SSO Setup with Azure AD in Zephyr
In this tutorial, you’ll learn how to integrate Zephyr Enterprise with Azure Active Directory (Azure AD), which will provide the following benefits:
You can control user access to Zephyr Enterprise directly from Azure AD.
You can enable your users to be automatically signed-in to Zephyr Enterprise with their Azure AD accounts.
You can manage your accounts in one central location - the Azure portal.
If you want to know more details about SaaS app integration with Azure AD, see What is application access and single sign-on with Azure Active Directory.
Prerequisites
To configure Azure AD integration with Zephyr Enterprise, you need an Azure AD subscription.
Important
Zephyr Enterprise supports IDP initiated SSO with SAML 2.0 only
Adding Zephyr Enterprise from the gallery
To configure the integration of Zephyr into Azure AD, you need to add ZephyrSSO from the gallery to your list of managed SaaS apps.
To add ZephyrSSO from the gallery, perform the following steps:
1. In the Azure portal, on the left navigation panel, click Azure Active Directory icon.
2. Navigate to Enterprise Applications and then select the All Applications option.
3. To add new application, click New application button on the top of dialog.
4. In the search box, type ZephyrSSO, select ZephyrSSO from result panel then click Add button to add the application.
Configure Azure AD single sign-on
In this section, you enable Azure AD single sign-on in the Azure portal.
To configure Azure AD single sign-on with ZephyrSSO, perform the following steps:
1. In the Azure portal, on the ZephyrSSO application integration page, select Single sign-on.
2. On the Select a Single sign-on method dialog, select SAML/WS-Fed mode to enable single sign-on.
3. On the Set up Single Sign-On with SAML page, click the Edit icon to open Basic SAML Configuration dialog.
4. On the Set up Single Sign-On with SAML page, perform the following steps:
a. In the Identifier text box, type a URL using the following pattern: https://<SUBDOMAIN>.yourzephyr.com/Zephyrsso
b. In the Reply URL text box, type a URL using the following pattern: https://<SUBDOMAIN>.yourzephyr.com/flex/saml/sso
Fields Needed to be Used in Zephyr to Set the SSO
On the Set up Single Sign-On with SAML page, in the SAML Signing Certificate section, click Download to download the Certificate (Base64) from the given options and save it on your computer.
1. Download the Certificate.
Important
The Test button allows you to check the specified URL. Clicking the button opens a new tab. If the login page of your SSO provider is opened in the tab, you have specified the correct URL.
2. Identity the Provider Issuer ID field.
On the Setup ZephyrSSO section, copy the Azure AD Identifier URL(s) for the Zephyr Identity Provider Issuer ID field.
3. Identity the Provider URL field.
Navigate to the Properties and Copy the User access URL for the Zephyr Identity Provider URL field.
For Auto Provisioning:
For getting Auto Provisioning to work, we should have the proper mapping of the Field in the User Attributes & Claims section.
In Zephyr, the user should provide Claim name to match what was displayed in the User Attributes & Claims section.