Configuring SAML-based SSO with Microsoft Azure in Analytics Plus

Analytics Plus supports SAML-based Single Sign-On (SSO) configuration with Microsoft Azure, enabling users to authenticate using their Azure (Microsoft Entra ID) credentials. This setup streamlines user access and strengthens security through centralized identity management.

Note: To perform this configuration, users must have permission to create applications in Microsoft Azure.

Azure Identity Provider (IdP) Parameters

The following IdP-specific parameters from Azure are required to configure SAML authentication in Analytics Plus:

  • X.509 Certificate (Base64)
  • Login URL
  • Logout URL (Optional)

This section explains how to configure SAML-based SSO with Microsoft Azure in Analytics Plus.

  • Create an Enterprise Application in Azure
  • Configure SAML-based SSO
  • Configure Azure SAML Details in Analytics Plus
  • Complete SAML Setup in Azure
  • Assign Users to the Application
  • Verify SSO Integration

Create an Enterprise Application in Azure

Follow the steps below to start the configuration in Azure:

  1. Sign in to the Microsoft Azure Portal.
  2. Navigate to Microsoft Entra ID >> Manage >> Enterprise Applications

    Microsoft Entra ID 

    Enterprise Applications
  3. In the dialog box that appears, click + New application and select Create your own application

    New Application 

    Create Your Own Application
  4. Provide a name (for example, Analytics Plus) and choose Integrate any other application you don't find in the gallery (Non-gallery)

    Non-gallery Application
  5. Click Create.

Configure SAML-based SSO

  1. Open the newly created application and navigate to Single sign-on > SAML

    SAML Configuration
  2. Scroll down to the Set up Analytics section, copy the Login URL and Logout URL, and enter them in the Analytics Plus application. 

    Set up Analytics

Configure Azure SAML Details in Analytics Plus

  1. Log in to the Analytics Plus application and navigate to Settings >> User Management >> Third-party SSO. Configure the Login URL, Logout URL, and upload the sample certificate .
  2. After configuring third-party SSO, download the metadata.xml file from the Analytics Plus application.
  3. Open the downloaded file and copy the Entity ID and the SSO/Assertion Consumer Service (ACS) URL.

Entity ID and ACS URL

Complete SAML Setup in Azure

  1. In Microsoft Azure, select Set up Single Sign-On. In the Basic SAML Configuration section, click Edit.
  2. Enter the copied Entity ID in the Identifier field and the copied ACS URL/SSO URL in the Reply URL field, then click the Save icon. 

    Basic SAML Configuration
  3. Scroll down to the certificate section and download the certificate in Base64 format. 

    Download Base64 Certificate

Verify SSO Integration

  1. Return to the SAML Authentication page in Analytics Plus.
  2. Click the Edit icon and upload the downloaded certificate in the Public Key field. 

    Upload Certificate
  3. Ensure the certificate is in one of the following formats: .cer, .crt, .cert, or .pem (Base64 encoded). 

    Supported Certificate Formats
  4. Click Save.

Once the above steps are completed, SAML will be successfully configured, and you can proceed to enable SSO with Azure.

Note: You can follow the instructions in the following article to assign users to the application.

Assign a user account to an enterprise application 

Resources
Product
Support
Connect with us:
   

ManageEngine is a division of Zoho Corp.