Configure the Azure identity provider for a Member Hub

To configure Azure to work with hubs single sign-on, you need to create a SAML 2.0 app and configure it.

Prerequisites:

a Community admin must enable single sign-on and provide the IT administrator with required configuration settings before you can configure the identity provider. For more information, see Enable Single Sign-on for a Member Hub.

Note:

This task must be completed by a system administrator with access to Azure with the Application administrator or Cloud application administrator role, or higher, to create and configure a SAML 2.0 application for Member Hubs.

  1. Sign in to the Microsoft Azure portal for your organization.
  2. In the Azure Services section, click Enterprise Applications.
  3. Click New Application.
  4. Click Create your own application.
  5. Enter a name for your app, select Integrate any other application you don't find in the gallery (Non-gallery), and click Create.
  6. In the navigation menu on the left, select Single sign-on.
  7. In the Basic SAML configuration section, click Edit.
  8. In the Basic SAML Configuration page, use the default value in Identifier (Entity ID) or provide your own unique URL value and select the Default checkbox.
  9. In Reply URL (Assertion Consumer Service URL), enter the Assertion Consumer Service URL provided by your organization's Community admin.
    Figure 1. Required Member Hub URL
    Figure 2. Required Azure Reply URL
  10. In the User Attributes & Claims section, click Edit.
  11. Click Add new claim and add the following claims:
    Name Namespace Source attribute
    Email http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress user.emailaddress
    First Name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname user.givenname
    Last Name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname user.surname
  12. In the Set up section, note the following information to provide to your organization's Community admin to configure hubs to communicate with the identity provider.
    • Login URL - This value maps to the SSO Button URL (Identity Provider Initiated Sign-in URL) setting in hubs
    • Azure AD Identifier - This value maps to the MetaData URL setting in hubs.
    • Logout URL

Provide the Login URL, Azure AD Identifier, and Logout URL to the Community admin you are working with so they can complete the hubs single sign-on configuration.