Azure Active Directory Integration

Overview

super.AI supports Azure Active Directory SSO integration on request as an Azure Active Directory Enterprise Application. This means customer organization users can sign up in our platform using their Active Directory credentials and be automatically added to a super.AI Organization resource mapping the customer organization.

How to integrate with super.AI Organizations

In the following paragraph we describe the required steps to integrate with super.AI’s Organisations feature leveraging Azure Active Directory.

  1. The customer must request super.AI access to this feature via their account manager

  2. Subsequently, super.AI will provide the Identifier (Entity ID) and Reply URL required for the customer to create an Enterprise Application in his Active Directory.

  3. After that the customer must provide super.AI with the generated App Federation Metadata Url and the claim names of email (e.g “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress”) and groups (”http://schemas.microsoft.com/ws/2008/06/identity/claims/groups”).

    and …

  4. … the customer needs to provides a mapping to match their groups to super.AI possible organization roles (MEMBER or OWNER).

  5. In addition, customers must provide an organization username to use in super.AI.

  6. super.AI provide the customer an URL to sign up/sign in using Azure Active directory.

  7. Once users have signed up for super.AI using their Azure credentials they can use SSO

Step by step to add super.AI customer pool as an enterprise application in Azure Active Directory

To add new application in Azure Active Directory:

  1. Log in to the Azure Portal.
  2. In the Azure Services section, choose Azure Active Directory.
  3. In the left sidebar, choose Enterprise applications.
  4. Choose New application.
  5. On the Browse Azure AD Gallery page, choose Create your own application.
  6. Under What’s the name of your app?, enter a name for your application and select Integrate any other application you don’t find in the gallery (Non-gallery), as shown in next figure. Choose Create.
15601560

To set up Single Sign-on using SAML

  1. On the Getting started page, in the Set up single sign on tile, choose Get started, as shown in next figure.

    https://d2908q01vomqb2.cloudfront.net/22d200f8670dbdb3e253a90eee5098477c95c23d/2021/11/10/Amazon-Cognito-federated-authentication-3r.pnghttps://d2908q01vomqb2.cloudfront.net/22d200f8670dbdb3e253a90eee5098477c95c23d/2021/11/10/Amazon-Cognito-federated-authentication-3r.png

  2. On the next screen, select SAML.

  3. In the middle pane under Set up Single Sign-On with SAML, in the Basic SAML Configuration section, choose the edit icon.

    https://d2908q01vomqb2.cloudfront.net/22d200f8670dbdb3e253a90eee5098477c95c23d/2021/11/09/Amazon-Cognito-federated-authentication-4.pnghttps://d2908q01vomqb2.cloudfront.net/22d200f8670dbdb3e253a90eee5098477c95c23d/2021/11/09/Amazon-Cognito-federated-authentication-4.png

  4. In the right pane under Basic SAML Configuration, replace the default Identifier ID (Entity ID) with the Identifier (Entity ID) you received previously. In the Reply URL (Assertion Consumer Service URL) field, enter the Reply URL you received previously, as shown in the previous figure. Choose Save.

  5. In the middle pane under Set up Single Sign-On with SAML, in the User Attributes & Claims section, choose Edit.

  6. Choose Add a group claim.

  7. On the User Attributes & Claims page, in the right pane under Group Claims, select Groups assigned to the application, leave Source attribute as Group ID, as shown in the next figure. Choose Save.

    https://d2908q01vomqb2.cloudfront.net/22d200f8670dbdb3e253a90eee5098477c95c23d/2021/11/09/Amazon-Cognito-federated-authentication-5.pnghttps://d2908q01vomqb2.cloudfront.net/22d200f8670dbdb3e253a90eee5098477c95c23d/2021/11/09/Amazon-Cognito-federated-authentication-5.png

    This adds the group claim so that super.AI customer pool can receive the group membership detail of the authenticated user as part of the SAML assertion.

  8. In a text editor, note down the Claim names for email and groups under Additional claims, as shown in the previous figure. You’ll need to inform of those to super.AI

  9. Close the User Attributes & Claims screen by choosing the X in the top right corner. You’ll be redirected to the Set up Single Sign-on with SAML page.

  10. Scroll down to the SAML Signing Certificate section, and copy the App Federation Metadata Url by choosing the copy into clipboard icon (highlighted with red arrow in the last figure). You’ll need to inform of this to super.AI

    https://d2908q01vomqb2.cloudfront.net/22d200f8670dbdb3e253a90eee5098477c95c23d/2021/11/09/Amazon-Cognito-federated-authentication-6.pnghttps://d2908q01vomqb2.cloudfront.net/22d200f8670dbdb3e253a90eee5098477c95c23d/2021/11/09/Amazon-Cognito-federated-authentication-6.png