Applicable plans
  • Free
  • Plus
  • Business
  • Enterprise

To configure SSO through Microsoft Azure Active Directory (AD), you need to first open the SSO configuration settings through the "Authentication" section of your organization settings.

Next, sign in to the Azure management portal using your Azure AD administrator account. Go to Azure Active Directory > Enterprise Applications > + New application, then choose "Non-gallery application".

Give the app a name (in this case "Zenkit" should work well!), click "Add" and wait for the configuration page to load.

Once it's loaded, you'll need to add a test member, which you can do by clicking "Assign a user for testing".

Ensure the test user is able to log in to your active directory and has already been added to your Zenkit organization. This is so that you can test the SAML configuration later on (if you choose to do so).

Next, click on "Single sign-on" on the left hand panel to set up SSO using SAML.

In step 1, click the pen icon to edit the basic SAML configuration. Enter the Identifier (Entity ID), ACS URL, and optionally the Zenkt Login URL, which you can find in the SSO configuration settings inside Zenkit. Click "Save" then close the panel.

Click the pen to edit the user attributes & claims in step 2.

Click the pen icon to change the Name identifier value, pick 'user.mail' as the source attribute, then click "Save" and close the panel.

Download the Base64 SAML signing certificate found in step 3, and open it using a plain text editor. Copy the entire text and paste it into the X.509 Certificate field in your Zenkit SSO configuration settings. Make sure that you do not modify this certificate in any way, otherwise the authentication will not work.

Copy the Login URL and Azure AD Identifier from step 4 in Azure, and paste them into the Identity Provider Login URL and Identity Provider Issuer fields in Zenkit respectively.

Once everything has been filled out in Zenkit and in Azure, click the toggle at the top of the SSO configuration settings in Zenkit to enable SSO. You can then test to see whether SSO is working from step 5 in Azure.

If you choose to test this way, we recommend that you test using an incognito window, or make sure you're logged out of Zenkit in the browser you wish to test with.