SAP Knowledge Base Article - Public

3242880 - SaaS: Configuring SSO with Azure AD

Symptom


We want to configure the SAML-integration with our Azure AD. Where can I find the instruction guide as a link / PDF?




Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

Resolution

The information provided does not imply that SAP Signavio Product Support have any expertise in setting up 3rd party identity provider (IdP) systems for customers. These are merely bits of information that were gathered over time while configuring the SAML SSO with identity providers, which may help you with a smoother setup. If you require assistance setting up your IdP system, please reach out to your consultant, partner, or specialized support.


Please find a quick instruction guide below:

  • Add a new application in the Azure AD (Enterprise applications - New application)



  • Select the option "Non-gallery application" and type a name for the application




  • Select the option "User and groups"
    • Click on the button "Add user"

    • Select the users and groups, who should have access to the Signavio Collaboration Hub
    • Confirm your selected users and groups with the Select-button and the Assign-button
  • Choose "Single sign-on" and select the value "SAML"


  • Then, fill out the information according to the following steps
    • Basic SAML Configuration
      • Don´t use the "Upload metadata file"-function as this doesn´t work with the Signavio metadata
      • Type in the URLs for the "Entity ID" and "Assertion Consumer Service URL" according to the following KB article.
      • You can leave the additional URLs empty


  • User Attributes & Claims

    • Use the user.employeeid attribute as the "User Identifier"

    • Delete the existing attribute examples (The default namespace entries lead to error messages because they are different attribute names)
    • Add the following new attributes and leave the namespace empty

      namevalue
      last_nameuser.surname
      first_nameuser.givenname
      emailuser.mail



  • SAML Signing Certificate

    • Download the Federation Metadata XML (The file has to be uploaded into your Signavio workspace)

Afterwards, the configuration is done and the app can be found on the Azure Portal. The synchronization can take some minutes.


Once the configuration on both sides has been completed, you can test the SSO via this URL (Please choose the appropriate infrastructure for your link)

  • https://editor.signavio.com/intralink/portal?t=<workspace ID>
  • https://app-au.signavio.com/intralink/portal?t=<workspace ID>
  • https://app-us.signavio.com/intralink/portal?t=<workspace ID>

(Replace the placeholder <workspace ID> with the workspace ID of your tenant. You can find the workspace ID in Process Manager Explorer - Help - Workspace information)



Keywords

KBA , BPI-SIG-CA-SEC-SAM , SAML 2.0 for SAP Signavio , How To

Product

SAP Signavio Process Manager all versions ; Signavio Process Manager all versions

Attachments

AzureDE_left.png
AzureDE_right.png
image2018-11-27_12-56-56.png
image2018-11-27_12-57-32.png
image2018-11-27_12-58-43.png
image2018-11-27_12-59-52.png
image2018-11-27_13-2-43.png
image2018-11-27_13-5-59.png
image2018-11-27_13-5-59.png
image2018-11-27_13-8-49.png
image2018-11-27_13-8-49.png
image2020-6-11_9-16-34.png
image2020-6-11_9-17-14.png