- Azure AD
- App Federation Metadata URL under the SAML Signing Certificate settings in Azure AD
- Account Admin permissions in Bridge
- Client adds Bridge as an Enterprise Application in Azure and sends metadata URL to the IC
- IC or Client enables SAML 2.0 in the instance
- Copy the appropriate fields to Azure and Test Authentication
- Troubleshooting issues
Client adds Bridge as an Enterprise Application in Azure
- Navigate to the Azure Portal
- Select Azure Active Directory -> Enterprise applications -> +New application
- Search for Bridge and click the application with the Bridge logo (usually the first in the list)
- You should be redirected to the Bridge app within Azure (if not go to Azure Active Directory -> Enterprise applications -> All applications -> Bridge)
- Go to Single sign-on
- Then copy the App Federation Metadata Url and send that to your implementation consultant.
IC or Client enables SAML 2.0 in the Bridge instance
- In Bridge, navigate to the account authentication settings (https://<domain>.bridgeapp.com/admin/config/auth)
- Scroll to the SAML 2.0 and click Enable
- Azure AD does not use the Name Qualifiers on Entity IDs by default so you'll likely want to uncheck that box
- Click Save (this will populate the other fields you'll need to add to Azure)
Copy the appropriate fields to Azure and Test Authentication
- Reload the authentication page in Bridge and scroll to the bottom
- Send the ACS URL and the Audience URI fields to the client to have them add them to the Basic SAML Configuration in Azure
- Once that has been saved, be sure to configure the Unique User Identifier in Azure to match the UID for Bridge (the example below is for email)
- Skip SAML Signing Certificate and Set up Bridge because the data was added when the Azure federation metadata was added to Bridge
- Add the test user (and any other users) to the Users and Groups tab.
- Test Single Sign On and verify they were able to log into Bridge.
- "The user I logged in with doesn't have the same permissions and/or my username is weird"
- Verify Unique User Identifier in Azure matches the UID in Bridge
- Check to see if JIT provisioning is turned on
- Check to see if there are duplicate users (this would be a symptom that JIT is turned on for the account or sub-account)
- Entity ID error, if you see this Microsoft error, check that the Entity ID matches (this can change when modifying SAML 2.0 configuration settings in Bridge):
- Bridge settings error (Name Qualifiers)
- User not assigned to Bridge in Azure AD: