SAML Corteza Integration with Azure

To enable SAML SSO on Corteza through Microsoft Azure, you need to create a new application on Azure as well as configure it on the Corteza Admin web application.

The values used in the screenshot and the table are for informational use only and should be changed to reflect your instance settings.

Prerequisites

Certificates

Corteza requires you to provide a certificate and private key combination. You’ll need to either provide an existing pair or generate a new one.

To generate the required parameters you can use the following commands:
# This generates a private key
openssl genpkey -algorithm RSA -out private.key -pkeyopt rsa_keygen_bits:2048

# This generates a self-signed certificate using the private key
openssl req -new -x509 -key private.key -out certificate.crt -days 365

# This packs everything into a .pfx file
openssl pkcs12 -export -out certificate.pfx -inkey private.key -in certificate.crt

The .pfx file requires you to provide a password. Make sure you use something secure and note it down as you’ll need it later.

Configuring Microsoft Azure

Creating an Azure Application

Navigate to https://portal.azure.com/ and login to your Azure account (if you don’t have an account, create one before continuing). On the home page, click on the Enterprise applications button.

Annotated image

On the list of applications (if your application doesn’t already exist), click on the New application button. If you’ve already created an application, you can skip the app creation step

Annotated image

Click on the create your own application and fill in the app name. Select the Integrate any other application you don’t find in the gallery (non-gallery) option and click on the create button.

Annotated image

Configuring SAML

On the overview page, click on the set up single sign on

Annotated image

Then click on the SAML option which takes you to the SAML-base sign-on configuration screen.

Annotated image

Under the "basic SAML configuration" section, click on the edit button and insert the following:

Annotated image

On the SAML-based sign-on config screen, on the "SAML Certificates" click on the edit button and then on the Import Certificate button. Provide the .pfx file we generated at the beginning.

Annotated image

After the certificate is provided, click on the three vertical dots to expand the menu, then mark the certificate as active.

Annotated image

Click yes on the watning popup to complete certificate activation.

Annotated image

Configuring Corteza

Navigate to your-corteza-instance.tld and log in to your Corteza instance. On the home page, click on the Admin Area application.

Annotated image

In the navigation drawer, click on the System  Auth Settings and navigate to the "External Authentication Providers" section. Locate the SAML provider and click on the wrench icon to open the configuration modal.

Annotated image

Provide the following parameters:

Annotated image
Annotated image

Click on the Ok button and submit the external authentication provider changes.

Annotated image

End Result

Open a private window or a different browser, then navigate to your Corteza instance. If everything is configured correctly, you should see the new login option in the centre of the screen.

Annotated image