To set up Crowdin Enterprise SAML SSO in your Microsoft Azure, follow the steps below.
Add Confluence SAML SSO by Microsoft from the Gallery
- Open the Azure portal using an administrator account.
- On the left navigation panel, select the Azure Active Directory service.
- Navigate to Enterprise applications and select All applications.
- To add a new application, clickaddNew application.
- In the Add from the gallery section, type Confluence SAML SSO by Microsoft in the search box.
- Select Confluence SAML SSO by Microsoft from the results panel and then click Add. Wait a few seconds while the app is being added.
Configure Azure AD SSO
Follow these steps to enable Azure AD SSO in the Azure portal.
- As soon as the application is added, you’ll be redirected to its Overview page. On the Confluence SAML SSO by Microsoft application Overview page, find the Manage section and select Single sign-on.
- On the Select a single sign-on method page, select SAML.
- On the Set up single sign-on with SAML page, copy the Login URL, Azure AD Identifier from the Set up Confluence SAML SSO by Microsoft section, and download the Certificate (Base64) from the SAML Signing Certificate section.
- In a separate browser tab or window, log in to your Crowdin Enterprise Organization, open the Organization Settings > Authentication page, and click on SAML at the bottom of the Authentication methods list.
- Enter the information you copied in Step 3 (paste in the Login URL in the SAML SSO Endpoint field, Azure AD Identifier in the Identity Provider Issuer field, and drag and drop your certificate file to the Public Certificate field), click Save.
- You’ll be redirected back to the Organization Settings > Authentication page. Select the checkbox next to the SAML in the bottom of the Authentication methods list and then click on SAML.
- On the SAML Single Sign-On page, copy the Service Provider Issuer, SAML SSO Endpoint, and Start URL from the Credentials section.
- Switch back to the Set up Single Sign-On with SAML page on your Azure portal and click edit on the Basic SAML Configuration section.
- Enter the information you copied in Step 7 (paste in the Service Provider Issuer in the Identifier (Entity ID) field, SAML SSO Endpoint in the Reply URL (Assertion Consumer Service URL) field, and Start URL in the Sign on URL field), click Save.
- Click edit on the User Attributes & Claims section.
- Click on the claim in the Required Claim section.
- On the Manage claim page, select Persistent for the name identifier format and select user.mail for the Source attribute field, click Save.
- Go back to the Set up Single Sign-On with SAML page and click edit on the SAML Signing Certificate section.
- Select Sign SAML response and assertion for the Signing Option, click Save.
Authentication Method Settings
Depending on the authentication method you use in the Azure portal, in some cases, it might be necessary to change the default value for the
AuthnContextClassRef parameter on the SAML Single Sign-On page in Crowdin Enterprise.
Select the appropriate value from the table below.
|Authentication Method ||Authentication context class URI (AuthnContextClassRef) |
|Password protected transport (username and password) ||urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport |
|Transport Layer Security (TLS) client ||urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient |
|X.509 certificate ||urn:oasis:names:tc:SAML:2.0:ac:classes:X509 |
|Integrated Windows authentication ||urn:federation:authentication:windows |
|Kerberos ||urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos |
In this section, you’ll enable users to use Azure single sign-on by granting access to your Crowdin Enterprise Organization.
- In the Azure portal, select Enterprise Applications, and then select All applications.
- In the applications list, select Confluence SAML SSO by Microsoft.
- In the app’s overview page, find the Manage section, and select Users and groups.
- Click Add user, then select Users and groups in the Add Assignment dialog.
- In the Users and groups dialog, select your own account from the Users list to be able to test the SAML SSO, then click the Select button at the bottom of the screen. The same way you’ll be able to assign more users anytime.
- On the Confluence SAML SSO by Microsoft application Overview page, find the Manage section and select Single sign-on.
- Scroll down to the Test single sign-on with Confluence SAML SSO by Microsoft section and click Test.
- On the right-side pane, click Sign in as current user. After your login credentials are authenticated, you’re automatically redirected to Crowdin Enterprise.