← back to SAML overview

Azure Active Directory - SAML login on CloudAMQP

  1. Go to https://portal.azure.com > Enterprise applications > New application > Create new application > Non-gallery application Azure SAML Setup
  2. Click New Application
  3. Azure SAML Setup
  4. Click Non-gallery Application. Enter the name of your new app in the right hand section, i.e. CloudAMQP and click Add Azure SAML Setup The application is now created.
  5. Go back to Home - Enterprise Applications - All applications and search for your newly created app if you dont see it in the list. Azure SAML Setup Click on the app to open it.
  6. Go to Single sign-on using the link on the left side. Azure SAML Setup
  7. Click SAML Azure SAML Setup
  8. Click the edit pen for Basic SAML Configuration
  9. Add Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) with the values you'll find at https://customer.cloudamqp.com/team/saml. NOTE: Leave the Sign on URL field BLANK. Click Save Azure SAML Setup
  10. Download the Federation Metadata XML and upload it at https://customer.cloudamqp.com/team/saml Azure SAML Setup
  11. Add users and/or groups that should have access.

    Please note that if an account is removed from the "Users and groups" in Azure, the account will still have access in the CloudAMQP console and the user will need to be deleted from the CloudAMQP console to cease access. Azure SAML Setup
  12. When SAML has been configured, the first login for any new accounts will have to be IdP-initiated. You will not be able to sign in for the first time using the "Sign in with SAML" on the CloudAMQP login page. Instead, users will initially login via https://myapps.microsoft.com/ Afterwards, users able to log in via "Sign in with SAML". Azure SAML Setup
  13. Enforce user roles via Azure SAML (optional)

    • Open the application, click single sign-on, and click the pen symbol at the User attributes and Claims section Azure SAML Setup
    • Click Add new claim and enter the following

      Name: 84codes.roles

      Source: Transformation, this opens the option to select Transformation: Join().

      Parameter 1: Enter the key found at https://customer.cloudamqp.com/team/saml

      Separator: "/"

      Parameter 2: select user.jobtitle, or any field from the Azure user profile you wish to use to specify the CloudAMQP role to assign.

      Click Save Azure SAML Setup
    • Go back to your application and click Users and Groups.

      Click on one of the users and in the field corresponding to the on chosen one in the previous step, in this case Job title, enter any of the roles specified at https://customer.cloudamqp.com/team/saml Azure SAML Setup
    • Specify for each user what role they are to be assigned in CloudAMQP.

  14. Assign multiple roles via Azure SAML (optional)

    • Start by creating a separate Azure AD group per role/tag and assign to users. Azure SAML Setup
    • In your CloudAMQP Enterprise application, click Single sign-on and the pen symbol next to attributes and claims. In the claim, assign attribute user.assignedroles to 84codes.roles
    • Under app roles, create an app role per role/tag and assign them the correspondent value. Azure SAML Setup
    • Initiate a SAML sign-on. Tags and roles should now be assigned as requested.