Azure AD Configuration Example

    This page describes steps to be done in Azure AD to setup authentication-only SAML SSO connection with ServiceChannel.

    Important note: Creation of custom SAML SSO application is available only with Azure AD Premium.

    Creating custom application

    To create a custom SAML SSO application, the following steps should be performed:

    1. In the Azure classic portal, on the left navigation pane, select Active Directory.
    2. From the Directory list, select the directory for which you want to enable directory integration.
    3. Click Applications in the top menu to open the applications view.
    4. Click Add at the bottom of the page.
    5. On the What do you want to do dialog, click Add an application from the gallery.
    6. Click CUSTOM at the left of the page and select Add an unlisted application my organization is using.
    7. Type the name of the application (ServiceChannelTest in this sample) and press Complete button. If everything is fine you will have message: ServiceChannelTest has been added.

    Configuring SAML SSO

    1. In the Azure classic portal, on the ServiceChannelTest application configuration page, click Configure single sign-on to open the **Configure Single Sign On ** dialog.
    2. On the How would you like users to sign on to ServiceChannelTest page, select Microsoft Azure AD Single Sign-On, and then click Next.
    3. On the Configure App Settings page, enter your ServiceChannel SAML service URL (e.g. "https://st1login.servicechannel.com/saml/acs/" for test environment) into IDENTIFIER and REPLY URL fields and click Next.
    4. On the Configure single sign-on at ServiceChannelTest page, download your certificate and copy ISSUER URL - this information need to be sent to ServiceChannel support in order have the SAML SSO connection set properly on both sides.
    5. Select Confirm and press Next.

    6. Press Complete button to finish the configuration.

    Configure attributes

    In the Azure classic portal, on the ServiceChannelTest application configuration page, click Attributes and set the attributes.

    Only nameid is required if SAML SSO is used for user authentication only. In case of SAML SSO being used for just-in-time (or full) provisioning, additional attributes needs to be provided to create a new user in SC. The Role values should match these specified in a User Role template.

    Assigning users

    To test your custom SAML SSO application, you need to grant some of your Azure AD users the access to ServiceChannelTest.

    1. On the ServiceChannelTest configuration page, click Assign accounts:
    2. Select your test user(s), click Assign, and then click Yes to confirm your assignment.

    Testing SAML SSO

    If you want to test your single sign-on settings, open the Access Panel and click on ServiceChannelTest application.

    Troubleshooting

    If you see ServiceChannel login form, your connection is set up properly but there is an issue with configuration on SC side or wrong data sent in SAML assertion. Contact SC to debug.