After logging into the Azure Portal, use the left-bar navigation panel to select Azure Active Directory. You may need to click on the hamburger menu in the upper-left corner to expand the menu.
The left-hand navigation bar will adaptively become a sub-navigation menu for Azure Active Directory, find Enterprise Applications under the "Manage" Section, and click on it.
If the resulting screen does not default to "All Applications", please click the link in the adaptive sub-navigation on the left-hand side. Next, click the "New Application" button in the top-bar function menu.
In the search box, enter "DigitSec", then click on the add button to add the application to your organization.
If you do not see a search result for DigitSec, please contact Support and we will provide assistance.
Now that the application has been added to your organization, please set up the connection between S4 and Active Directory. In the left bar, click on the "Single sign-on" option.
If asked, click on the box for SAML. The configuration dialog page will be displayed.
For Step 1, please enter the following information and click save:
Reply URL: https://s4.digitsec.com/auth/saml
Identifier: https://s4.digitsec.com/dashboard
For Step 2, please modify "Unique User Identifier" by selecting to "user.mail". To do so, click on edit, then the icon for Unique User Identifier, and change the source attribute to "user.mail".
Save those settings. Next, please scroll to the end of the SAML configuration page. Click on the link that reads "View Step-by-Step instructions".
This is important information you will need to integrate with S4. Please copy the values for the Login URL, Azure AD Identifier, and download the Certificate (Base64).
Once you have captured that information, open a new browser tab/window and proceed to https://s4.digitsec.com and login. To complete this step, your S4 account will need admin-level privileges.
Click on setup in the left-hand navigation bar, and then click on the tab labeled "Company". Click on the Configure button. In the bottom left, please enter the information you captured from Azure in the corresponding fields:
Identity Provider Issuer: <Azure AD Identifier>
X.509 Certificate: <Downloaded Certificate(Base 64) file>
Next, please retrieve the Identity Provider SSO URL to complete integration. Return to your browser tab/window with Azure open. On Azure AD, we will head back to our application we are trying to set up, on the left bar we will click on the tab “Properties”.
Halfway down this screen, find a setting labeled “User Access URL”, copy the contents from the input field and paste them into the Identity Provider SSO URL field back in the S4 tab/window.
Now that the connection has been made, we need to provision our Azure app. We will need to get our SAML Secret from S4. In the Configure menu for Set Up Single Sign-On on S4, we will click the copy button near the top.
Now that we have copied our secret, we will need to head back over to our application in Azure Active Directory. In the Single Sign-On menu in our Active Directory application, we will want to scroll down to the Attributes and Claims Section.
We are going to want to create a CustomerId entry like shown above. We will click on the edit button in the top right corner of this section. This will take us to a page that looks like the following:
We will click on Add new Claim in the top left corner. This will take us to the following screen:
On this screen make sure to name the value as "CustomerId" (This is case sensitive). And copy and paste the SAML Secret we got from S4 into the source attribute field. Once this has been completed. Please click on save.
Once this has been completed, please log out of your account to test both IDP initiated and SP initiated SAML Sign-On. If you have trouble, please contact Support and we will provide assistance.
