Setting up Azure AD SSO

Availability: Enterprise Edition for users with Owner permissions

Azure Active Directory (AD) is one of the SAML integrations supported by the Enterprise Edition of Faros SaaS. This guide describes the steps for configuring Azure AD with Faros SaaS deployment. The configuration can include binding Faros user roles to Azure AD organizational units or groups.

Add a SAML Application

📘

Prerequisites

An Azure AD user account with a Global Administrator role, a Cloud Application Administrator role, or an Application Administrator role

First, add an enterprise application to an Azure AD tenant by following these steps:

  1. Sign in to Azure Active Directory Admin Center. Note that your account must be authorized to add an application (see prerequisites above).
  2. In the left menu, choose Enterprise applications which opens the All applications pane, displaying a list of the applications in the Azure AD tenant.
  3. In the Enterprise applications pane, choose the New application option which opens Browse Azure AD Gallery pane, displaying tiles for on-premises applications, featured applications, and cloud platforms
  1. Search the gallery for Azure AD SAML Toolkit.
  1. Click on Azure AD SAML Toolkit to create new SAML application and name it Faros AI, then click Create.

Configure SSO for a SAML Application

  1. In a separate browser window log in to Faros and then click on the profile icon in the top right corner of the window. Choose Workspace Settings option from the drop down menu, then click the SSO option under Workspace (available to users with Faros Owner role only).

  1. Select Add New and choose SAML for connection type. Note ACS URL and Entity ID values. You will need these when configuring Azure AD SSO next.

  2. Return to the Azure Active Directory Admin Center. In the left menu, choose Enterprise applications which opens the All applications pane, displaying a list of applications in the Azure AD tenant. Search for and choose Faros AI application you created earlier.

  3. In the left menu, under the Manage section choose Single sign-on to configure SSO for the Faros AI application

  4. Choose SAML to open the SSO configuration page.

  5. Click on the Edit icon next to Basic SAML Configuration to edit the settings.

  1. Fill in Identifier (Entity ID) field with the value of Faros Entity ID noted in previous steps.
  2. Fill in Reply URL field with the value of Faros ACS URL noted in previous steps.
  3. Fill in Sign on URL with <https://app.faros.ai/account/login>
  4. Click Save
  1. In the SAML Certificate section of the Single sign-on pane, find Federation Metadata XML and choose Download to download and save the certificate xml on your computer.
  2. Return to the browser's window with Faros application UI, SSO setup and upload the certificate metadata xml.
  1. Click Proceed and enter the domain of your emails. These will be the emails that can login to Faros via Azure AD SSO. After clicking Proceed you will be provided a TXT record. Add it to your DNS.

  1. Choose default SSO Faros roles (e.g, User role) to be assigned to all Faros users in the Azure AD. More information on roles here. Note that the default SSO roles can be overwritten by the mappings in the Roles Groups Mapping section. To enable groups to roles mapping, groups attribute should be configured in Azure AD SAML Attributes & Claims section populated with users.groups value.
10801080