Skip to main content
Skip table of contents

How to setup Single Sign On with Microsoft Entra ID

This guide walks you through the necessary steps to configure Microsoft Entra ID (previously known as Microsoft Azure AD) as identity provider (IdP) for LUY.

Please note that even with active support contracts, support is only available for LUY itself and does not cover external systems or third-party setups.

Setup an Enterprise Application for LUY in Entra ID

  • Go to "Dashboard"

  • Click on "Enterprise applications"

  • To add the LUY app to your tenant, select “New application”

  • Choose the option "Non-gallery application" 

  • Please enter a name for your "Application" (for example "LUY-SAML")

  • Click on "ADD" 

  • The "Properties" page of the created "Application" opens 

The next step is to add all necessary information to the “Enterprise Application”. 

  • Open the page "Manage" - "Properties"

  • Copy the value from the field "Application ID"

  • Open the page "Manage" - "Single sign-on"

  • Click on "SAML"

Edit the Basic SAML Configuration:

  • Enter a title for the "Identifier (Entity ID)" 
    (The name for our example is "LUY-SAML")

  • The "Reply URL (Assertion Consumer Service URL)" is the URL of LUY with the addition "/saml/SSO"
    (The "Reply URL" for our example is "https://cloud.luy.app/saml/SSO")

  • The "Sign on URL" is the URL of LUY without the "/" on the end(The "Sign on URL" for our example is "https://cloud.luy.app")

  • The "Relay State" is optional and stays empty 

The "Logout URL" is the URL of Luy with the addition "/saml/SingleLogout"(The "URL" for our example is "https://cloud.luy.app/saml/SingleLogout").

image-20240620-072648.png

Edit the user attributes & claims:

For LUY, the required attributes are "Mail", "Given Name", "Surname", "Login", and "Role". Usually, only the "Role" attribute is missing in the "Attributes & Claims" setup. This is resolved by adding the attribute “Group”, which corresponds with the Role in LUY.

To add the "Role" claim:

  • Click on "Add a group claim".

  • Select the "Groups" or "Roles" that correspond to LUY roles.

    • This will map the chosen groups or roles to the appropriate roles in LUY.

  • Click "SAVE" to generate the missing "Role" claim. 

In our example the attribute "Mail" is used as the "Login" claim, and our configuration looks like this:

Please reach out to LUY support to complete the configuration and enable single sign-on (SSO) for your LUY.

Configure LUY to use SAML2

To complete the configuration and enable single sign-on (SSO) for your LUY, please refer to the following page: SAML2

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.