Contents x
      Azure AD Integration
      • 15 Dec 2023
      • Dark
        Light
      Contents

      Azure AD Integration

      • Updated on 15 Dec 2023
      • Dark
        Light
      Article summary

      Prerequisites

      • An active Azure account
      • Global admin privileges
      • OneLogin tenant with admin access
      Support Note:
      Expedient will assist with configuring and troubleshooting from the OneLogin tenant. Client is responsible for the configuration on the Azure tenant.

      Configure Azure:

      1. Open the Azure portal (https://portal.azure.com) and login as a global admin account. Under the three line menu in the top right corner click Azure Active Directory.
      2. On the left side click Enterprise Applications
      3. Click "+ New Application"

      4. Click "+ Create your own application"

      5. Give it a name like "OneLogin - Expedient" and click "Integrate any other application you don't find in the gallery (Non-gallery)". Click Create. This may take a moment.
      6. In the application, click Single Sign-on on the left side.
      7. Click SAMLin the next page. It will automatically take you to the configuration page.

      Configure OneLogin

      1. Login to OneLogin as an admin. Click Administration at the top of the page.
      2. Mouse over Authentication and click TrustedIdPs
      3. Click New Trust
      4. Give the trust a name e.g. "Azure AD - Expedient"
      5. Scroll to the bottom and look for SP Entity ID

      6. Copy and paste this to a text editor.

      Phase 2 of the Azure AD configuration

      1. Go back into the Azure portal.
      2. Click Edit next to Basic SAML Configuration

      3. Configure the Entity ID with the value you copied out of OneLogin and configure the Reply URL to https://yourtenantname.onelogin.com/access/idp

      4. Copy these values to a text editor:

      5. Click Download next to Certificate (Base64)
        1. A screenshot of a computer Description automatically generated with medium confidence

      Finish OneLogin Configuration

      1. Go back to the OneLogin admin page
      2. Click Show In Login Panel and point the Login Icon to what the client would like to show up.
      3. This is publicly available: https://upload.wikimedia.org/wikipedia/commons/a/a8/Microsoft_Azure_Logo.svg
      4. Put the Azure AD Identifier in OneLogin as the Issuer
        1. A screenshot of a computer Description automatically generated with low confidence
      5. Check Sign users into OneLogin and Send Subject Name ID or Login Hint in Auth Request
      6. Set the User Attribute to Email or UserPrincipalName. This is to match unique accounts between Azure AD and OneLogin.
        Choosing Between Email or UserPrincipalName
        In most cases, choosing Email is the easier choice as e-mail addresses are a unique identifier regardless of backing directory. When a user account doesn't have an e-mail address (ex. an internal admin or service account), using UserPrincipalName will provide the unique identifier.
      7. Configure the IdP Login URL with the Login URL from earlier.
      8. Leave the Logout URL blank. This allows users to log out of apps without completely logging out of Azure/Office 365.
        1. A screenshot of a computer Description automatically generated with medium confidence
      9. Open the certificate you downloaded in a text editor and paste the full contents into the Certificate field

      10. Go back to the top and click Enable Trusted IdP.
      11. Click Save to save the settings.

      Finish Azure AD configuration

      1. Go back into Azure and click Users and groups
      2. For logins to work, you need to grant users access to this application.
      3. Click + Add user/group and add the users who need OneLogin access.

      Testing

      Users should be able to login to the OneLogin portal using the new Azure option.



      Was this article helpful?
      What's Next
      Expedient Homepage

      To open a Support Ticket please visit the Support Management Console