Azure - SAML Integration Instructions(Single Sign On)

  • 1 minute(s) read
Prev Next

Follow the below steps to integrate Azure Active directory(identity provider)  with Catchpoint (service provider)

  1. Login to Azure and navigate to Azure Active Directory > Enterprise applications

  2. Click on New application and select non-gallery application

    1. New Application
       mceclip0.png

    2. Non-gallery application
       mceclip1.png

  3. Configure Azure AD SSO (SAML)

    1. Navigate to Single sign-on in the left panel after creating the application.
       mceclip0.png
    2. Select SAML from the single sign-on methods to navigate to SAML-based Sign-on Page.
    3. In the Identifier (Entity ID) field, input: https://portal.catchpoint.com/SAML2
    4. In the Reply URL (Assertion Consumer Service URL): field, input: https://portal.catchpoint.com/ui/Entry/SingleSignOn.aspx
      mceclip1.png

  4. Catchpoint requires the following two attributes/claims namespace attribute is mandatory for Identity Provider (IdP) initiated login.

    • Namespace: Identifies your SSO provider and the value can be of your choice.

image.png

Note: Namespace is not a default attribute/claims in Azure AD, and is mandatory for Identity Provider (IdP) initiated login.
- DirectAssertion Mapping: This setting allows the IdP to create and set user permissions based on key/value pairs. 
Follow these steps to create a new claim and the value.
1. Click on Edit User Attributes and Claims
4.png
2. Add new claim
5.png
3.  Provide the name which is the key used in the assertion in Catchpoint
7_-_Name.png
4. Select attribute
7-Attribute.png
5. Select AD group name
7-Group.png
6. Specify the value to be sent to Catchpoint – this will be the value we match in the assertion.
7-Value.png
The above azure AD setup shows the claim name as "departm"(key) and the value as "CP_ALL_RO" (value) for the Azure AD group.

  1. Complete Catchpoint single sign-on setup for Autoprovisioning.

A user login into Catchpoint has the claim name as "departm" and the value "CP_ALL_RO" then the user assigns with "Client analyst" System access/user role as per below settings.
image.png

Note: If a user is not assigned the Client analyst user role, this means the key=value (claim name or/and value) pair is not getting passed correctly from IDP( Azure AD). However, we can verify by capturing SAML.
Use SAML-tracer Chrome extension (Mozilla extension) to capture the SAML while login to Catchpoint to verify if the claim name and value are getting passed from Azure AD.

Please feel free to reach out at support@catchpoint.com for any assistance.