Guides
System StatusRaise a TicketZluri Website
Start typing to search…

Azure AD SAML

Configure Azure AD SAML in Zluri

To enable clients to log in to Zluri through Azure AD, you'll need to set up SAML.

Configuration steps

Select domains allowed for SSO in Zluri

In Zluri, navigate to Settings → SSO and select the domains allowed for SSO login. Click Save when done.

📘

If your domain is not listed, you can add it from Settings → Directory Management.

Obtain ACS URL and Entity ID

  1. Navigate to Zluri's SSO Settings, scroll down, and click SAML.

  2. Note down the ACS URL and Entity ID. These will be needed in the next steps.

Configure SAML in Azure AD

  1. Log in to Azure AD and select Microsoft Entra ID in the left sidebar.

  2. Select Enterprise applications.

  3. Click ➕ New application.

  4. Select ➕ Create your own application.

  5. Give the application a name, select Integrate any other application you don't find in the gallery, and click Create.

  6. Under Getting Started, select Set up single sign on.

  7. Select SAML.

  8. Click ✏️ Edit.

  9. Refer to the Entity ID & ACS URL obtained earlier from the Zluri dashboard and enter them under Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) respectively.

  10. Under Attributes & Claims, click ✏️ Edit.

11. Fill out the required fields: 

  1. givenname =  user.givenname
  2. surname = user.surname
  3. name = user.userprincipalname
  4. emailaddress = user.userprincipalname
  5. Unique User identifier =user.mail

12. Download the Certificate (Base 64) and copy the Login URL.

13. The last step is to add user and user groups to the Zluri application. 

Then click 'Test connection' to try logging in with your AzureAD credentials. If you can log in successfully, then it works. Next time any user of your organization tries to log in they will be redirected to the AzureAD login page.

If you have already configured SAML, please check this link to understand How you can rotate SAML Certificate in Zluri?

Editing an existing SAML setup

Rotate SAML certificates

X.509 certificates have a defined lifetime (e.g., in Google Workspace, it has a validity of 5 years). You should rotate a certificate if it's about to expire or if it becomes compromised.

If a certificate expires before you rotate it, your users won’t be able to use SSO to sign in to any SAML applications that use that certificate until you replace it with a new certificate.

To rotate the certificate:

  1. Open the SAML app in your SSO, navigate to the certificate page, and recreate it.

  2. Once you get the new certificate, please upload it to the Zluri platform.

Save the connection, and you can continue to use the SAML connection as configured.

Add/remove SAML domains

To add or remove SAML domains, go to SSO Settings, select/deselect the domains that you want to configure for SAML, then click Save.

Updated 8 days ago