After logging into the Azure Portal, use the left-bar navigation panel to select Azure Active Directory. You may need to click on the hamburger menu in the upper-left corner to expand the menu.
The top navigation bar will adaptively become a sub-navigation menu for Azure Active Directory, find Enterprise Applications under the "Manage" Section, and click on it.
If the resulting screen does not default to "All Applications", please click the link in the adaptive sub-navigation on the left-hand side. Next, click the "New Application" button in the top-bar function menu.
In the search box, enter "DigitSec", then click on the add button to add the application to your organization.
If you do not see a search result for DigitSec, please contact Support and we will provide assistance.
Now that the application has been added to your organization, please set up the connection between S4 and Active Directory. In the left bar, click on the "Single sign-on" option.
If asked, click on the box for SAML. The configuration dialog page will be displayed.
For Step 1, please enter the following information and click save:
Reply URL: https://s4.digitsec.com/auth/saml
For Step 2, please modify "Unique User Identifier" by selecting to "user.mail". To do so, click on edit, then the icon for Unique User Identifier, and change the source attribute to "user.mail".
Save those settings. Next, please scroll to the end of the SAML configuration page. Click on the link that reads "View Step-by-Step instructions".
This is important information you will need to integrate with S4. Please copy the values for the Login URL, Azure AD Identifier, and download the Certificate (Base64).
Once you have captured that information, open a new browser tab/window and proceed to https://s4.digitsec.com and login. To complete this step, your S4 account will need admin-level privileges.
Click on setup in the left-hand navigation bar, and then click on the tab labeled "Company". Click on the Configure button. In the bottom left, please enter the information you captured from Azure in the corresponding fields:
Identity Provider Issuer: <Azure AD Identifier>
X.509 Certificate: <Downloaded Certificate(Base 64) file>
Next, please retrieve the Identity Provider SSO URL to complete integration. Return to your browser tab/window with Azure open. On Azure AD, we will head back to our application we are trying to set up, on the left bar we will click on the tab “Properties”.
Halfway down this screen, find a setting labeled “User Access URL”, copy the contents from the input field and paste them into the Identity Provider SSO URL field back in the S4 tab/window.
Once this has been completed, please log out of your account to test both IDP initiated and SP initiated SAML Sign-On. If you have trouble, please contact Support and we will provide assistance.