Configuring SSO for Azure

The Clumio service can integrate with Azure for seamless user authentication. Please follow the below steps to configure Azure IDP as a Single Sign On service for Clumio.

Prerequisites

Ensure that you have the following before you start configuring Azure:

  • Azure account with admin privileges
  • Clumio account with Super Admin Role

Enable Azure Integration with Clumio

In Azure

  1. Log into your Azure portal and click on Azure Active Directory.
  2. Navigate to Enterprise Applications from the left-hand side tabs.
  3. Click +New application at the top.
  4. Click +Create your own application at the top.
  5. Provide a name for your application and click Create.
  6. Click Set up Single Sign-on.

6.png

  1. Select **SAML

7.png**

  1. Under Basic SAML Configuration click Edit.

Screenshot_2023-03-06_at_6.36.29_PM.png

  1. Get the Audience Restriction, Assertion Customer Service (ACS) URL(Reply URL), and Sign-On URL from Clumio (see step 4).
  2. Under Basic SAML Configuration paste the Assertion Customer Service (ACS) URL, and Sign-On URL obtained from the Clumio dashboard, as shown below. Click Save. Ensure that the ACS ending in '/idpresponse' is selected as the default.

Screenshot

  1. After you save the configuration, close the Basic SAML Configuration section. Navigate to the SAML Signing Certificate section and copy the App Federation Metadata Url field OR download the Federation Metadata XML. This will be needed in Clumio.

10.png

  1. Click on Edit under the User Attributes and Claims section.
  2. Ensure that the Required Claim maps to Email Address and the value is either user.mail or user.userprincipalname based on your organization's use.
  3. Click Save.
  4. The Azure side configuration is done! Over to Clumio.
  5. Once SSO has been activated, go back to Basic SAML Configuration and change the other Reply URL to default and click Save.

In Clumio

  1. Log on to Clumio.
  2. Navigate to Settings > Access management > Authentication (SSO/MFA).
  3. Click Configure SSO under Strategy.
  4. Copy the Audience Restriction, Assertion Customer Service (ACS) URL, and the Sign-On URL. This will be needed for the IdP side setup. 
  5. Scroll down and upload the metadata retrieved from the IdP. You can either use the URL, upload the metadata XML file, or configure it manually. 
  6. Next click Save Configuration.
  7. Click Test with my Account. This opens a new tab to test the SSO connection.
  8. Once the above step is successful, click on Activate SSO. Please note that this step is important for SSO enablement.
  9. Check the box to send emails if you wish to notify all users of the SSO enablement, else click Enable.

Note: For any user to utilize Clumio login through Azure SSO, the user needs to be explicitly added in the Clumio UI; Settings > Access management > Users and should be assigned to the Clumio SAML Application created in Azure Directory.