Azure AD Self Serve SSO Steps - SAML

In the Azure ADs portal, select Enterprise Applications in the left menu.

Select +New application on the top left of the main panel.

Select +Create your own application on the top left of the main panel

Fill out the following details:

• What’s the name of your app? SingleStore

• What are you looking to do with your application? Integrate any other application you do not find in the gallery (Non-gallery)

Select Create

The application now exists. From the Getting Started panel, select Get started in 2 Set up single sign on.

Select SAML.

Open the ORG:your-org menu on the top and go to Organization Details.

Select the Authentication tab.

Use the Add Identity Provider menu on the right and select SAML 2.0 identity provider connection.

Add a Connection Name, for example, Azure AD SAML..

Copy the Login and Logout URL.

Select Edit next to (1) Basic SAML Configuration.

Select Add Identifier under Identifier (Entity ID) and copy the SingleStore’s Entity ID from the SingleStore Helios Portal.

Under Reply URL (Assertion Consumer Service URL), select Add reply URL.

From the SingleStore Helios Portal copy the URLs:

• SingleStore's Login and Logout URL to Reply URL (Assertion Consumer Service URL

• SingleStore's Logout URL to Logout Url (Optional)

Do not fill in the Sign on URL at this time. Currently, this is not support for SAML connection for Azure AD.

Leave RelayState empty.

Select Save at the top-left of the panel and wait for the action to be complete.

State No, I’ll test later for the validation.

In (3) SAML Certificates, download the Federation Metadata XML.

Scroll down to (2) Identity provider XML and upload the downloaded Federation Metadata XML.

Scroll down to (4) Map User Attributes.  Enter the following values:

• Email: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

• FirstName: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

• LastName: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

Scroll up to (3) Connection settings and add a domain.

Select Save.

Ensure all users have an email address configured in their properties. If they do not, and all of them have a User principal name that is an email ID, then use http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name as the email attribute instead when configuring SingleStore. An email address will only be sent if users are configured with one.

On the Azure AD overview page, assign users and groups by selecting Assign users and groups. At this time, SSO is just authentication, not authorization, so all users can be assigned to the SingleStore application.