Prolaborate and Azure AD SAML Integration
April 26, 2022
Prerequisites
Your Prolaborate site should have a valid SSL Certificate.
If you don’t have an SSL Certificate, you can create a self-signed certificate yourself. Please get in touch with the Prolaborate team to know more about it.
Service Provider Configuration
To configure the Service Provider, click on Menu → SAML Single Sign On
From the top of the page that opens, click on Enable SSO
Under Service Provider Configuration
| Name | The name will be prefilled |
| Assertion Consumer URL | Assertion Consumer URL will be Prefilled |
| Certificate File | Choose the .pfx file of your SSL certificate |
| Certificate Password | Enter the Password of the .pfx file |
Configuring Prolaborate in Azure Active Directory
The following sections will elaborate on the steps involved in setting up Prolaborate in Active Directory (AD).
Create a new SAML Application
To create a SAML application, follow the below steps:
Sign in to the Azure portal using your administrator account
Click on Browse to the Azure Active Directory on the landing page
On the landing page click on Enterprise Applications.
Now click on New Application
You will land In the Browse Azure AD Gallery, now click on Create your own application.
Note:
- Users can either use new app gallery or legacy app gallery to create an application
Create Application using New App Gallery (Recommended approach)
On the Create your own application form, enter the name of the app (i.e Prolaborate)
Make sure the default radio button option “Integrate any other application you don't find in the gallery (Non-gallery)” is selected and click on Create
Create Application using Legacy App Gallery (Alternate to above approach)
Click on Click here to switch back to the legacy app gallery experience.
On the Add an application page, choose the Non-gallery application.
Now you will land on the Add your own application page. Enter the name of the app and then click Add
Assign Users
In this section, we will specify which AD users can access Prolaborate.
Once your application is created you will land on the Overview page and then select Assign users and groups
You will land on the users and groups page and now click on Add user/group
On the Add Assignment page by default no user will be selected to add users to the application click on None Selected under Users.
Now click on the users from the list whom do you want to add as users and click on Select
Now click on the Assign
The users whom we have selected will now show up on the Users and groups page.
SAML Single sign-on Configuration
Follow these steps to configure SAML Single sign-on and get the required information that is needed to configure from the Prolaborate part:
Click the Single sign-on option and select SAML
On the Set up Single Sign-On with SAML page click on the Edit icon under the Basic SAML Configuration
In the Basic SAML Configuration page enter the details in the respective fields as mentioned in the below table.
| Identifier (Entity ID) | In this field copy & paste the Name from the Prolaborate Service Provider configuration |
| Reply URL (Assertion Consumer Service URL) | In this field copy & paste the Assertion Consumer URL (ACU) from the Prolaborate Service Provider configuration |
| Logout Url | In this field copy & paste the Sign Out URL from the Prolaborate Service Provider configuration |
After entering the details click on Save.
You will then land on the below page on the successful configuration of SAML.
Configure Attributes Mapping in Prolaborate
To configure the Attribute Mapping in Prolaborate click on Edit Icon on the Attributes & Claims on the Set up Single Sign-On with SAML page.
Copy the Attributes & Claims values from Azure AD and need to paste them into Prolaborate Attributes Mapping
Attribute Mappings should be configured as below:
Please fill the below value in the Prolaborate Application
To enter the value, change the Attribute mapping from Default to Custom
Below is the reference screenshot for Attribute mapping in prolaborate.
| First Name | user.givenname (Copy the claim name from the Additional claims - Azure Page; part of the Attributes & Claim page and paste it into the Prolaborate Attribute mapping section of the Identiy Provider setup.) |
| Last Name | user.surname (Copy the claim name from the Additional claims - Azure Page; part of the Attributes & Claim page and paste it into the Prolaborate Attribute mapping section of the Identiy Provider setup.) |
| user.userprincipalname (Copy the claim name from the Additional claims - Azure Page; part of the Attributes & Claim page and paste it into the Prolaborate Attribute mapping section of the Identiy Provider setup.) | |
| Group | user.usergroup (Copy the claim name from the Additional claims - Azure Page; part of the Attributes & Claim page and paste it into the Prolaborate Attribute mapping section of the Identiy Provider setup.) |
Download Signed Certificate for upload
- Download Certificate (Base64) file. This certificate will be used in the Identity Provider configuration in Prolaborate
- Download Federation Metadata XML . You can avail Entity ID URL and Single Logout Service URL from this file, which will be used as Name and Sign out URL in Identity Provider configuration in Prolaborate
- can be ignored
- can be carried out only after Identity Provider Configuration is done in Prolaborate
Configure Identity Provider in Prolaborate
Go back to Prolaborate, and click on Menu →SAML Single Sign On. Follow the steps to fill in the details in Identity Provider (IDP) Configuration.
Fill the Name field using the Entity ID URL from the downloaded Federation Metadata XML file (Refer to section SAML Signing Certificate)
Sign In URL will be the Login URL availed from the Set up My Prolaborate tab as shown below.
Fill the Sign Out URL field using Single Logout Service URL from the downloaded Federation Metadata XML file (Refer to section SAML Signing Certificate)
Certificate File: Choose the .cer file downloaded in the SAML Signing Certificate section.
Configure Default Access Control Profile in Prolaborate
Access Control Profiles let you define repository access rules and default user group membership for users added via SSO or Sign up.
Create Profile
To create an Access Control Profile, click on Menu → Access Control Profiles under portal settings.
Access Control Profiles lists profiles which are created earlier. To create a new profile, click on Create Profile to create a profile
When you click on Create Profile you will land on the below page.
| Name | Give a suitable name for the profile |
| Include All Repositories | If you choose this, users who are logging in through SSO or Sign up will get access to all the repositories. |
| Choose Specific Repositories | This will let you choose the Repository and the corresponding User Group Membership and the user who is logging in through SSO or Sign will get access based on the user groups they are added to. |
Now click on Save.
Now, go back to the SAML Settings page.
Select the newly created profile and click Save.
Log in with Azure AD Credentials
Once the configuration is done, your users will start to see a new button on the login page called Login with SSO.
When users click on Login with SSO, they will be redirected to an URL as per configuration.
Now choose the Azure AD credentials to login to Prolaborate.
Logging out from Prolaborate
When a user logs out from Prolaborate, the user will be logged out from all applications signed in using their SSO credentials.