Azure AD SAML2 SSO Integration

Guide to setup SAML SSO Integration for Azure AD

Information needed to complete the integration:

  1. Identifier (Entity ID):
  2. Reply URL (Assertion Consumer Service URL):
  3. Name ID Format: Email Address
  4. Application Username: Email
  5. Attribute Mappings:
    1. mail -> user.mail (Name Format: Unspecified)
    2. cn -> user.givenname (Name Format: Unspecified)
    3. sn -> user.surname (Name Format: Unspecified)

Information required to provide BucketlistRewards

  1. Metadata in XML

Once you provide XML metadata, request Bucketlist product team to enable SAML SSO for the company.

Step by step guide for Azure AD

This guide was last updated on November 18, 2022. The screenshots or steps may change over the time.

  1. Log into your Azure portal as an admin:
  2. Select "Azure Active Directory" from Azure services ribbon.
    Screenshot 2022-11-18 at 9.18.02 PM
  3. Select "Enterprise applications" from left menu
    Screenshot 2022-11-18 at 9.16.30 PM
  4. Click on "New Application" from top menu
    Screenshot 2022-11-18 at 9.23.09 PM
  5. Click on "Create your own application" button from the top menu
    Screenshot 2022-11-18 at 9.25.16 PM
  6. Enter a suitable application name e.g. "Bucketlist Rewards SAML" and select the radio input "Integrate any other application you don't find in the gallery (Non-gallery)" and click the "Create" button.
    Screenshot 2022-11-18 at 9.29.07 PM
  7. Select "Single sign-on" from left menu.
    Screenshot 2022-11-18 at 9.32.13 PM
  8. Select the single sign-on method "SAML".
    Screenshot 2022-11-18 at 9.34.03 PM
  9. Click the "Edit" button to start configuring SAML
    Screenshot 2022-11-18 at 9.35.44 PM
  10. Fill in the identifier & reply url fields as follows:
    1. Identifier (Entity ID):
    2. Reply URL (Assertion Consumer Service URL):
      Screenshot 2022-11-18 at 9.42.03 PM
  11. Click "Save" button to save the basic configuration and close the popup.
  12. Now click "Edit" button in "Attributes & Claims" panel.
    Screenshot 2022-11-18 at 9.47.16 PM
  13. Click "Unique User Identifier (Name ID)" and change its "Source attribute" to "user.mail". Click Save.
    Screenshot 2022-11-18 at 11.11.42 PM-1
  14. Click each claim one by one and update claim names as follows and save the changes:
    (Important: Please remember to clear the namespace field)
    1. user.givenname -> cn
    2. user.surname -> sn
    3. user.mail -> mail
      Screenshot 2022-11-18 at 9.49.37 PM

  15. After saving all claims, the updated claim mapping should look like this:
    Screenshot 2022-11-18 at 11.15.19 PM
    (You can remove any additional claims as they are not required)
  16. Click "Edit" in "SAML Certificates" panel
    Screenshot 2022-11-18 at 11.03.24 PM-1
  17. Select the "Signing option" "Sign SAML response and assertion" and click save
    Screenshot 2022-11-18 at 11.04.23 PM
  18. Find the "Download" link in front of "Federation Metadata XML" in "SAML Certificates" panel and download the metadata file.
    Screenshot 2022-11-18 at 9.57.06 PM-1
  19. Share the downloaded metadata with the Bucketlist team.
  20. Select on "Users and Groups" from left menu and assign user or groups as per your company policy.
    Screenshot 2022-11-18 at 10.12.22 PM