← back to SAML overview

Azure Active Directory - SAML login on CloudAMQP

1. Go to https://portal.azure.com > Enterprise applications > New application > Create new application > Non-gallery application
2. Click New Application

3. Click Non-gallery Application. Enter the name of your new app in the right hand section, i.e. CloudAMQP and click Add The application is now created.
4. Go back to Home - Enterprise Applications - All applications and search for your newly created app if you dont see it in the list. Click on the app to open it.
5. Go to Single sign-on using the link on the left side.
6. Click SAML
7. Click the edit pen for Basic SAML Configuration
8. Add Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) with the values you'll find at https://customer.cloudamqp.com/team/saml. NOTE: Leave the Sign on URL field BLANK. Click Save
9. Download the Federation Metadata XML and upload it at https://customer.cloudamqp.com/team/saml
10. Add users and/or groups that should have access
11. Enforce user roles via Azure SAML (optional)
    • Open the application, click single sign-on, and click the pen symbol at the User attributes and Claims section
    • Click Add new claim and enter the following

      Name: 84codes.roles

      Source: Transformation, this opens the option to select Transformation: Join().

      Parameter 1: Enter the key found at https://customer.cloudamqp.com/team/saml

      Separator: "/"

      Parameter 2: select user.jobtitle, or any field from the Azure user profile you wish to use to specify the CloudAMQP role to assign.

      Click Save
    • Go back to your application and click Users and Groups.
      Click on one of the users and in the field corresponding to the on chosen one in the previous step, in this case Job title, enter any of the roles specified at https://customer.cloudamqp.com/team/saml

    Specify for each user what role they are to be assigned in CloudAMQP.

12. Assign multiple roles via Azure SAML (optional)
    • Start by creating a separate Azure AD group per role/tag and assign to users.
    • In your CloudAMQP Enterprise application, click Single sign-on and the pen symbol next to attributes and claims. In the claim, assign attribute user.assignedroles to 84codes.roles
    • Under app roles, create an app role per role/tag and assign them the correspondent value.
    • Initiate a SAML sign-on. Tags and roles should now be assigned as requested.

    ---

    Google Workspace - SAML login on CloudAMQP

    Set up SAML on Google Workspace.

    1. Using a Super Administrator account, Navigate to Apps > Web and Mobile Apps.

    2. Select 'Add new App' - Add Custom SAML app.

    3. Give your new app a name and press 'Continue'.

    4. On the next screen, download IdP metadata. Once downloaded, upload this file to your CloudAMQP portal. In CloudAMQP, Navigate to Team Settings > Team > SAML Configuration and upload the IdP metadata file.

    5. On the next screen in your Google Workspace setup, paste the SAML Consumer URL/ACS (Consumer) URL from your CloudAMQP console to the ACS URL field. For EntityID, paste the SAML Audience URL/Audience URI/SP Entity ID/SAML Metadata value. Select EMAIL as Name ID, and leave the rest as-is.
    6. Press Finish. Now assign the app to a user and they will be able to sign in. The first login will have to be performed from the Google Workspace app dashboard (9 points menu).
    7. If you wish to provision roles or tags to the users, you can create a custom attribute and bind it to 84codes.roles. Pass the Entity ID followed by role, eg. xxxx-xxxx-xxxx-xxxx-xxxx/monitor. You can find your Entity ID on the CloudAMQP SAML Configuration page.

    If you need assistance or have any questions you can get in touch with support through support@cloudamqp.com