Skip to main content

SAML SSO with Azure AD

  • Updated

Overview

Single sign-on enables you to determine who has access to Parlor by using your existing identify provider/SSO solution.

WIth SSO:

  • Your team members will be able to easily access Parlor as long as they’re logged in to your organization’s identity provider.
  • You can control who has access to Parlor by adding people who have existing Azure Ad accounts as users to the Parlor App.

This article will guide you through setting up and configuring SSO with Parlor.

Step 1: Create an Enterprise Application

1. Login to your Azure Portal and navigate to the homepage. Under Azure Services, click on “All Services” and then on "Azure Active Directory”.

1.png

2. Within Default Direct, click "Enterprise applications” from the side-navigation. 3.png

3. Select “+ New application”

2.png

4. Select "Amazon Web Services (AWS)”

4.png

5. Select "Amazon Web Services (AWS)" once again and give your Enterprise Application a name. Once you’ve named your Application, click “Create”.

5.png

Step 2: Provision Users

1. After Navigating to the Application Overview page, Select "Users and groups”

6.png

2. Select “+ Add user”

7.png

3. Choose the user or group you want to grant access to and click "Select”

8.png

4. After adding all the necessary users or groups to the enterprise application, click "Assign”.

9.png

Step 3: Configure SSO

1. Navigate to the Application overview page

Screen_Shot_2022-02-17_at_9.57.52_AM.png

2. Click on "2. Set up single sign on”

sso__1_.png

3. Select "SAML”

11.png

4. Select "Yes" from the popup that appears on the screen

12.png

5. Select "Edit" from the "Basic SAML Configuration" section

Edit.png

6. Under "Identifier (Entity ID)”:

    1. Delete any old values
    2. Add the following Identifier (Entity ID) = urn:amazon:cognito:sp:us-west-2_7fOle7Nv0

7. Under "Reply URL (Assertion Consumer Service URL)”

    1. Delete any old values
    2. Add the following Reply URL (Assertion Consumer Service URL) = **https://parlor.auth.us-west-2.amazoncognito.com** and click save.

13.png

8. Under "SAML Signing Certificate" , download the "Federation Metadata XML"

14.png

Congrats! Your SSO configuration is ready to be configured with Parlor. Please share the Federation Metadata XML file with your CSM and we’ll enable SSO authentication for your Parlor account!

 

STEP 4: Testing Parlor

Once you’ve received confirmation from your CSM that your SSO is setup, you can now test logging in with Parlor through the ‘Log In Using SSO’ button.

Screen_Shot_2022-02-16_at_3.06.14_PM.png

 

Trouble Shooting FAQ’s

Our organization does not want to sign in through Azure SSO anymore - what should I do?

Unfortunately, we do not support migration to normal sign-in at this point in time. Please reach out to your CSM for further support.

How can I give a new employee access to Parlor through SSO?

Step 1: Add the new employee to your Azure Active Directory

Step 2: Add the new employee to Enterprise Application you created in Step 1 of this document

You’re set!

Is my data shared with my Identity Provider (Azure AD)?

No personal data is shared with the Identify Provider apart from the attributes used to identify the user. In the case of Parlor, this is only the email ID.

How do I remove a user’s access to Parlor through SSO?

Step 1: Remove the employee to Enterprise Application you created in Step 1 of this document

Step 2: Remove the employee from your Azure Active Directory

Related articles