The document describes the base line configurations to setup an integration with our Identity Access Management System (IAM) and your Identity Provider (Azure SAML).
Pre-requisites Azure SAML Configuration
The following details pertain to our Production environment and will need a representative from Core Strengths to enable the feature within your platform account.
On the Azure portal page (
Azure), choose Enterprise Applications.
At the left of the page, click on
All applications, and then near the top click New application.
In the search bar under
Search applications, enter aws, and then choose AWS Single-Account Access to open an interstitial form. Name the application something like CoreStrengths Platform
Navigate to the
Single sign-on page and populate the following details: Basic SAML Configuration Attributes & Claims
Unique User Identifier (Name ID)
That is the only configuration necessary for Azure SAML-based Sign-on page. All other settings may be ignored.
CoreStrengths Platform Configuration
Configuration within CoreStrengths Account Settings: (Feature Flag
SSO Enabled will need to be enabled [
true] upon engagement)
Add email domains we wish to target within the
Email Identifiers input
email attribute mapping add
MetadataURI with your given Issuer URL similar to:
Optionally Enable Single Sign-out workflows (SSOut)
This allows session termination (logout) to call our IdP. When a user logs off of CoreStrengths Platform, the platform will request a best-effort “sign-out of all-applications” to your IdP.
Once a CoreStrengths Platform account has been configured for SSO, people can navigate to the login page directly without first proceeding to the platform. The
Login URL field will be very similar to the following (replacing the
identity_provider value with one provided to you by CoreStrengths)
Hosted SSO Link (example above), specific for your organization, can be found on the
Settings page, under the
SSO chunk. See below for an in-page location hint.