Implementing SAML with AzureAD

  • Updated

One of the SAML providers you can use is AzureAD.

In order to get started with AzureAD, you will need:

  • Azure account with admin permissions.
  • All users are provisioned in Azure with the same exact email address. We don't create new user accounts with SSO. 
  • Administrator level access in Hudu.
  • Microsoft Account with Azure AD Premium activated.

Configuring Azure

  1. Sign in to the Azure Portal (https://portal.azure.com/). Click Azure Active DirectoryScreen_Shot_2020-01-27_at_18.51.35.png
  2. Click Enterprise Applications.Screen_Shot_2020-01-27_at_18.52.20.png
  3. Click to add a + New Application.Screen_Shot_2020-01-27_at_18.52.52.png
  4. On the next screen, give your application a name, and click on the Integrate any other application you don't find in the gallery (Non-gallery) . If you don't have Azure AD Premium, you won't be able to add a name. mceclip0.png
  5. Click Users and Groups and assign users to this application. Click + Add User to add users. Remember, users must have the same exact email address as their Hudu email to be signed in.Screen_Shot_2020-01-27_at_22.24.25.png
  6. Then, click Single sign-on to configure SSO. Click SAML.Screen_Shot_2020-01-27_at_22.26.01.png

Setting up Single Sign On

There are now 5 steps you need to complete to configure SSO.

Basic SAML Configuration

  1. Click the Pencil Icon next to Basic SAML Configuration.Screen_Shot_2020-01-27_at_22.28.58.png
  2. Enter the following in the fields:
    • Identifier (Entity ID): Enter your Hudu URL, e.g. https://docs.mywebsite.com
    • Reply URL (Assertion Consumer Service URL): Enter https://docs.mywebsite.com/saml/consume
    • Sign on URL: Enter https://docs.mywebsite.com
    • Relay State: You can skip filling this in.
    • Logout URL: Enter a URL where Hudu can redirect users after they sign out.
    • Make sure to replace docs.mywebsite.com with your URL and subdomain. There is also no trailing slash at the end of the URL.

User Attributes & Claims

  1. Click the Pencil Icon next to User Attributes & Claims box.Screen_Shot_2020-01-27_at_22.35.32.png
  2. Click on Unique User Identifier (Name ID)Screen_Shot_2020-01-27_at_22.35.59.png
  3. Now, change the Source attribute to user.mail and click Save.Screen_Shot_2020-01-27_at_22.36.49.png

SAML Signing Certificate

  1. Click the Pencil Icon next to SAML Signing Certificate box.Screen_Shot_2020-01-27_at_22.39.42.png
  2. Enter in an email to get notifications and click Save.Screen_Shot_2020-01-27_at_22.40.49.png

Final Setup Instructions

Finally, click on the 4th box that says Set up <application-name>. Click on Step-by-step Instructions. Leave this page open as you configure Hudu.

Configuring Hudu

The final step is configuring Hudu so you can utilize SSO.

  1. Login to Hudu and click the Admin cog on the sidebar. 
  2. Click General.
  3. Click Configure Single Sign-On.
  4. Enter the details you found on the previous steps in to the form.
    • Copy the Azure AD Identifier and paste in to the SAML Issuer URL.
    • Copy the SAML Single Sign-On Service URL and paste in to the SAML Login Endpoint.
    • Copy the Sign-Out URL and paste in to the SAML Logout Endpoint.
    • Copy the thumbprint that was generated and paste in to the SAML Fingerprint field.
    • Download and copy the Base 64 encoded certificate and paste in to the SAML Certificate field. Make sure there is no extra space trailing at the end!
  5. Click "Enable Single Sign-On".
  6. Hit "Update SAML Details" and SAML should now be activated.

Testing SAML

Open an incognito window and try and access Hudu. You should be redirected to the login page, where you will see a "Use Single Sign On (SSO)" button. If you are able to successfully login via this button, your SAML is working!

Disabling password access for non-administrators

You have the option to disable password logins for non-administrators (users that are not super admins or admins). Click "Disable Password Access for non-Admins" and all users below admin will have to use single sign on 

 

 

Still have questions?

Contact us