Skip to content

Microsoft Azure SSO

Adding SaaS Management to your Azure SSO

If your organization uses Microsoft Azure SSO to access applications, you can use it to sign in to SaaS Management as well. To use Azure SSO to access SaaS Management, you first need to add it as a new SAML application within Azure, then add the connection information for Azure to SaaS Management.

To perform these actions, you must have an Azure AD account with one of the following permissions:

  • Global Administrator
  • Cloud Application Administrator
  • Application Administrator
  • Owner of the service principal

Creating a new SAML application for SaaS Management

  1. Log in to your Microsoft Azure AD account with the required permissions.

  2. On the home page, enter "enterprise applications" in the search bar. Under Services, select Enterprise applications.

  3. On the Enterprise Applications page, select + New Application.

  4. In the Azure AD Gallery, select + Create your own application.

  5. In the Create your own app window, name your new app "SailPoint SaaS Management".

  6. Select Integrate any other application you don't find in the gallery (Non-gallery).

  7. At the bottom of the window, select Create to create your new app.

Use the Overview page to finish setting up the application.

Configuring SaaS Management to use your Azure SSO

  1. On the Overview page, select Single sign-on from the navigation menu.

  2. On the Single sign-on page, select SAML.



  3. On the SAML-based Sign-on page, go to the Basic SAML Configuration section and select Edit.

  4. Open a new tab in your browser and go to SaaS Management. Select Settings from the lower-left corner of the page.

  5. Under Configuration, select SAML Settings. On SAML Settings page, find the Audience and Recipient URL values.



  6. Copy the Audience value from SaaS Management and paste it into the Identifier (Entity ID) field in the Basic SAML Configuration window in Azure.

    Note

    Delete any pre-populated Identifier values in Azure.

  7. Copy the Recipient URL from SaaS Management and paste it into the Reply URL (Assertion Consumer Service URL) field in the Basic SAML Configuration window in Azure.

  8. Select the Save button to save these changes.

  9. On the SAML-based Sign-on page in Azure, go to the Set up SailPoint SaaS Management section.

  10. Select the Copy icon to copy the Login URL and paste it into the Sign In URL field on the SAML Settings page in SaaS Management.

  11. Select the Copy icon to copy the Logout URL in Azure and paste it into the Sign Out URL field on the SAML Settings page in SaaS Management.

  12. In Azure, go to the SAML Signing Certificate section on the SAML-based Sign-on page. Download Certificate (Base64).

  13. Open the file in any text editor and copy the certificate. Go to the SAML Settings page in SaaS Management. Paste the certificate into the Certificate field.

  14. To create the connection in SaaS Management, select Add SSO Connection to enable Azure to access SaaS Management.

    Dashboard users who have created a SaaS Management account can now sign in to SaaS Management using Azure SSO.

    If you want to require all users within your organization to sign in to SaaS Management using Azure SSO, select SSO Required.