SSO Setup with Azure AD in Zephyr

In this tutorial, you’ll learn how to integrate Zephyr Enterprise with Azure Active Directory (Azure AD), which will provide the following benefits:

  • You can control user access to Zephyr Enterprise directly from Azure AD.

  • You can enable your users to be automatically signed-in to Zephyr Enterprise with their Azure AD accounts.

  • You can manage your accounts in one central location - the Azure portal.

If you want to know more details about SaaS app integration with Azure AD, see What is application access and single sign-on with Azure Active Directory.

Prerequisites

To configure Azure AD integration with Zephyr Enterprise, you need an Azure AD subscription.

Important

Zephyr Enterprise supports IDP initiated SSO with SAML 2.0 only

Configure Azure AD single sign-on

In this section, you enable Azure AD single sign-on in the Azure portal.

To configure Azure AD single sign-on with ZephyrSSO, perform the following steps:

1. In the Azure portal, on the ZephyrSSO application integration page, select Single sign-on.

1558438094.png

2. On the Select a Single sign-on method dialog, select SAML/WS-Fed mode to enable single sign-on.

1558438091.png

3. On the Set up Single Sign-On with SAML page, click the Edit icon to open Basic SAML Configuration dialog.

1558438088.png

4. On the Set up Single Sign-On with SAML page, perform the following steps:

1558438085.png

a. In the Identifier text box, type a URL using the following pattern: https://<SUBDOMAIN>.yourzephyr.com/Zephyrsso

b. In the Reply URL text box, type a URL using the following pattern: https://<SUBDOMAIN>.yourzephyr.com/flex/saml/sso

Fields Needed to be Used in Zephyr to Set the SSO

On the Set up Single Sign-On with SAML page, in the SAML Signing Certificate section, click Download to download the Certificate (Base64) from the given options and save it on your computer.

1. Download the Certificate.

1558438082.png
1558438079.png

Important

The Test button allows you to check the specified URL. Clicking the button opens a new tab. If the login page of your SSO provider is opened in the tab, you have specified the correct URL.

2. Identity the Provider Issuer ID field.

On the Setup ZephyrSSO section, copy the Azure AD Identifier URL(s) for the Zephyr Identity Provider Issuer ID field.

1558438076.png
1558438073.png

3. Identity the Provider URL field.

Navigate to the Properties and Copy the User access URL for the Zephyr Identity Provider URL field.

1558438070.png
1558438067.png

For Auto Provisioning:

For getting Auto Provisioning to work, we should have the proper mapping of the Field in the User Attributes & Claims section.

In Zephyr, the user should provide Claim name to match what was displayed in the User Attributes & Claims section.

1558438064.png
1558438061.png
Publication date: