Microsoft Azure AD
This document provides a step-by-step guide for configuring the Single Sign-On authentication method for Microsoft Azure AD accounts.
Last updated
This document provides a step-by-step guide for configuring the Single Sign-On authentication method for Microsoft Azure AD accounts.
Last updated
Access the Azure Portal https://portal.azure.com/
This documentation was written using Azure in English. If your Azure language settings differ, consider changing them to English to make it easier to follow the steps.
Click on Azure Active Directory.
Click on Enterprise Applications.
Click on Create Your Own Application.
Enter a name for the application and select Integrate any other application you don’t find in the gallery (Non-gallery).
Assign the users or groups who will have access to the application (at least your account or another one for testing purposes).
After assigning users, click on the Single sign-on menu to start the configuration.
Access the Deskbee Dashboard (https://admin.deskbee.app/companyname) using the provided credentials, as you will need to exchange URLs and certificates between the Identity Provider (Azure AD) and the Service Provider (Deskbee).
Access the Deskbee Dashboard (https://admin.deskbee.app/companyname)
In the Deskbee Dashboard, go to Integrations / Authentication.
Access to Integrations / Authentication is restricted to IT and Super User profiles. Check with the administrator if your account is part of one of these profiles.
Enable SAML SSO Authentication.
Click on the three dots, then click the Add New SSO Connection button.
Provide a name for your connection and text displayed in the Connection Button.
Copy the Deskbee configuration URLs
In the Deskbee Dashboard’s Basic SAML Configuration, copy the URLs from your dashboard. These URLs should be added to the Azure Portal.
The image below is for illustration purposes only. Check your specific Deskbee account’s URLs in the Deskbee Dashboard.
In the Azure Portal, go to Single sign-on > SAML.
The SAML configuration details will be displayed. In Basic SAML Configuration (1), click Edit.
Return to the Deskbee Dashboard, copy the available URLs in Basic SAML Configuration, and paste them into the corresponding fields in the Azure Portal’s Basic SAML Configuration.
Deskbee Dashboard URLs vs. Azure Portal URLs:
Deskbee Dashboard
Azure Portal
Identifier (Entity ID)
Identifier (Entity ID)
ACS Response URL (Consumer Service Declaration URL)
Reply URL (Assertion Consumer Service URL)
Click Save.
Configuring Attributes (Claims), In User Attributes & Claims (2), click Edit.
In the Unique User Identifier (Name ID) claim, click on Value.
Select "Persistent" under "Choose name identifier format".
Set Source attribute to user.mail and save the configuration and close it.
Ensure the Additional claims include the following:
Claim name
Value
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
user.mail
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
user.displayname
Additional attributes/claims for Azure integration can be ignored.
Check Claims: This is the final configuration for attributes/claims required for Deskbee.
In the Azure Portal, download the certificate in Base64 format from SAML Signing Certificate (3).
Return to the Deskbee Dashboard. Click on the SAML Authentication Certificate (Base64) field, choose the downloaded certificate, and upload it.
Configuring Azure URLs in Deskbee
In the Azure Portal under Login URL and Azure AD Identifier (4), copy these URLs and add them to the Deskbee Dashboard in the corresponding fields:
Check below the fields of the Azure Portal URLs and which field corresponds to the Deskbee Panel.
Azure Portal Field
Deskbee Dashboard Field
Microsoft Entra Identifier
Identity ID
Login URL
Login URL
Logout URL
Logout URL
Save the configuration in the Deskbee Dashboard by clicking Save.
Access your Deskbee app at companyname.deskbee.app and click the login button you named.
Enjoy! 😁
If this error, “Signature validation failed. SAML Response rejected,” occurs, follow these steps:
In the Deskbee Dashboard, re-upload the certificate.
In the Azure Portal, edit User Attributes & Claims and ensure the unique user identifier has the value:
user.mail [nameid-format:persistent].
Versioning
Version
Author
Data
v1.6
Andrew Prado
19/12/2024
v1.5
Cleber Rodrigues
03/08/2021
v1.4
Cleber Rodrigues
19/02/2021
v1.3
Cleber Rodrigues e Mário Verdi
03/02/2021
v1.2
Cleber Rodrigues
08/10/2020
v1.1
Cleber Rodrigues
15/09/2020
v1.0
Mário Verdi
13/09/2020