Use Azure AD for SSO authentication

Learn how to use Azure Active Directory (Azure AD) for Single Sign-On (SSO) authentication with SAML 2.0 so members of your organization can sign in to Kobiton using their Microsoft credentials.

Get Kobiton parameters

First, you’ll need to save a copy of your Kobiton SSO attributes so you can easily add them to your IdP later.

Select your profile name or picture, then choose Settings.

Select your profile name and select Settings

Choose SSO Settings.

SSO settings page

From Basic configuration, copy the following values and save them to a note:

  • Entity ID (or Audience URL)

  • Reply (or SSO, or ACS) URL

Basic configuration step in SSO settings

From User attributes (or parameters), copy the following values and save them to a note:

  • email

  • firstName

  • lastName

  • phoneNumber

  • memberOf

User attributes or parameters step in SSO settings

Later you’ll finish configuring your Kobiton SSO settings so keep this browser window open.

Create IdP application

In Azure DP, open your default directory, select Enterprise Application, then New Application.

Select Enterprise Application, then New Application

From Add your own app, choose Non-gallery application, then enter a name for your application in the search bar and select Add.

Choose Non-gallery application option

Select Assign users and groups and add test user for your application.

Assign users and group option in Getting Started

You’ll set up single sign on in the next section.

Map parameters

Now that your IdP application is initially created, you’ll need to create Azure AD parameters mapped to Kobiton and download your Base64 certificate. Select Set up single sign on to get started.

Select Setup Single Sign On option in Getting Started

In step 1, Basic SAML Configuration, use your Kobiton SSO parameters from earlier to fill out the following fields:

  • Identifier (Entity ID)

  • Reply URL (Assertion Consumer Service URL)

  • Relay State

Fill out Identifier, Reply URL, Relay State from Kobiton SSO parameters

In step 2, User Attributes & Claims, create the following parameters:

Parameter 1
  • Name: email

  • Namespace: Leave blank

  • Name format: Basic

  • Value:

Parameter 2
  • Name: firstName

  • Namespace: Leave blank

  • Name format: Basic

  • Value: user.givenname

Parameter 3
  • Name: lastName

  • Namespace: Leave blank

  • Name format: Basic

  • Value: user.surname

Parameter 4
  • Name: phone

  • Namespace: Leave blank

  • Name format: Basic

  • Value: user.telephonenumber

Parameter 5
  • Name: Unique User Identifier

  • Namespace: Leave blank

  • Name format: Basic

  • Value: user.userprincipalname

Fill out Attributes & Claim

Download certificate and get IdP parameters

In step 3, SAML Signing Certificate, download Certificate (Base64).

Download Certificate (Base64)

In step 4, Set up Kobiton Azure Local, copy the following values and save them to a note:

  • Login URL

  • Azure AD Identifier

  • Logout URL

Set up Kobiton Azure Local

Add IdP parameters and certificate to Kobiton

Now, you’ll need to add your IdP parameters and certificate to your Kobiton organization. In your SSO Settings, scroll down to Set up at Kobiton side.

Scroll down to step Set up at Kobiton side

Add your IdP parameters and certificate to the following:

  • Identity provider issuer

  • Identity issuer URL

  • Identity provider sign in URL

  • Identity provider sign out URL

  • Identity provider certificate

Verify and save configuration

If you enable Enforce users to login to Kobiton only through SSO, you’ll also gain access to Specify Organization Access Restrictions with the ability to enable Pass role/team assignments to users in the SAML validations.

Choose the method that’s best for your organization.

The Specify Organization Access Restrictions step in SSO settings

After you’ve chosen a method, select Verify to test your SSO configuration.

If you received a successful response, select Save to complete your SSO configuration.