Azure SSO Setup
Step 1: Create a new enterprise application
Step 2: Choose SAML
Step 3: Enter Entity ID/Reply ID
Capacity IDP: https://auth.capacity.com/
Reply URL: https://auth.capacity.com/v1/sso/saml/acs
Step 4: Add User Attributes Claims
You can’t edit existing claims, so you need to add new ones.
- Name: first_name Source attribute: user.givenname
- Name: last_name Source attribute: user.surname
- Name: email Source attribute: user.mail
Step 5: Delete claims we didn’t create just now
Step 6: Provide your customer success manager with the federation Metadata URL
Step 7: Add appropriate users/groups
Please complete this step prior to sending your CSM the URL.
Troubleshooting
Error AADSTS50105 - The signed in user is not assigned to a role for the application.
In this case, the user has not been granted access to the application in Azure AD. You can refer to step 7 above, or you can use this quick start guide from Microsoft to appropriately assign users.
For more details on this error, you can refer to this Microsoft help page.