Instructions for Azure (Active Directory) SAML 2.0 Single Sign On Setup

This article is an overview of the steps required to integrate ContractSafe with Active Directory hosted on Azure.  In order to set this up, you must have Admin or Account Manager access on ContractSafe and also Admin access on Azure.

1. In ContractSafe Settings, under Security & Integrations, turn on SSO and generate the ContractSafe Saml2 Single Sign On URL url.

2.   Log into Azure, and navigate to Portal.  From there select Azure Active Directory.

3.  From the menu on the left, click on Enterprise Applications.  Click on New Application then Create Your Own Application:

4.   Assign a name to your application and click Create in the bottom right. 

IMPORTANT:  DO NOT USE THE EXISTING CONTRACTSAFE INTEGRATION.

5.  Click on Users and groups in the menu on the left, and then click on Add user/group

6.  Click on Users - None Selected and select the users you would like to allow access from the panel on the right. Click Select when you are done.  NOTE:   Ensure that the users have Role Assigned set to User

7.  From the menu on the left click on Single sign-on, and then select SAML.  Populate the Identifier URL and Reply URL fields with the Saml2 Single Sign On URL from ContractSafe Settings -> Security & Integrations 

IMPORTANT:  Ensure that the claim emailaddress corresponds the value user.mail

8.  In ContractSafe Settings, under Security & Integrations: Single Sign On section, enter the word emailaddress in the Email Identifier field.

9.  Back in Azure, download the Federation Metadata XML

and upload it using the link in ContractSafe, under Security & Integrations: Single Sign On section:

You can access the application by either:

1.   Bookmarking the User access URL under Properties (in your Azure Settings)

2.  Clicking the ContractSafe App Icon from myapps.microsoft.com