To add CloudCheckr FinanceManager to your Azure AD applications:

  1. In your Azure portal, go to the Azure Active Directory service:
  2. In the sidebar, click Enterprise applications:
  3. Click the New application button:
  4. Click the Non-gallery application button:
  5. Enter a name for the new application and click the Add button.
  6. Click the Configure single sign-on (required) button:
  7. From the Single Sign-On Mode dropdown list, select SAML-based Sign-on:
  8. Enter the following details on this page:
    Azure-AD setting Use value
    Identifier CloudCheckr FinanceManager Entity ID / Metadata URL endpoint
    Reply URL CloudCheckr FinanceManager Assertion Consumer Service endpoint
    Show advanced URL settings Checked
    Sign on URL Optional, you can enter URL for CloudCheckr FinanceManager interface
    Relay State Leave empty
    User Identifier Select user.mail
  9. Click the Configure [your application name] button:
  10. A new pane will open with instructions. Navigate to the CloudCheckr FinanceManager SAML configuration (see configuration) and copy the following options from the pane in your Azure portal:
    CloudCheckr FinanceManager SAML setting Use value
    Entity ID SAML Entity ID
    SSO URL SAML Single Sign-On Service URL
    SLO URL Sign-out URL
    X-509 certificate Download the certificate by clicking the SAML Signing Certificate - Base64 encoded link. Open the .cer file with a text editor and remove the text -----BEGIN CERTIFICATE-----, -----END CERTIFICATE----- and all line breaks so you end up with a single-line base64 encoded string

    The CloudCheckr FinanceManager configuration page could look something like this:

  11. Unfold the Advanced menu at the bottom of the screen, and paste the following JSON data:
    "security": {
    "wantXMLValidation": false
  12. In CloudCheckr FinanceManager, click the Update button
  13. In the Azure Portal, click the Save button
  14. Enable Single Sign-On in CloudCheckr FinanceManager by navigating to Administration > Configuration and then clicking on the System tab.
  15. Make sure the Single Sign-On option is set to Enabled, and click the Update button:

    SSO is now configured and enabled, and you can now use Azure AD to login to your CloudCheckr FinanceManager instance. The login screen will look something like this:

    By clicking on the Login button, you’ll be taken to the Azure AD login screen. CloudCheckr FinanceManager will receive the Azure AD e-mail address and create a new user with a minimal set of permissions if no existing user is found.

How did we do?