< All Topics

Configuring AzureAD with SAML 2.0

Azure AD is one of the available IDPs to use with Single Sign-On (SSO) in your Hosted~FTP~ account, allowing you to authenticate securely from any device with your SSO credential. This feature is available on our Enterprise T2+ and above accounts. Please note: Hosted~FTP~ SSO supports both SAML 2.0 and OpenID Connect.

How to Setup Azure AD

Please follow the steps below in your Azure portal.

2 Navigate to All Applications
3 Click on New application
4 Click on Create your own application
5 Name your new app and select the box labeled “Integrate any other application you don’t find in the gallery (Non-gallery)”
6 Once the app is created, you will be redirected to the app’s settings. In the navigation bar select Single sign-on > SAML
7 Click on Edit under step 1 named: Basic SAML Configuration
8 Under the Identifier (Entity ID) section, click “Add identifier” and copy and paste the Entity ID provided in the Hosted~FTP~ SSO setup page and paste into the Identifier (Entity ID) field
9 Under the Reply URL (Assertion Consumer Service URL) section, click “Add reply URL” and copy and paste the ACS URL from the Hosted~FTP~ SSO setup page and paste into the Reply URL (Assertion Consumer Service URL) field
10 Click “Save”
11 Scroll down to step 3 named: SAML certificates and download the Base64 version of the certificate onto your device
12 Locate and open the Base64 certificate using a word editor, such as notepad to get the text format
13 Copy the entire contents of the text including —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– and paste into the Hosted~FTP~ SSO setup page in the Certificate field
14 Under Step 4 labelled: Set up [your app name]. Copy the field called Azure AD Identifier and paste into the field called Responder Issuer in the Hosted~FTP~ SSO setup page.
15 Fill in the URL syntax below with your application’s details instead. Replace <ApplicationID> and <TenantID> with your own:

https://myapps.microsoft.com/signin/<ApplicationID>?tenantId=<TenantID>

Example URL: https://myapps.microsoft.com/signin/ASI03c-AFAFA-4321?tenantId=JH4314b0d-UJITDD-ASHHF

Application ID: In your app’s settings, click on Overview in the navigation bar and copy the field called Application ID

Tenant ID: Copy the characters at the end of the URL you pasted in step 14

15 Make sure the following fields have been filled in the Hosted~FTP~ SSO setup page:

  • Response Issuer
  • IDP URL
  • Certificate

Then click “Save

 

Configuring SSO Azure AD in Hosted~FTP~

Once you have followed all of the steps above, you can continue to the Hosted~FTP~ interface as the account admin to setup Azure AD SSO.

1. Go to your Setup tab and click on the SSO page and click on the Add button

2. Fill out the fields including the information you retained when creating your Azure AD application and click on Save when completed

Name The label of the SSO to be recognized when enforcing on an account/group/user level
Protocol Select SAML 2.0
Provider Select Azure AD
ACS URL Under the Reply URL (Assertion Consumer Service URL) section, click “Add reply URL” and copy and paste the ACS URL
Entity ID Under Identifier (Entity ID) section, click “Add identifier” and copy and paste the Entity ID
Response Issuer Under Step 4 labelled: Set up [your app name]. Copy the field called Azure AD Identifier and paste into this field
IDP URL Fill in the URL syntax below with your application’s details instead. Replace <ApplicationID> and <TenantID> with your own:

https://myapps.microsoft.com/signin/<ApplicationID>?tenantId=<TenantID>

Example URL: https://myapps.microsoft.com/signin/ASI03c-AFAFA-4321?tenantId=JH4314b0d-UJITDD-ASHHF

Application ID: In your app’s settings, click on Overview in the navigation bar and copy the field called Application ID

Tenant ID: Copy the characters at the end of the URL you pasted in the Responder Issuer field

Certificate Scroll to Step 3 of the SAML setup in your application and download the Base64 version of the certificate. Open the certificate using a word editor such as notepad and copy the entire contents of the text including —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– and paste into the Hosted~FTP~ SSO setup page in the Certificate field.
Extra Parameters None required
Active Defaulted to be on active, un-checking this option will turn off the SSO

 

Enabling SSO for users

Once your SSO is configured, you will need to enable your user logins to use SSO on an entire account, group of users, or individual user level. Please refer to this article on how to enable SSO for user logins.

Table of Contents