SSO with Azure AD SAML

Azure AD SAML Integration with LeanIX SMP

Information

This documentation is deprecated. Refer to it only if your Authentication & Authorization is still configured via the legacy SMP interface. Please refer to Authentication & Authorization for the latest documentation on Authentication & Authorization.

Create a new Enterprise Application in AzureAD

  1. Login to your Microsoft Azure Active Directory and go to Enterprise Applications, click New Application

  1. Select Create your own application

  1. Enter LeanIX SMP to name field and select Integrate any other application you don’t find in the gallery and then click Create

  1. When LeanIX SMP enterprise application is added select 2. Set up single sign on.

  1. Then select SAML single sign-on method

  1. For Set up Single Sign-On with SAML step you will need data from LeanIX SMP settings. Select Custom (SAML) option for Single Sign On.

In Azure AD select Edit under Basic SAML Configuration:
● Copy Identifier (Entity ID) value from LeanIX SMP and paste it in Azure AD field Identifier (Entity ID) _field and set it as _Default.
Copy Reply URL value from LeanIX SMP and paste it in Azure AD field Reply URL (Assertion Consumer Service URL) and set it as Default.
● Copy Single Sign On URL value from LeanIX SMP and paste it under Sign on URL.

Click Save.

  1. Under SAML Signing Certificate download the Federation Metadata XML as you will need to upload this file into LeanIX SMP.

Setup LeanIX SMP AzureAD SAML SSO

  1. In Account settings SSO settings in LeanIX SMP, select Custom (SAML) and upload the file you downloaded before from Azure AD, under Provider metadata.

  1. Set Allowed domains (e.g. your-company.com or login.microsoftonline.com) from which are users allowed to sign in.
  2. Last, click on Enabled checkbox and Save changes for SAML button and
  3. You should be able to sign in to LeanIX SMP using AzureAD. In case of misconfiguration please use username/password to sign into LeanIX SMP to modify your configuration.