Overview
Identity providers (IdPs) are used to manage digital identities within an organization. Microsoft Azure Active Directory (Azure AD) is a popular IdP that provides secure user authentication services and single sign-on (SSO) to SaaS applications like TraceGains. To provide SSO services, TraceGains acts as a service provider (SP) through the Security Assertion Markup Language (SAML) standard.
This article covers the steps needed to configure Azure AD as an SSO in TraceGains. When done correctly, users will be able to log in to TraceGains using Azure AD.
Prerequisites
- Microsoft Azure account with an active Azure AD Premium membership
- Administrator-level access to TraceGains with appropriate permissions
- Global Admin or Co-admin access to Azure
Features
TraceGains supports:
- Single Sign-On
- Single Logout
- JIT provisioning
Configuration Steps
1. Create a new application for SSO in Azure AD
We suggest that you log in to both a TraceGains Admin account and an Azure AD Global or Co-admin account in separate browser tabs.
Step 1: From the Azure Dashboard, select Azure Active Directory > Enterprise applications.
Step 2: Click + New application.
Step 3: Type in a relevant name, like TraceGains, and select Non-gallery application.
Step 4: Click Create.
Step 5: From the resulting Getting Started options, select Set up single sign on or select Single sign-on from the left side menu.
Step 6: Select SAML from the method options.
Step 7: Select the pencil edit icon to edit Step 1 - Basic SAML Configuration
Step 8: Complete Azure’s Basic SAML Configuration using the following values from TraceGains’ IdP-Initiated SSO configuration tab:
| Azure (paste in corresponding field) | TraceGains (copy value contained) |
| Identifier (Entity ID) | SSO ACS (Consumer) |
| Reply URL | SSO ACS (Consumer) |
| Logout URL (optional) | Single Logout URL |
Step 9: Select Save.
Step 10: Proceed to the next set of steps below: Enable SAML SSO within TraceGains.
2. Enable SAML SSO within TraceGains
After creating a custom enterprise application in Azure AD, you must configure your TraceGains account to authenticate through SAML. This section will involve collecting information from Azure to enter TraceGains configuration.
Step 1: Log in to your TraceGains site. Hover over the Configuration Icon and select Single Sign-On.
Step 2: Click New Custom.
Step 4: Type a Description for the IdP, for example: ‘Azure AD’.
Step 5: In Azure, click ‘View step-by-step instructions’.
This page provides the certification information needed to configure TraceGains within Azure.
Step 6: Use the chart below to copy values from Azure’s step-by-step instructions and paste into the appropriate fields in TraceGains configuration menu.
| Azure (copy value contained) | TraceGains (paste in corresponding field) |
| Login URL | SSO Endpoint (HTTP) |
| Azure AD Identifier (a.k.a. SAML Entity ID) | Issuer ID or URL |
| Logout URL (optional) | SLO Endpoint (HTTP) |
Step 7: In Azure, download the Certificate (Base64). Copy the content onto your clipboard.
Step 8: In TraceGains, paste the copied content in the X.509 Certificate (Base-64 encoded) field.
Step 9: Save your work.
Follow the steps precisely for successful Azure AD SSO integration. For general information and troubleshooting, as well as an explanation of JIT (Just-in-Time provisioning), please read our SSO Overview article.