This user guide shows you how to enable IdP Initiated SAML SSO in Azure AD. It demonstrates how to how to setup Azure AD and then send required information to Dubber’s Support team at firstname.lastname@example.org
Azure SSO Setup
To begin SSO setup, access your Azure environment and create their Enterprise Application and select the option to use Single Sign On.
On the “Home” screen, click the “Azure Active Directory” button.
The “Overview” screen for Azure Active Directory appears.
In the menu on the left, click on “Enterprise applications”.
The “Enterprise Applications” screen lists all your existing applications.
Click the “New application” button.
The “Browse Azure AD Gallery” screen appears.
Create Your Own Application
Click on “Create your own application”.
The “Create your own application” form appears on the right side of the screen.
In the “Input name” field, specify a name for your application.
Select the “Integrate any other applications you don’t find in the gallery (Non-gallery)” option and click on the “Create” button.
After your application is created, Azure shows an “Overview” screen.
In the “Getting Started” section, go to “Set up single sign on” and click on “Get started”.
The “Single sign-on” screen appears.
Under “Select a single sign-on method”, click on “SAML”.
The “SAML-based Sign-on” screen appears.
Basic SAML Configuration
In the “Basic SAML Configuration” section, click the “Edit” button.
On the right side of the screen, the “Basic SAML Configuration” form opens.
Click on “Add identifier”. In the “Add identifier” field specify the “Identifier (Entity ID)”.
Click on “Add reply URL”. In the “Add reply URL” field specify the “Reply URL (Assertion Consumer Service URL)”.
These values are based on the region of the connection. Use the values exactly as shown here.
|Region||Identifier (Entity ID)||Reply URL (Assertion Consumer Service URL)|
Click the “Save” button.
User Attributes & Claims
In the “Attributes and claims” section, click the “Edit” button.
The “Attributes and Claims” screen opens.
In the “Required Claim” section, click on the claim name.
The “Manage claim” screen appears.
Set the “Name identifier format” to Email. Set the “Source attribute” to an email format, for example “user.mail”. Although “Unspecified” is supported, Dubber recommends you use an email address for account level SSO authentication.
Add a transformation rule to convert email to lower case if they are not stored in lowercase. Click on the “Transformation” option to open the “Manage transformation” panel. In the “Transformation” menu select “ToLowercase()”, and in the “Parameter 1” menu select “user.mail”. Click the “Add” button.
If your emails are not stored in lowercase, add a transformation rule to convert them to lower case.
Close the “Attributes and Claims” panel and return to the “SAML-based Sign-on” screen.
SAML Signing Certificate
Scroll down to the “SAML Signing Certificate” section, and click the “edit” button.
Dubber supports three SAML signing options in the “Signing Option” menu to configure how the SAML Response is signed. We recommend you select “Sign SAML response and assertion” because it is most secure option. After you select a Signing Option, you are advised not change it.
Click the “save” button and then close this panel to return to the “SAML-based Sign-on” screen.
This completes the Azure AD setup for Dubber.
Dubber SSO Setup
To complete the Dubber setup, send Dubber your Azure AD MetaData url or the MetaData file downloaded from the url. Dubber also needs to know which option you selected for the SAML Response signing option.
Raise a Support Request
In the “SAML Signing Certificate” section, c lick the “C opy” button on the right side of the “App Federation Metadata Url” field.
Create an email to email@example.com and paste in the URL. This raises a support request, and then a Dubber Support agent will manage the implementation of SSO for your account. After Dubber has received the necessary information, Dubber initiates configuration. When configuration is complete, Dubber advises the customer that the implementation is ready for testing.
Assign Users and Groups
To assign a user or a group to the application, go to the “Manage” menu on the left and click on “Users and Groups”.
On the “Users and Groups” screen, click on the “Add user/group” button.
The “Add Assignment” screen appears.
It is important to note that if your plan level allows for groups, you can assign groups or users to the application. If you have a free plan, you can assign users but not groups.
This example shows how to assign users. The process for assigning groups is similar.
Click on “None Selected”.
The “Users” panel opens on the right of the screen.
Click on a user in the list, then click the “Select” button.
The “Add Assignment” screen updates to say “1 user selected”.
Click the “Assign” button.
The list on the “Users and Groups” screen updates. Now it includes the user or group you assigned.
When setup is complete, the customer can force the use of SSO for their users. Only account administrators can do this.
Login to the Dubber portal, and select the “Account” menu option.
On the “My Account” screen, go to the “People” tab. Select the “Force SSO All Users” option to force every user to use SSO and disable authentication access in the Dubber portal.
You can use the button on the right of each user in the list to force or unforce individual users.
Customer Access URL
Users with forced SSO set are unable to access the Dubber web portal using the region public url. Instead, they need to login to the customer’s IdP. Go to the “Properties” page for the application and click the “Copy” button next to the “User access URL” field. Paste the URL into a web browser to go to the user’s MyApps page at https://myapps.microsoft.com/