Whilst Assertiv is often used to single sign-on to other applications, it can also be configured to allow users to use their Azure credentials to sign onto Assertiv.
- To log into Assertiv with an Azure AD user, the user must already exist in Assertiv.
- Azure AD must store the username of the Assertiv user in an attribute. This Azure AD attribute will be used to map the Azure user to the Assertiv user.
Log into your Azure Active Directory tenancy with an Administrative User. Navigate to the Enterprise Applications section.
Select New application then click Create your own application.
Enter a name for the applications then ensure the Integrate any other application you don't find in the gallery radio option is checked.
Navigate to the Set up single sign on section then select SAML.
Click on Edit next to Basic SAML Configuration.
For Identifier (Entity ID) enter the following: assertiv
For Reply URL (Assertion Consumer Service URL) enter the following: https://<yourorgname>.assertiv.com/saml2/sp
Replace <yourorgname> with your Organization's name. E.g. https://acme.assertiv.com/saml2/sp
The rest of the fields can be optionally configured. Click Save to continue.
Click Edit next to User Attributes & Claims.
Update the Unique User Identifier (Name ID) entry to map to the Azure AD attribute which contains the unique identifier of the user which exists in Assertiv. This attribute must match either Username or Email Address for your users in Assertiv.
Save to continue.
Download the Base64 certificate and open in a text editor.
Copy the Azure AD Identifier.
Log into Assertiv with an Administrative user, navigate to Organization Settings then SAML Security.
Check the Enable SAML Sign Sign-On to this Organization checkbox.
Select which identifier you want to use to map Azure users with Assertiv. This defaults to Username.
Copy in the Azure AD Identifier into the SAML Identity Provider Issuer field.
Copy the contents of the Base64 certificate into the Public Signing Certificate (PEM) field.
Back in Azure AD, assign access to the Assertiv application so your users can access this application.
After completing this step you are ready to test SSO. Click on Set up single sign on and at the bottom, click on Test single sign-on with Assertiv.
This will allow you to log in to Assertiv with an Azure user. If this passes, you are able to now use Azure to log into Assertiv.
Getting your IdP Initiated Login URL
Assertiv currently only supports IdP Initiated federation. To access Assertiv via Azure, users must open the IdP Initiated URL. This can be found at the following location:
From the newly created Enterprise Application, click on Properties from the menu.
Copy the following property.
Provide this link to your users to login to Assertiv with their Azure credentials.