Configuring SSO for Azure
The Clumio service can integrate with Azure for seamless user authentication. Please follow the below steps to configure Azure IDP as a Single Sign On service for Clumio.
Ensure that you have the following before you start configuring Azure
Azure account with admin privileges
Clumio account with Super Admin Role
Steps to enable Azure Integration with Clumio
- Log into your Azure portal and click on Azure Active Directory.
- Navigate to Enterprise Applications from the left-hand side tabs.
- Click on the +New application at the top.
- Click on the +Create your own application at the top.
- Provide a name for your application and click on Create.
- Click on Set up Single Sign-on.
- Select SAML
- Under Basic SAML Configuration click Edit.
- Get the Audience Restriction, Assertion Customer Service (ACS) URL(Reply URL), and Sign-On URL from Clumio (see step 4).
- Under Basic SAML Configuration, Assertion Customer Service (ACS) URL, and Sign-On URL obtained from the Clumio dashboard, as shown below. Then click on Save.
- After Save, close the Basic SAML Configuration section. Go down under the SAML Signing Certificate section and copy the App Federation Metadata Url field OR download the Federation Metadata XML. This will be needed in Clumio
- Click on Edit under the User Attributes and Claims section.
- Ensure that the Required Claim maps to Email Address and the value is either user.mail or user.userprincipalname based on your organization's use.
- Click Save.
- The Azure side configuration is done! Over to Clumio.
- Log in to Clumio.
- Navigate to Settings > Access Management > Authentication (SSO/MFA)
- Click on "Configure SSO" under Strategy.
- Copy the Audience Restriction, Assertion Customer Service (ACS) URL, and the Sign-On URL. This will be needed for the IdP side setup.
- Scroll down and upload the metadata retrieved from the IdP. You can either use the URL, upload the metadata XML file, or configure it manually.
- Now click on Save Configuration.
- Click on Test with my Account - This should open a new tab to test the SSO connection.
- Once the above step is successful, click on Activate SSO. Please note that this step is important for SSO enablement.
- Check the box to send emails if you wish to notify all users of the SSO enablement, else click enable.
- For any user to utilize Clumio login through Azure SSO, the user needs to be explicitly added in Clumio UI > Settings > Access Management > Users and should be assigned to Clumio SAML Application created in Azure Directory.
Please contact email@example.com in case of any clarifications or questions.