Configure Azure AD as SAML IdP for Infiniti

Applies to Infiniti v9.4.4 or later
 

1.      Prerequisites

a.       Infiniti 9.4.4 installed and functional on forms authentication.
b.       Microsoft Azure account with an Active Directory (AD) configured with at least 1 user.
c.       Infiniti installation with both Manage and Produce configured for https. This can be a self-signed certificate, be aware that browsers will throw a warning to the user to this effect.

2.      Add Produce as an Application in Azure AD

From within Azure Management Portal (Classic) open Active Directory and Select the AD you wish to add the Infiniti applications to. In this screenshot the AD is named InfinitiTest.

 
Click the Applications Tab to show all applications in AD.
Click Add at the bottom of the screen

 
Select “Add an application my organization is developing." This is because Infiniti is not listed on the Azure Gallery yet.

 
Complete the wizard, the Name of the application is what will show up within the Office 365 Applications area so it should reflect what you want the users to see.

 

 
 
Configure the Sign-on URL and APP ID URI to the root of the Produce application you have configured.

The App ID URI will be the Produce Entity Id in the SAML Configuration of Section 6.
 
Produce Entity Id:  https://infiniti.yourcompany.com/Produce
 
Completion of the wizard will return you to a screen like this, click Configure

 
 
Update the Reply URL by appending /samlauthenticate.aspx to the URL. The final reply URL should be of the form: https://infiniti.yourcompany.com/Produce/samlauthenticate.aspx
 
Scroll to the bottom to see the Upload Logo.
 

 
Upload the given image.

Click Save on the applications screen.


3.      Add Manage as an Application in Azure AD

The steps are identical for setting up Manage except the Sign on URL and App ID URI will reflect the Manage application. This will also form the Manage Entity Id for the SAML Configuration in Section 6.
Manage Entity Id:  https://infiniti.yourcompany.com/Manage

4.      Build Endpoints

From either of the application screens you’ll need to click View Endpoints to show this screen.

 
For the Infiniti SAML configuration in Section 6 you’ll need to copy the SAML-P Sign-on Endpoint as it will be the Identity Provider Login URL to Infiniti.
 
In this example the SAML-P Endpoint is:
 
The bold section is the unique identifier for this Azure AD which will appear in the Issuer Id also.
Copy the Federation metadata document URL and open it with the browser.

 
The entityId in this document will be the Issuer Id for the SAML Configuration in Section 6.
Issuer Id:  https://sts.windows.net/d788d8ae-eac4-4070-a547-987dcfa5481c/
Leave the document open and move to section 5.

5.      Create certificate

Copy contents of the highlighted <X509Certificate> node into a text document save it and rename the file as saml.cer

6.      Configure Intelledox Infiniti for SAML

Open Manage -> Settings -> Single Sign on tab
Check the SAML 2.0 checkbox and complete the entries created in the previous steps:

 
Upload the certificate with the Choose File Button.
 
Click Save.
 
Now when either the Produce or Manage URL is hit it will redirect to the Microsoft Login Page and any application and access rules within the Azure AD will be used to grant or revoke access to Infiniti.

 

Related Articles

 

Keywords

azure cloud