Skip to main content

Microsoft Entra ID SAML Configuration

This document outlines the process for configuring Microsoft Entra ID (formerly Azure AD) as a SAML identity provider for Willba. This documentation is relevant for Willba customer company IT personnel who have access to the company's Microsoft Entra ID admin portal.

Step 1: App Setup

  1. Navigate to the Microsoft Entra ID admin portal.
  2. Select Identity > Applications > Enterprise applications.
  3. Click on New application.
  4. Choose Integrate any other application you don't find in the gallery (Non-gallery).
  5. Name your application Willba and click Create.

Step 2: App Configuration

  1. In the newly created application, navigate to Single sign-on in the left sidebar.
  2. Select SAML as the single sign-on method.
  3. Configure the Basic SAML Configuration with the following values:
    • Identifier (Entity ID): https://auth.willba.app/realms/{realm-name}
    • Reply URL (Assertion Consumer Service URL): https://auth.willba.app/realms/{realm-name}/broker/{saml-alias}/endpoint
tip

Replace {realm-name} and {saml-alias} with the values provided by your Willba contact person.

  1. Under the "User Attributes & Claims" section, ensure that the following attributes are mapped:

    • Email (claim name: emailaddress)
    • First name (claim name: givenName)
    • Last name (claim name: surname)
  2. Download the Federation Metadata XML file by clicking on the "Download" link in the "SAML Certificates" section. This file will be needed for communication between Willba and Microsoft Entra ID.

  3. Share the downloaded metadata file with your Willba contact person.

Step 3: Group Mapping Configuration

To map Microsoft Entra ID groups to Willba roles:

  1. Under "User Attributes & Claims", click on "Add a group claim".
  2. Select "All groups".
  3. For the Source attribute, select "Group ID".
  4. For advanced options, you can use a filter to include only specific groups for example groups starting with Willba.
note

The group claim will be sent with the identifier: http://schemas.microsoft.com/ws/2008/06/identity/claims/groups This information will be needed when configuring the Keycloak group mapper.

Step 4: User Access Setup

  1. Navigate to Users and groups in the left sidebar of your application.
  2. Click on Add user/group.
  3. Select the groups that should have access to Willba.
  4. Click Assign to grant them access.

Step 5: Finalization

The login will work after the Willba contact person adds the SAML settings to the application.

Make sure to test the setup with a few users to confirm everything is working as expected. If you encounter any issues, please reach out to your Willba contact person.

For Willba administrators configuring Keycloak, please refer to the SAML Admin Documentation.