SAML 2.0 - Azure AD Integration

  1. Login to your “Microsoft Azure Portal”.
  2. Select “Enterprise Applications” from the left menu.
  3. Click the “New Application” button on the Enterprise Applications page.
  4. Click the “Create your own application” button.
  5. Fill in the application name as “kondukto-saml” and click the “Create” button.
Untitled
  1. Select “Set up single sign on” in the “kondukto-saml” enterprise application page.
Untitled
  1. Select “SAML” as a single sign-on method.
Untitled
  1. Click the “Edit” button in the “Basic SAML Configuration” panel.
Untitled
  1. Fill “Entity ID” and “Assertion Consumer Service URL” fields and click the “Save” button.
Untitled
  1. Click the “Edit” button in the “Attributes & Claims” panel.
Untitled
  1. Click the “Add new claim” button
  2. Add “user.mail” attributes as “email” claim and click the “Save” button.
Untitled
  1. Click the “Add a group claim” button.
  2. Add the groups assigned to the application as “groups” claim and click the “Save” button.
Untitled
  1. Make sure “email” and “groups” claims are listed in the “Additional claims” table.
Untitled
  1. Return to the “Set up Single Sign-On with SAML” page.
Untitled
  1. Download the “SAML Certificate” in Base64 format to a safe place.
Untitled
  1. Copy “Login URL” and “Azure AD Identifier” values to a safe place.
Untitled
  1. Login to your Kondukto application with an admin user.
  2. Select “Integrations” from the left menu.
  3. Select “Single Sing-On Tools” on the integrations page.
  4. Activate the “SAML” integration.
  5. Fill in the SAML integration fields and click the “Save” button.
    1. Base URL: https://{YOUR_KONDUKTO_HOST}/core/saml/acs
    2. Sign In URL: The copied “Login URL” value in step 18.
    3. Entity ID: The copied “Azure AD Identifier” value in step 18.
    4. Entity: kondukto
    5. Certificate: The downloaded “Certificate (Base64)” value in step 17.
    6. Admin: The Azure AD group name whose members are going to have an admin role in Kondukto
    7. Manager: The Azure AD group name whose members are going to have a manager role in Kondukto
    8. Product Owner: The Azure AD group name whose members are going to have a product owner role in Kondukto
    9. Team Lead: The Azure AD group name whose members are going to have a team lead role in Kondukto
    10. Developer: The Azure AD group name whose members are going to have a developer role in Kondukto
    11. Pentester: The Azure AD group name whose members are going to have a pentester role in Kondukto
    12. Team Provisioning: If checked, Azure AD groups will be created as a team in Kondukto.
Untitled.png
  1. On the “kondukto-saml” enterprise application “Overview” page, click the “Assign users and groups” panel and assign the Azure AD groups that are mapped with Kondukto roles.
Untitled
  1. Click the “Login with SAML” button on the Kondukto application login page to log in with a user of the Azure AD “kondukto-saml” app.
  1. Log in to the Azure AD user credentials to log in to the Kondukto application.
Untitled