Microsoft Entra ID SAML Configuration
This document outlines the process for configuring Microsoft Entra ID (formerly Azure AD) as a SAML identity provider for Willba. This documentation is relevant for Willba customer company IT personnel who have access to the company's Microsoft Entra ID admin portal.
Step 1: App Setup
- Navigate to the Microsoft Entra ID admin portal.
- Select
Identity
>Applications
>Enterprise applications
. - Click on
New application
. - Choose
Integrate any other application you don't find in the gallery (Non-gallery)
. - Name your application
Willba
and clickCreate
.
Step 2: App Configuration
- In the newly created application, navigate to
Single sign-on
in the left sidebar. - Select
SAML
as the single sign-on method. - Configure the Basic SAML Configuration with the following values:
- Identifier (Entity ID):
https://auth.willba.app/realms/{realm-name}
- Reply URL (Assertion Consumer Service URL):
https://auth.willba.app/realms/{realm-name}/broker/{saml-alias}/endpoint
- Identifier (Entity ID):
Replace {realm-name}
and {saml-alias}
with the values provided by your Willba contact person.
-
Under the "User Attributes & Claims" section, ensure that the following attributes are mapped:
- Email (claim name:
emailaddress
) - First name (claim name:
givenName
) - Last name (claim name:
surname
)
- Email (claim name:
-
Download the Federation Metadata XML file by clicking on the "Download" link in the "SAML Certificates" section. This file will be needed for communication between Willba and Microsoft Entra ID.
-
Share the downloaded metadata file with your Willba contact person.
Step 3: Group Mapping Configuration
To map Microsoft Entra ID groups to Willba roles:
- Under "User Attributes & Claims", click on "Add a group claim".
- Select "All groups".
- For the Source attribute, select "Group ID".
- For advanced options, you can use a filter to include only specific groups for example groups starting with
Willba
.
The group claim will be sent with the identifier: http://schemas.microsoft.com/ws/2008/06/identity/claims/groups
This information will be needed when configuring the Keycloak group mapper.
Step 4: User Access Setup
- Navigate to
Users and groups
in the left sidebar of your application. - Click on
Add user/group
. - Select the groups that should have access to Willba.
- Click
Assign
to grant them access.
Step 5: Finalization
The login will work after the Willba contact person adds the SAML settings to the application.
Make sure to test the setup with a few users to confirm everything is working as expected. If you encounter any issues, please reach out to your Willba contact person.
For Willba administrators configuring Keycloak, please refer to the SAML Admin Documentation.