SP: Azure AD SAML configuration for aqua SSO

Azure AD SAML configuration for aqua SSO

1. Create an application in Azure AD as Non-Gallery and assign it a custom name. This name will later be required as the Entity ID, which we will add in aqua. See Microsoft documentation for instructions.

2. Configure the URLs:

• Login URL: https://<aqua-server>/aquaWebNG/Account/saml2-acs

• Logout URL: https://<aqua-server>/aquaWebNG/Account/saml2-logout

3. aqua allows login only via username. If the username should be defined as the beginning of the email address (everything before '@'), a new claim with `extractmailprefix` from `user.principalname` must be added and a transformation applied. See documentation for additional claims.

Then you need to provide us with the full claim name. It usually starts with http://schemas.xmlsoap.org...

4. The XML metadata file and certificates must also be provided if they are not globally trusted.

PreviousSSO NextLDAP

Last updated 12 minutes ago

Was this helpful?