diff --git a/docs/src/understand/single-sign-on/azure/00.png b/docs/src/understand/single-sign-on/azure/00.png new file mode 100644 index 00000000000..68176e769fe Binary files /dev/null and b/docs/src/understand/single-sign-on/azure/00.png differ diff --git a/docs/src/understand/single-sign-on/azure/01.png b/docs/src/understand/single-sign-on/azure/01.png index b488d123528..b80742653ec 100644 Binary files a/docs/src/understand/single-sign-on/azure/01.png and b/docs/src/understand/single-sign-on/azure/01.png differ diff --git a/docs/src/understand/single-sign-on/azure/02.png b/docs/src/understand/single-sign-on/azure/02.png index f9004abd1e0..03d9618de8c 100644 Binary files a/docs/src/understand/single-sign-on/azure/02.png and b/docs/src/understand/single-sign-on/azure/02.png differ diff --git a/docs/src/understand/single-sign-on/azure/03.png b/docs/src/understand/single-sign-on/azure/03.png index cb2b55eae6c..f6a648e7fde 100644 Binary files a/docs/src/understand/single-sign-on/azure/03.png and b/docs/src/understand/single-sign-on/azure/03.png differ diff --git a/docs/src/understand/single-sign-on/azure/04.png b/docs/src/understand/single-sign-on/azure/04.png index 0055a004b5a..6a492d1ead0 100644 Binary files a/docs/src/understand/single-sign-on/azure/04.png and b/docs/src/understand/single-sign-on/azure/04.png differ diff --git a/docs/src/understand/single-sign-on/azure/05.png b/docs/src/understand/single-sign-on/azure/05.png index b1c463818b8..ff428ddff39 100644 Binary files a/docs/src/understand/single-sign-on/azure/05.png and b/docs/src/understand/single-sign-on/azure/05.png differ diff --git a/docs/src/understand/single-sign-on/azure/06.png b/docs/src/understand/single-sign-on/azure/06.png index 91c129488e6..4a2f9701022 100644 Binary files a/docs/src/understand/single-sign-on/azure/06.png and b/docs/src/understand/single-sign-on/azure/06.png differ diff --git a/docs/src/understand/single-sign-on/azure/main.md b/docs/src/understand/single-sign-on/azure/main.md index dbd03389072..92ffc8f6241 100644 --- a/docs/src/understand/single-sign-on/azure/main.md +++ b/docs/src/understand/single-sign-on/azure/main.md @@ -1,58 +1,76 @@ -# How to set up SSO integration with Microsoft Azure +# How to set up SSO integration with Microsoft Entra ID + +## Purpose and Scope +This document is for current and perspective users of the Wire cloud, who want to manage their users with Microsoft Entra ID, in Azure. ## Preprequisites -- account, admin access to that account -- See also {ref}`sso-generic-setup`. +Before you begin, we are going to assume you have the following: +- An account on + * admin access to that account, sufficient to add an application, and manage users. +- A team on https://app.wire.com/ or another Wire backend, and admin access to that team. + +## Process -## Steps +### Creating a New Application +Go to [portal.azure.com](https://portal.azure.com/), and login. You should be brought to the 'Microsoft Azure' home page. + * In the 'Azure services' section, click on 'Microsoft Entra ID' -### Azure setup +```{image} 00.png +``` -Go to , and click on 'Azure Active Directory' -in the menu to your left, then on 'Enterprise Applications': +You should now see the 'Default Directory | Overview' page. + * In the menu to your left, 'Manage' should already be selected. under manage, click on 'Enterprise Applications' ```{image} 01.png ``` -Click on 'New Application': +This should bring you to the 'Enterprise applications| All applications' page. + * Click on 'New Application': ```{image} 02.png ``` -Select 'Non-gallery application': +This brings you to the 'Browse Microsoft Entra Gallery' page. + * Select 'Create your own application': ```{image} 03.png ``` -Fill in user-facing app name, then click 'add': +This should have opened a 'Create your own application' window in the current page. + * Fill in the user-visible app name with the name for this application that you want your users to see. + * Leave the option selected next to 'Integrate with any other application you don\'t find in the gallery', then click 'add': ```{image} 04.png ``` -The app is now created. If you get lost, you can always get back to -it by selecting its name from the enterprise applications list you've -already visited above. +The app is now created, but is not yet configured. If you get lost, you can always get back to it by selecting its name from the 'Enterprise applications| All applications' page. + +### Configuring your New Application -Click on 'Configure single sign-on'. +If you followed the prior step, you should now be at the screen containing the settings for your application. If you didn't, please find your app by opening azure, going to 'Microsoft Entra ID', and clicking on 'Enterprise Applications' in the left hand menu. + +In the 'Getting Started' section of the page containing your application definition, Click on 'get started' in the '2. Set up single sign on' box. ```{image} 05.png ``` -Select SAML: +You should now see the 'Single sign-on' page for your application definition. + * Click on the 'SAML' box with the puzzle piece in it. ```{image} 06.png ``` -On the next page, you find a link to a configuration guide which you -can consult if you have any azure-specific questions. Or you can go -straight to adding the two config parameters you need: +The next page is the 'SAML-based Sign-on' page for your application definition. There is a helpful configuration guide at the top of the page which you can consult if you have any azure-specific questions. + +Let's go straight to adding the two config parameters that are required, and saving. + +In the 'Basic SAML Configuration' section, click on 'Edit'. This will bring up the 'Basic SAML Configuration' window. + * Enter for both 'Identifier (Entity ID)' and 'Reply URL(Assertion Consumer Service URL)'. ```{image} 07.png ``` -Enter for both identity and reply url. Save. - ```{image} 08.png ```