This page article describes steps to be done in Azure AD to set up an authentication-only SAML SSO connection with ServiceChannel in Azure AD.
Warning |
---|
Creation of You can create a custom SAML SSO application is available only in Azure AD Premium. |
Creating a Custom Application
Configuring SAML SSO
Panel |
---|
bgColor | #F9F9F9 |
---|
titleColor | #0e3367 |
---|
titleBGColor | #EAEAEA |
---|
borderStyle | none |
---|
title | ⦿ How to configure SAML SSO |
---|
|
- In the Azure classic portal, on the ServiceChannelTest application configuration page, click Configure single sign-on to open the Configure Single Sign-On dialog window.
![](https://servicechannel.atlassian.net/wiki/download/thumbnails/585270210/azure-config-example-06.png?version=1&modificationDate=1547810331756&cacheVersion=1&api=v2&width=500) - On the How would you like users to sign on to ServiceChannelTest page, select Microsoft Azure AD Single Sign-On, and then click Next.
![](https://servicechannel.atlassian.net/wiki/download/thumbnails/585270210/azure-config-example-07.png?version=1&modificationDate=1547810341029&cacheVersion=1&api=v2&width=500) - On the Configure App Settings page, enter your ServiceChannel SAML service URL, for example,
https://st1login.servicechannel.com/saml/acs/ for the test environment, into IDENTIFIER and REPLY URL fields, and then click Next.
![](https://servicechannel.atlassian.net/wiki/download/thumbnails/585270210/azure-config-example-08.png?version=1&modificationDate=1547810351218&cacheVersion=1&api=v2&width=500) - On the Configure single sign-on at ServiceChannelTest page, download your certificate and copy the URL from the ISSUER URL field. This information should be sent to ServiceChannel support to have the SAML SSO connection set properly on both sides.
![](https://servicechannel.atlassian.net/wiki/download/thumbnails/585270210/azure-config-example-09.png?version=1&modificationDate=1547810362381&cacheVersion=1&api=v2&width=500) - Select Confirm that you have configured single sign-on as described above... and click Next.
![](https://servicechannel.atlassian.net/wiki/download/thumbnails/585270210/azure-config-example-10.png?version=1&modificationDate=1547810371483&cacheVersion=1&api=v2&width=500) - Click Complete to finish the configuration.
|
In the Azure classic portal, on the ServiceChannelTest application configuration page, click Attributes and set the attributes.
![](https://servicechannel.atlassian.net/wiki/download/thumbnails/585270210/azure-config-example-11.png?version=1&modificationDate=1547810387347&cacheVersion=1&api=v2&width=1000)
Only nameid
is required if SAML SSO is used for the user authentication only. In the case SAML SSO is used for just-in-time (or full) provisioning, additional attributes should be provided to create a new user in SC. The Role values should match the values specified in the User Role template.
Assigning users
To test your custom SAML SSO application, grant access to ServiceChannelTest to some of Azure AD users.
Panel |
---|
bgColor | #F9F9F9 |
---|
titleColor | #0e3367 |
---|
titleBGColor | #EAEAEA |
---|
borderStyle | none |
---|
title | ⦿ How to grant users access to ServiceChannelTest |
---|
|
- On the ServiceChannelTest configuration page, click Assign accounts.
![](https://servicechannel.atlassian.net/wiki/download/thumbnails/585270210/azure-config-example-12.png?version=1&modificationDate=1547810397208&cacheVersion=1&api=v2&width=500) - Select test users, click Assign, and then click Yes to confirm your assignment.
![](https://servicechannel.atlassian.net/wiki/download/thumbnails/585270210/azure-config-example-13.png?version=1&modificationDate=1547810407055&cacheVersion=1&api=v2&width=500)
|
Testing SAML SSO
If you want to test your single sign-on settings, open the Access Panel and click the ServiceChannelTest application.
![](https://servicechannel.atlassian.net/wiki/download/thumbnails/585270210/azure-config-example-14.png?version=2&modificationDate=1547810461124&cacheVersion=1&api=v2&width=500)
Troubleshooting
If you see ServiceChannel login form, your connection is set up properly, but there is an issue with the configuration on SC side or wrong data sent in the SAML assertion. Contact SC to debug.