All Collections
Workspace management
Creating and setting up your workspace
Azure AD
How to Configure the Cerby App Gallery SAML App with Your Azure AD Tenant
How to Configure the Cerby App Gallery SAML App with Your Azure AD Tenant
Cerby Team avatar
Written by Cerby Team
Updated over a week ago

All Cerby users have the ability to configure a default Identity Provider to power Single Sign On (SSO). This article details how to configure Azure Active Directory (Azure AD) as the primary Identity Provider to facilitate SSO with the Cerby application.

Supported Features

  • Control in Azure AD who has access to Cerby.

  • Service Provider (SP)-Initiated Authentication (SSO) Flow - This authentication flow occurs when the user attempts to log in to the application from Cerby.

Requirements

In order to proceed with configuring login with SSO through Azure AD, you must:

  • Have access to an Azure AD tenant

  • Be an Azure AD administrator to that tenant

  • Have received a Welcome to Cerby email invitation

If you have not received a Welcome to Cerby email invitation, please email support@cerby.com to request an invite.

Step-by-Step Configuration Steps

The following documents the configurations for setting up the SAML2 integration between Cerby and Azure AD. Azure AD is the Identity Provider (IDP) and depending on the use case, the user will be redirected to Azure AD for authentication if no session has been established.

To configure your provisioning settings for Cerby in Azure AD, please complete the following steps:

Step One - Setup Workspace in Cerby

  1. Click on Create your Workspace from your Welcome to Cerby email.

  2. In the first screen that loads, select Sign in with Azure AD as your Identity Provider to configure.

  3. In the next screen, provide a Workspace name. Remember the Workspace name which you have provided for step 2.6 below. Then, click Next.

  4. The next page will have important configuration information. Leave this tab open and open up a separate window or tab to continue.

Step Two - Add SAML App to Azure AD

  1. In the new tab, sign in to your Azure portal.

  2. Navigate to All Services > Azure Active Directory > Enterprise Applications and then click on New Application.

  3. Then in the search bar, search for Cerby and click on the first search result.

  4. On the following screen, click on Set up single sign on.

  5. Then, select the SAML option.

  6. Under Basic SAML Configuration, click Edit and fill in the Identity (Entity ID) and Reply URL (Assertion Consumer Service URL) with the values from step 1.4 above. The value for Sign on URL will be “https://<Workspace>.cerby.com” where Workspace is from step 1.3 above. Click Save.

    1. In the Azure Portal:

    2. In the Cerby Workspace Configuration Tab:

    3. In the Basic SAML Configuration drawer:

  7. Return to the Cerby Overview page within the Azure Portal and move on to the next step.

Step Three - Add Users to your application

  1. In the Azure Portal, click into the Cerby app.

  2. Within the configured Cerby app, click on the Users and Groups tab and add the relevant users and/or groups to the Cerby app with the appropriate assignments. This should be the same flow followed for any other App Gallery app.

Step Four - Populate SSO configuration in Cerby

  1. In the Azure portal, Go to your Single Sign-on settings and copy the App Federation Metadata URL

  2. Return to the Cerby Workspace Configuration page from Step 1.4 above and paste the Metadata URL value from step 4.1 into the App Federation Metadata URL field.

  3. Click on “I have already assigned users or groups to the application”, per step 3.2 above.

  4. Click on Finish Configuration.

  5. You are done. Proceed to log in to your Cerby workspace.

Notes

Permissions

Cerby’s integration with Azure AD leverages Azure AD only for SSO authentication. To assign permissions for Cerby, users must do so directly within Cerby.

Did this answer your question?