Microsoft Azure AD
Configure Single Sign-On (SSO) with Microsoft Azure Active Directory to enable seamless authentication for your ept AI users using their existing Azure AD credentials.
Back to Integrations Overview
Overview
The Microsoft Azure AD SSO integration enables your ept AI users to:
- Sign in using their existing Azure AD credentials
- Access ept AI without creating separate accounts
- Benefit from Azure AD's enterprise security and compliance features
- Use Azure AD's multi-factor authentication (MFA) and conditional access policies
This integration supports SAML 2.0 authentication and integrates with Azure AD's comprehensive identity management capabilities.
Prerequisites
Before setting up the Azure AD SSO integration, ensure you have:
- Azure AD: Active Azure Active Directory subscription
- Admin Access: Azure AD administrator access
- ept AI Setup: Your ept AI instance configured and ready
- Domain Control: Ability to configure DNS records for your domain
Setup Instructions
Step 1: Register Application in Azure AD
-
Create New App Registration:
- Log into the Azure portal
- Navigate to Azure Active Directory > App registrations
- Click "New registration"
-
Configure Application:
- Name: "ept AI"
- Supported account types: Choose appropriate option for your organization
- Redirect URI:
https://your-ept-ai-domain.com/saml/acs - Click "Register"
-
Configure SAML Settings:
- Navigate to Authentication
- Add platform configuration for web application
- Configure redirect URIs and logout URLs
Step 2: Configure SAML in Azure AD
-
Set Up SAML:
- Navigate to Enterprise applications > All applications
- Find your ept AI app registration
- Go to Single sign-on > SAML
-
Configure Basic SAML Configuration:
- Identifier (Entity ID):
https://your-ept-ai-domain.com/saml/metadata - Reply URL (Assertion Consumer Service URL):
https://your-ept-ai-domain.com/saml/acs - Sign on URL:
https://your-ept-ai-domain.com
- Identifier (Entity ID):
-
Configure User Attributes:
- Map Azure AD attributes to ept AI user properties:
user.mail -> email
user.givenname -> firstName
user.surname -> lastName
user.groups -> groups
Step 3: Configure ept AI for Azure AD SSO
-
Access SSO Settings:
- Log into your ept AI admin dashboard
- Navigate to Configuration > Users > SSO Settings
- Click "Configure SSO"
- Select "Microsoft Azure AD" as the SSO provider
-
Configure SAML Settings:
SSO Provider: Microsoft Azure AD
Entity ID: https://your-ept-ai-domain.com/saml/metadata
ACS URL: https://your-ept-ai-domain.com/saml/acs
Signing Certificate: [Download from Azure AD]
Configuration Options
Authentication Settings
- SAML 2.0: Full SAML 2.0 protocol support
- Conditional Access: Integrate with Azure AD conditional access policies
- Multi-Factor Authentication: Leverage Azure AD MFA capabilities
- Session Management: Configure session timeouts and renewal
User Provisioning
- Just-in-Time (JIT): Automatically create users on first sign-in
- Attribute Mapping: Map Azure AD attributes to ept AI user properties
- Group Synchronization: Sync Azure AD groups to ept AI roles
- User Updates: Automatically update user information from Azure AD
Use Cases
Enterprise Authentication
- Centralized Identity: Use existing Azure AD accounts for ept AI access
- Security Compliance: Meet enterprise security and compliance requirements
- User Management: Leverage Azure AD's user lifecycle management
- Access Control: Use Azure AD policies for conditional access
Multi-Factor Authentication
- MFA Integration: Leverage Azure AD's MFA capabilities
- Conditional Access: Use Azure AD's conditional access policies
- Device Trust: Integrate with Azure AD's device trust features
- Risk-Based Authentication: Use Azure AD's risk-based policies
Best Practices
Security Configuration
- Certificate Management: Regularly rotate SAML signing certificates
- Attribute Security: Only request necessary user attributes
- Access Policies: Configure appropriate conditional access policies
- Audit Monitoring: Monitor SSO authentication logs regularly
Integration Management
- Testing: Regularly test the SSO integration
- Documentation: Maintain up-to-date configuration documentation
- Monitoring: Monitor integration health and performance
- Updates: Keep both Azure AD and ept AI updated
Troubleshooting
Common Issues
Authentication Failures:
- Verify SAML certificate is valid and not expired
- Check attribute mapping configuration
- Verify ACS URL and Entity ID match exactly
- Review Azure AD application configuration
User Provisioning Issues:
- Check attribute mapping in both Azure AD and ept AI
- Verify user attributes are being sent correctly
- Review user creation and update rules
- Check group synchronization settings
Getting Help
- Azure AD Documentation: Azure AD SAML Configuration
- SAML Testing: SAML Tracer browser extension
- Support: Contact support@ept.ai for integration assistance
Related Resources
-
Users - Manage user access and permissions
-
Microsoft Teams Integration - Microsoft Teams platform integration
-
Okta Workforce Integration - Alternative enterprise SSO option