Single sign-On with Azure

Overview

This step-by-step guide explains how to set up Single Sign-On in CodeScan with Microsoft Azure Active Directory (AD) as your SAML 2.0 Identity Provider (IdP).

When you integrate CodeScan with Azure AD, you can:

  1. Control in Azure AD who has access to CodeScan

  2. Enable your users to be automatically signed in to CodeScan with their Azure AD accounts

  3. Manage your accounts in one central location - the Azure portal.

Prerequisites

To get started, you need the following items:

  1. Microsoft Azure account with Azure AD Premium activated.

  2. Administrator level access to CodeScan and Azure AD to configure SSO.

  3. Enable Single sign-on in CodeScan.

  4. Add CodeScan as a non-gallery application in Azure.

Instructions

Step 1: Enabling Single Sign-On in CodeScan

Before configuring SSO in Azure AD, you must enable SSO in CodeScan.

  1. In CodeScan, click on the Profile icon on the right corner of the screen and select your organization (under My Organizations). image.png

  2. Go to Administration > SAML Connections. image.png

  3. Click on Create Connection. image.png

  4. In the Connection name field, enter the identity provider name as you want to appear (use only Latin characters without spaces and any special characters). Example- AD-SAML

  5. Enter a valid domain name of the organization in the Corporate domain field that can be authenticated in the Identity Provider. This property cannot be updated after SAML Connection creation. Example- In case of abc@autorabit.com, the corporate domain will be autorabit.com.

  6. Keep the Enforce SSO checkbox unchecked for now. You can enable Enforce SSO later when your domain has been confirmed. Once enabled, only SSO authentication will be allowed for email addresses of your corporate domain.

    Point to Note:

    1. Enforcing SSO affects both login and signup. Existing Auth0 users won't be able to login.

    2. Signup with email domain same as corporate domain won't be allowed.

    3. If the Enforce SSO checkbox is enabled prematurely, it will prohibit all users in their organisation from accessing CodeScan. Consider enforcing SSO only after admins have logged in to CodeScan using SSO.

  7. Keep the SAML Connection status checkbox as Enabled and click on Create button. image.png

  8. You will be able to see the Metadata URL generated for your SSO configuration. Keep the current page open while you continue to add the CodeScan app to Azure AD. image.png

Step 2: Configuring Azure

  1. Log in to the Azure portal (https://portal.azure.com/). In the left-hand menu, click Azure Active Directory > Enterprise applications. image.png

  2. Select All applications under the Manage section.

  3. Click + New application at the top of the screen. image.png

  4. On the next screen, click on the + Create your own application button. image.png

  5. Enter the name of the app as CODESCAN and choose the third option i.e., Integrate any other application you don't find in the gallery (Non-gallery). Click Create. image.png

  6. Once the CodeScan application is created, click on Single sign-on under the Manage section. image.png

  7. On the Select a Single sign-on method dialog, select SAML mode to enable single sign-on. image.png

  8. On the Set up Single Sign-On with SAML page, click the Edit (pencil) icon for Basic SAML Configuration to edit the settings. image.png

  9. On the Basic SAML Configuration section, perform the following steps:

    1. In the Identifier (Entity ID) field, enter the connection_id in this field. Example: AD-SAML

    Where can I find my connection_id?

    Your connection_id will be available in the Metadata URL generated inside CodeScan.

    For example: Metadata URL- https://app.codescan.io/_codescan/saml2/metadata/AD-SAML Connection_Id- AD-SAML

    1. In the Reply URL field, enter the URL in the below format: {instanceurl}/codescan/login/saml2/sso/{connection_id} For example: If your instance URL is https://app.codescan.io and the connection_id is AD-SAML, your Reply URL would be https://app.codescan.io/_codescan/login/saml2/sso/OKTA-SAML image.png

    2. Click Save and close the dialog box.

  10. Click the Edit (pencil) icon for Attributes & Claims to edit the attributes settings. image.png

  11. On the Attributes & Claims section, delete the auto-generated claims available in the Additional claims section. image.png

  12. Next, click on + Add New Claim. image.png

  13. In the Manage Claim page, fill in the below details:

    NameSourceSource Attribute

    saml_email

    Attribute

    user.mail

  14. Click Save.

  15. Follow similar steps to add two more claims as mentioned in the below table:

    NameSourceSource Attribute

    saml_username

    Attribute

    user.mail

    saml_name

    Attribute

    user.displayname

    image.png
  16. Close the dialog box and navigate to Users and groups section. Click on + Add user/group button to assign users and groups to app-roles for the CodeScan application.

  17. Click on Single sign-on to navigate back to the Set up Single Sign-On with SAML page.

  18. In the SAML Certificate section, find Certificate (Base64) and select Download to download the certificate and save it on your computer.

    Point to Note:

    Open the above downloaded certificate into your Notepad++, you will need to copy and paste the certificate into the CodeScan application while carrying out SAML configuration.

  19. In the SAML Certificate section, find Federation Metadata XML and select Download to download the certificate and save it on your computer.

Step 3: Configuring in CodeScan SAML Connection

Now that your Azure SSO implementation is set up, you’ll need to follow just a few more steps to configure SSO in your CodeScan account.

  1. Open the Federation Metadata XML certificate that you have earlier downloaded from Azure in a new tab of your browser.

  2. In the Edit SAML Connection dialog box on CodeScan, enter the following values:

  3. Click Update on the CodeScan page.

  4. The next step is to confirm your corporate domain to get the SSO working. You can confirm domain via raising a request to Codescan Support.

Step 4: Testing the Single Sign-On Configuration

  1. Log out of the CodeScan Console, and then log back in using the Log in with SAML2 option.

  2. Enter the corporate domain name you have configured when enabling SSO inside CodeScan in the Your Company email field. For example- autorabit.com

  3. You should successfully redirect to the CodeScan Organization page after authentication.

Last updated