Learn how to get more out of Beamo with Plans and Packs.
Introduction
This article details the necessary steps for using Beamo's SAML SSO with Azure as the Identity Provider.
Who can use this feature?
Super Admin | Site Manager | Team Admin | Surveyor | Collab- orator |
Viewer | |
Setup SAML SSO |
Setting up SAML SSO
Open SSO in Beamo
The SSO configuration is located in the Settings of Beamo.
- Beamo → Settings → Security
Click “Enable SAML SSO” to start the process.
Create an Enterprise Application in Azure
Note: Providers’ configuration instructions are outlined here. For more detailed configuration instructions, please contact the respective ID provider.
1. Open the Azure Portal and navigate to the Azure Active Directory.
2. Select Enterprise applications and create a New application.
3. In the Azure AD Gallery, click Create your own application.
4. Enable Single Sign On from the Application overview screen.
5. Select SAML and configure the application.
Basic SAML Configuration
Edit the following fields:
Field | Description |
Reply URL (ACS URL) |
Set this field to the pre-generated Assertion Consumer Service (ACS) URL retrieved from the Beamo SSO configuration screen. |
Identifier (Entity ID) |
Set this field to the pre-generated SP Entity ID retrieved from the Beamo SSO Configuration screen. |
Sign-on URL |
(Optional) Set this field to the login URL from which users will access Beamo. |
Attributes & Claims
The default settings work to log in with SSO. There are no changes necessary in this section.
Certificate
Download the Certificate (Raw) for later use.
Set up your Application
Take note of the Login URL and Azure AD Identifier in this section for later use.
6. Select Users and groups from the navigation and assign access to the Login with SSO application on a user or group level through the Add user/group button.
Continue on to Beamo
The Azure Portal-specific configurations are done. Continue on to Beamo to finish the configuration.
- Service Provider Configuration defines the format of SAML requests.
- Identity Provider Configuration defines the format to expect for SAML responses.
Service Provider Configuration
Configure the following fields according to the choices selected in the Azure Portal during setup:
Field | Description |
Want Assertions Signed |
Condition where Beamo expects SAML assertions to be signed. |
Validate Certificates |
Check this box when using trusted and valid certificates from your IdP through a trusted CA. |
Identity Provider details
Identity Provider Configuration will often require you to refer back to the Azure Portal to retrieve application values:
Field | Description |
Entity ID |
Enter the Azure AD identifier retrieved from the Azure Portal’s Set up |
Single Sign On Service URL |
Enter your Login URL retrieved from the Azure Portal's Set up your Application section. |
Single Log Out URL |
Enter your Logout URL retrieved from the Azure Portal's Set up your Application section. |
X509 Public Certificate |
Paste the retrieved Certificate, removing -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----. Extra spaces, carriage returns, and other extraneous characters will cause certification validation to fail. |
Allowed domains
Specify the email domains which are allowed to authenticate with SAML SSO. Add one domain per field. If the users log in with name@example.com, the domain to be entered is example.com.
Test & Save
After the tests are successful, [Save] the configuration, and SSO will be enabled.