How can we help?

Set up Guide: AzureAD SAML

Emily B
Emily B
  • Updated

Step 1: Create Enterprise Application

Select "Enterprise applications" from your Azure AD dashboard.

A screenshot showing where to select 'Enterprise Applications' in the Azure dashboard.

Click "New application" and continue.

A screenshot showing where to select 'New Application' in the Azure dashboard.

Select "Create your own application", then enter an App name that describes Ten Thousand Coffees. Under "What are you looking to do with your application?", select "Integrate any other application you don't find in the gallery (Non-gallery)", then select "Create".

A screenshot showing where to input the name of the new application in the Azure dashboard.

Next, select "Single Sign-On" from the "Manage" section in the left sidebar navigation menu, and then "SAML".

A screenshot showing how to select 'SAML' as the single sign-on method of the Azure application in the Azure dashboard.

Step 2: Basic SAML Configuration

Click the Edit icon in the top right of the first step.

A screenshot showing where to select 'Edit' for the 'Basic SAML Configuration' step in the Azure dashboard.

Submit the Identifier and the Reply URL in the Basic SAML Configuration. You can get your Identifier and Reply URL in the guided setup link provided to you by Ten Thousand Coffees.

If you can't find your setup link, please email integrations@tenthousandcoffees.com.

A screenshot showing where to input the WorkOS ACS URL and WorkOS Entity ID in the Azure dashboard.
A screenshot showing where to input the WorkOS ACS URL and WorkOS Entity ID in the Azure dashboard.

Step 3: User Attributes & Claims

Click the Edit icon in the top right of the second step.

A screenshot showing where to select 'Edit' for the 'Attributes & Claims' step in the Azure dashboard.
A screenshot showing where to select 'Edit' for the 'Attributes & Claims' step in the Azure dashboard.

Fill in the following Attribute Statements by entering the claim name in the "Name" field and the value in the "Source attribute" field. Select "Next":

Claim name

Value

emailaddress

user.mail

givenname

user.givenname

name

user.userprincipalname

surname

user.surname

 
A screenshot showing the 'Attribute & Claims' configuration in the Azure dashboard.

Step 4: Assign People & Groups

In order for your users and groups of users to be synced to Ten Thousand Coffees you will need to assign them to your Azure AD SAML Application. Select "Users and groups" from the "Manage" section of the navigation menu.

A screenshot showing where to select 'Users and groups' in the Azure dashboard.

Select "Add user/group" from the top menu.

A screenshot showing where to select 'Add user/group' in the Azure dashboard.

Select "None selected" under the "Users and Groups". In the menu, select the users and groups of users that you want to add to the SAML application, and click "Select".

A screenshot showing where to select 'None Selected' under 'Users and Groups' and add a user in the Azure dashboard.

Select "Assign" to add the selected users and groups of users to your SAML application.

Step 5: Upload IdP Metadata

Navigate down to Section 3 of the "Single Sign-On" page, to "SAML Signing Certificate". Copy the URL provided in "App Federation Metadata URL".

A screenshot showing where to select the 'App Federation Metadata URL' in the Azure dashboard.

Provide the Metadata URL you copied using the WorkOS setup link shared with you by Ten Thousand Coffees. It will look like this:

Step 6: Test Single-Sign On

Ten Thousand Coffees will ask you to try signing in to test the connection.

 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.