URL in Cymmetri.
Replace the text "<host-name>" as the URL of the Cymmetri deployment (e.g., https://aktestidp.ux.cymmetri.in) "aktestidp.ux.cymmetri.in" in the destination field - "https://<hostName>/spsamlsrvc/samlSP/SingleSignOnService" as "https://aktestidp.ux.cymmetri.in/spsamlsrvc/samlSP/SingleSignOnService".
Open the Base64 certificate downloaded in step 12, copy it and then paste it in x509Certifcate field in Cymmetri.
Add Name and description and Select Identity Provider as Azure (External IDP) and mark the status as Active.
Assigning user to application in Azure Administration Console for allowing users to use Azure as External Identity provider
Navigate to Enterprise applications and select the application you created in step 8.
Configuring JIT provisioning in Cymmetri Administration Console
If JIT provisioning needs to be enabled for Azure AD as external Identity provider, we may set it up using the steps below.
Navigate to JIT in external identity provider and enable JIT Configuration.
The following fields are mandatory in Cymmetri - firstName, lastName, login, userType, displayName, and email.
For Azure JIT configuration, the following mapping needs to be done -
First Name -
Application Field - http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
Cymmetri Field - firstName
Last Name -
Application Field - http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
Cymmetri Field - lastName
Login (Username) -
Application Field - http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Cymmetri Field - login
User Type -
Application Field - any string
Cymmetri Field - userType
Default Value - <will be one of Employee, Vendor, Consultant>
Display Name -
Application Field - http://schemas.microsoft.com/identity/claims/displayname
Cymmetri Field - displayName
Email Address -
Application Field - http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Cymmetri Field - email
In Azure Administration Console
Last updated