SSO
      Back to home
      1. Bucketlist Help Center
      2. Integrations and IT
      3. SSO

      Azure AD SAML2 SSO Integration

      Guide to setup SAML SSO Integration for Azure AD

      Information needed to complete the integration:

      1. Identifier (Entity ID): https://company-subdomain.bucketlist.org/saml2/metadata/
      2. Reply URL (Assertion Consumer Service URL): https://company-subdomain.bucketlist.org/saml2/acs/
      3. Name ID Format: Email Address
      4. Application Username: Email
      5. Attribute Mappings:
        1. mail -> user.mail (Name Format: Unspecified)
        2. cn -> user.givenname (Name Format: Unspecified)
        3. sn -> user.surname (Name Format: Unspecified)

      Information required to provide BucketlistRewards

      1. Metadata in XML

      Once you provide XML metadata, request Bucketlist product team to enable SAML SSO for the company.

      Step by step guide for Azure AD

      This guide was last updated on November 18, 2022. The screenshots or steps may change over the time.

      1. Log into your Azure portal as an admin: https://portal.azure.com/
      2. Select "Azure Active Directory" from Azure services ribbon.
        Screenshot 2022-11-18 at 9.18.02 PM
      3. Select "Enterprise applications" from left menu
        Screenshot 2022-11-18 at 9.16.30 PM
      4. Click on "New Application" from top menu
        Screenshot 2022-11-18 at 9.23.09 PM
      5. Click on "Create your own application" button from the top menu
        Screenshot 2022-11-18 at 9.25.16 PM
      6. Enter a suitable application name e.g. "Bucketlist Rewards SAML" and select the radio input "Integrate any other application you don't find in the gallery (Non-gallery)" and click the "Create" button.
        Screenshot 2022-11-18 at 9.29.07 PM
      7. Select "Single sign-on" from left menu.
        Screenshot 2022-11-18 at 9.32.13 PM
      8. Select the single sign-on method "SAML".
        Screenshot 2022-11-18 at 9.34.03 PM
      9. Click the "Edit" button to start configuring SAML
        Screenshot 2022-11-18 at 9.35.44 PM
      10. Fill in the identifier & reply url fields as follows:
        1. Identifier (Entity ID): https://company-subdomain.bucketlist.org/saml2/metadata/
        2. Reply URL (Assertion Consumer Service URL): https://company-subdomain.bucketlist.org/saml2/acs/
          Screenshot 2022-11-18 at 9.42.03 PM
      11. Click "Save" button to save the basic configuration and close the popup.
      12. Now click "Edit" button in "Attributes & Claims" panel.
        Screenshot 2022-11-18 at 9.47.16 PM
      13. Click "Unique User Identifier (Name ID)" and change its "Source attribute" to "user.mail". Click Save.
        Screenshot 2022-11-18 at 11.11.42 PM-1
      14. Click each claim one by one and update claim names as follows and save the changes:
        (Important: Please remember to clear the namespace field)
        1. user.givenname -> cn
        2. user.surname -> sn
        3. user.mail -> mail
          Screenshot 2022-11-18 at 9.49.37 PM

      15. After saving all claims, the updated claim mapping should look like this:
        Screenshot 2022-11-18 at 11.15.19 PM
        (You can remove any additional claims as they are not required)
      16. Click "Edit" in "SAML Certificates" panel
        Screenshot 2022-11-18 at 11.03.24 PM-1
      17. Select the "Signing option" "Sign SAML response and assertion" and click save
        Screenshot 2022-11-18 at 11.04.23 PM
      18. Find the "Download" link in front of "Federation Metadata XML" in "SAML Certificates" panel and download the metadata file.
        Screenshot 2022-11-18 at 9.57.06 PM-1
      19. Share the downloaded metadata with the Bucketlist team.
      20. Select on "Users and Groups" from left menu and assign user or groups as per your company policy.
        Screenshot 2022-11-18 at 10.12.22 PM