Note: Single Sign-On is available for Kaiterra Subscription users only. If you are not a Kaiterra Subscription user and require SSO, please contact your sales representative for more information.
To use Azure Active Directory (Azure AD) as your Identity Provider (IdP) for the Kaiterra Web App, you need to configure both Azure AD and your Kaiterra settings. This document will guide you through the steps.
Prerequisites
Before you start, make sure you have:
- A Kaiterra Web App account with administrator privileges
- An Azure AD account
- An Administrator role in Azure AD
Prepare Kaiterra
You will need some information from the Kaiterra Web App to paste into the Azure portal, and vice versa. So first, open a tab for the Kaiterra Web App, and in your Organization Settings, open the SSO tab.
If you do not see an SSO tab, you might not have an active subscription plan.
Please contact your Kaiterra Sales Representative for more information.
Configure Azure AD
To configure Azure AD for SSO with Kaiterra Web App, follow these steps:
- Go to the Azure portal and sign in using your administrator credentials.
- Browse to Azure Active Directory > Enterprise applications.
- Click on New application and then “Create your own application”
- Leave “Integrate any other application you don't find in the gallery (Non-gallery)” selected, and give the application a name like “Kaiterra”.
- In the Manage section of the left menu, select Single sign-on to open the Single sign-on pane for editing.
- Select SAML as the single sign-on method.
- On the SSO configuration page, click on Edit icon next to Basic SAML Configuration.
- Copy and paste the following values in the fields:
-
- Identifier (Entity ID): enter your Service Provider Issuer value from the Kaiterra SSO tab.
- Reply URL (Assertion Consumer Service URL): enter your Service Provider URL value from the Kaiterra SSO tab.
- Leave the rest of the fields blank.
-
- Click on Save.
- On the same page, click on Edit icon next to User Attributes & Claims.
- Click on the Unique User Identifier (Name ID) Claim item.
- Change the Source attribute from “user.principalname” to “user.mail”.
- Click on Save.
- Go back to the SAML-based Sign-on page.
Configure Kaiterra
To configure Kaiterra for SSO with Azure AD, follow these steps on the SSO tab:
- Copy and paste the following values in the fields:
-
- Identity Provider URL: enter your Login URL value from Azure AD settings
- Identity Provider Issuer: enter your Azure AD Identifier value from Azure AD settings
- Identity Provider Certificate: enter your Certificate (Base64) value from Azure AD settings (you will need to download this first and then copy/paste)
-
- Make sure Sign Auth Request and Login with SSO only are unchecked. Once you’ve tested that SSO works, you can come back and check Login with SSO only
- Click on Save.
Test SSO
To test if SSO is working correctly, follow these steps:
- Open a new browser window (or tab) to the Kaiterra sign-in page.
- You should be redirected to the Azure AD sign-in page, where you can enter your credentials.
- After successful authentication, you should be redirected back to Kaiterra Web App, where you can access your data and features.