How to configure SSO with AzureAD?

1. Sign in to the admin console of your AzureAD account.

2. Click on "Azure Active Directory" icon:

3. Go to "Enterprise applications" section and click on "New application" button:

4. Choose "Non-gallery application":

5. Name your application (e.g. Qase) and click on "Add" button:

6. Click on "Set up single sign on":

7. Choose "SAML":

8. Now, you need to set up your AzureAD application. Click on the "Edit" button in the "Basic SAML Configuration" block. And fill the form with the following data:

When you are ready, click on "Save" button.

9. Now you need to configure attribute mapping. Click on "Edit" button in "User Attributes & Claims" section and for "Required claim" set Name ID format to persistent and Name ID value to user.mail.

Also, add two new claims:

  • fname: user.givenname

  • lname: user.surname

10. Now, you are ready to set up SSO on the Qase side. But at first, you need to get data from the AzureAD app:

  1. Download the certificate (Base64)

  2. Copy Login URL

  3. Copy Azure AD identifier

10. Now you need to go to the Qase security page and link your account with AzureAD credentials. Click on the "Enable SSO/SAML" toggle button and fill the form:

  • SAML Sign-in URL: paste login URL from the previous step

  • Identity Provider Issuer: paste Azure AD identifier from the previous step

  • Key x509 Certificate: open downloaded in the previous certificate in any editor, copy its content, and paste in the textarea.

  • Domains: provide a list of domains separated by a comma, that will be used for SSO. Public domains like gmail, hotmail, and etc are not allowed.

  • Default role: choose a default role that will be granted to the new users.

If you want new users who join your team to become a read-only by default, check "Automatically add new users as read-only members" checkbox.

After the form is filled, click on the "Save" button.

Last updated