Login through Azure SAML- based SSO

SigningHub gives you the option to authenticate yourself by using Microsoft Azure's SAML-based Single Sign-on credentials to log into SigningHub. In this case, you don't even need to have a SigningHub ID, as your Azure Active Directory account will be used for SigningHub authentication. However, logging in through your Azure Active Directory credentials for the first time, will take you to the registration screen and display your Azure Active Directory (email address) for new registration. After registration, you can easily login through your Azure Active Directory credentials.

To configure Azure with SAML and use it in SH below steps needs to be completed

  1. Configure Microsoft Azure

  2. Configure SigningHub

Configure Microsoft Azure

  1. Sign in to the Azure portal using your Azure Active Directory administrator account.

  2. Click on the "Active Directory do Azure".

  3. Click on the "Enterprise Applications" on the right side.

  4. In the app gallery, you can add an unlisted app by selecting the "Non-gallery Application" tile.

  5. After entering a Name for your application, you can configure the single sign-on options and behaviour.

  6. Once the app is successfully added, it will appear under "Enterprise Applications".

  7. Select your added app from the list.

  8. To start, click on Single sign-on from the application's left-hand navigation menu. The next screen presents the options for configuring single sign-on.

  9. Select the option "SAML-based Sign-on" from the drop-down "Single Sign-on Mode" to configure SAML-based authentication for the application. This requires that the application support SAML 2.0. Complete the following sections to configure single sign-on between the application and Azure AD.

  10. To set up Azure AD, enter the basic SAML configuration. You can manually enter the values or upload a metadata file to extract the values of the fields.

  11. When a user authenticates to the application, Azure AD will issue a SAML token to the app that contains information (or claims) about the user that uniquely identifies them. By default, this includes the user's username, email address, first name, and last name.

  12. When you create Non-Gallery application, Azure AD will create an application-specific certificate with an expiration date of 3 years from the date of creation. You need this certificate to set up the trust between Azure AD and the application.

  13. Click on the "Save" button on top.

  14. To ensure users can sign in to SigningHub after it has been configured to use Azure Active Directory. Users must be assigned access to SigningHub in Azure AD to sign in.

  15. To configure the application for single sign-on, scroll to the end of the SAML-based sign-on configuration page, and then click on Configure SigningHub (Name of the app).

If you are unable to add a custom application, enable the feature by clicking the arrow next to "Get a free Premium trial to use this feature."

  1. If "Single sign-on" is disabled for the logged-in user for the selected app, add the logged-in user as the owner of the added app.

Configure SigningHub

  1. For configuration at SigningHub go to the administrator URL such as "https://admin.signinghub.com/".

  2. Create the connector by clicking on the add icon from Configurations>Connectors.

  3. Select the provider "SAML Identity Provider" from the "Provider" drop-down.

  4. Provide the necessary information such as Name, Login & Logout URL (mentioned in step 15), Binding Type (POST/Redirect define in connector), Signature algorithm (SHA1/SHA256 define in connector ), upload IDP certificate downloaded from azure mentioned in step 12 and click on Save button.

  5. Export the SP metadata by clicking on the "Export SP Metadata" button, this metadata can be used in step 10.

  6. Create the authentication profile by clicking on the add icon from Configurations>Authentication Profiles.

  7. Provide the Name, method as "SAML Authentications", Connector that is created in step 19, select the logo and Save the information.

  8. Publish the changes.

  9. Access the web URL as "https://web.signinghub.com/".

  10. Click the "More Login Options".

  11. Click on the authentication profile that you have created above.

  12. Provide the credentials and log in here

  1. The signature algorithm will match the one set in Step 12 and will be used when signing the request. SHA256 is recommended when the binding type is set to "POST."

  1. In order to make your Azure Active Directory application run, you need to manually update a property on the Azure Portal under the application's manifest. For this:

    1. Click Manifest at the left pane describing your app.

    2. Change the value of the oauth2AllowImplicitFlow property to True. If the property is not present, add it and set its value to true.

    3. Click "Save" to save the modified manifest.

  1. The Microsoft Azure Active Directory authentication method also supports the Single sign-on (SSO) facility. To configure this, go to the integration screen and select "Azure AD" in the "Default Authentication Method" drop-down (as explained in point 6).

  2. As a part of GDPR compliance, the "Service Agreement" dialogue box will appear after successful user authentication. This dialogue box contains the links to the "Terms of Service" and "Privacy Policy" pages. SigningHub will ensure that you agree to them before letting you use your account.

  3. The "Service Agreement" dialogue box will not appear after successful user authentication if no Service Agreement is marked active.

  4. When using an on-premises installation of SigningHub and this is the only configured authentication for the end-users, then you won't need to click the "More Login Options" link to choose it. In that case, this authentication method will be invoked by default on the Login screen.

  5. Users cannot log in to SigningHub if their account is disabled, marked as dormant, or temporarily locked due to multiple invalid login attempts

PreviousLogin through OAuth2NextDashboard

Last updated

© Ascertia Limited 2024