Single Sign-On with Azure

Overview

This step-by-step guide explains how to set up Single Sign-On in CodeScan with Microsoft Azure Active Directory (AD) as your SAML 2.0 Identity Provider (IdP).

When you integrate CodeScan with Azure AD, you can:

  1. Control in Azure AD who has access to CodeScan

  2. Enable your users to be automatically signed in to CodeScan with their Azure AD accounts

  3. Manage your accounts in one central location - the Azure portal.

Prerequisites

To get started, you need the following items:

  1. Microsoft Azure account with Azure AD Premium activated.

  2. Administrator level access to CodeScan and Azure AD to configure SSO.

  3. Enable Single sign-on in CodeScan.

  4. Add CodeScan as a non-gallery application in Azure.

Instructions

Step 1: Enabling Single Sign-On in CodeScan

Before configuring SSO in Azure AD, you must enable SSO in CodeScan.

  1. In CodeScan, click on the Profile icon on the right corner of the screen and select your organization (under My Organizations).

  1. Go to Administration > SAML Connections.

  1. Click on Create Connection.

  1. In the Connection name field, enter the identity provider name as you want to appear (use only Latin characters without spaces and any special characters). Example- AD-SAML

  2. Enter a valid domain name of the organization in the Corporate domain field that can be authenticated in the Identity Provider. This property cannot be updated after SAML Connection creation. Example- In case of abc@autorabit.com, the corporate domain will be autorabit.com.

  3. Keep the Enforce SSO checkbox unchecked for now. You can enable Enforce SSO later when your domain has been confirmed. Once enabled, only SSO authentication will be allowed for email addresses of your corporate domain.

    Point to Note:

    • Enforcing SSO affects both login and signup. Existing Auth0 users won't be able to login.

    • Signup with email domain same as corporate domain won't be allowed.

    • If the Enforce SSO checkbox is enabled prematurely, it will prohibit all users in their organisation from accessing CodeScan. Consider enforcing SSO only after admins have logged in to CodeScan using SSO.

  4. Keep the SAML Connection status checkbox as Enabled and click on Create button.

  1. You will be able to see the Metadata URL generated for your SSO configuration. Keep the current page open while you continue to add the CodeScan app to Azure AD.

Step 2: Configuring Azure

  1. Log in to the Azure portal (https://portal.azure.com/). In the left-hand menu, click Azure Active Directory > Enterprise applications.

  1. Select All applications under the Manage section.

  2. Click + New application at the top of the screen.

  1. On the next screen, click on the + Create your own application button.

  1. Enter the name of the app as CODESCAN and choose the third option i.e., Integrate any other application you don't find in the gallery (Non-gallery). Click Create.

  1. Once the CodeScan application is created, click on Single sign-on under the Manage section.

  1. On the Select a Single sign-on method dialog, select SAML mode to enable single sign-on.

  1. On the Set up Single Sign-On with SAML page, click the Edit (pencil) icon for Basic SAML Configuration to edit the settings.

  1. On the Basic SAML Configuration section, perform the following steps:

    • In the Identifier (Entity ID) field, enter the connection_id in this field. Example: AD-SAML

    • In the Reply URL field, enter the URL in the below format: {instanceurl}/_codescan/login/saml2/sso/{connection_id} For example: If your instance URL is https://app.codescan.io and the connection_id is AD-SAML, your Reply URL would be https://app.codescan.io/_codescan/login/saml2/sso/OKTA-SAML

    • Click Save and close the dialog box.

Where can I find my connection_id?

Your connection_id will be available in the Metadata URL generated inside CodeScan.

For example: Metadata URL- https://app.codescan.io/_codescan/saml2/metadata/AD-SAML Connection_Id- AD-SAML

  1. Click the Edit (pencil) icon for Attributes & Claims to edit the attributes settings.

  1. On the Attributes & Claims section, delete the auto-generated claims available in the Additional claims section.

  1. Next, click on + Add New Claim.

  1. In the Manage Claim page, fill in the below details:

NameSourceSource Attribute

saml_email

Attribute

user.mail

  1. Click Save.

  2. Follow similar steps to add two more claims as mentioned in the below table:

NameSourceSource Attribute

saml_username

Attribute

user.mail

saml_name

Attribute

user.displayname

  1. Close the dialog box and navigate to Users and groups section. Click on + Add user/group button to assign users and groups to app-roles for the CodeScan application.

  2. Click on Single sign-on to navigate back to the Set up Single Sign-On with SAML page.

  3. In the SAML Certificate section, find Certificate (Base64) and select Download to download the certificate and save it on your computer.

    Point to Note:

    Open the above downloaded certificate into your Notepad++, you will need to copy and paste the certificate into the CodeScan application while carrying out SAML configuration.

  4. In the SAML Certificate section, find Federation Metadata XML and select Download to download the certificate and save it on your computer.

Step 3: Configuring in CodeScan SAML Connection

Now that your Azure SSO implementation is set up, you’ll need to follow just a few more steps to configure SSO in your CodeScan account.

  1. In CodeScan, on the SAML page, go to Actions and click on Edit.

  1. Open the Federation Metadata XML certificate that you have earlier downloaded from Azure in a new tab of your browser.

  2. In the Edit SAML Connection dialog box on CodeScan, enter the following values:

    • Provider Entity Id: Copy the entityID value from the Federation Metadata XML certificate and paste it into Provider Entity Id inside CodeScan.

    • Sign In URL: Copy the SingleSignOnService Location value and paste it into the Sign In URL inside CodeScan.

    • Open the Certificate (Base64) that you have downloaded from Azure in your Notepad++, copy the entire content and paste into the X509 Signing Certificate field of the CodeScan SAML connection.

  3. Click Update on the CodeScan page.

  4. The next step is to confirm your corporate domain to get the SSO working. You can confirm domain via raising a request to Codescan Support.

Step 4: Testing the Single Sign-On Configuration

  1. Log out of the CodeScan Console, and then log back in using the Log in with SAML2 option.

  2. Enter the corporate domain name you have configured when enabling SSO inside CodeScan in the Your Company email field. For example- autorabit.com

  3. You should successfully redirect to the CodeScan Organization page after authentication.

PreviousSingle Sign-On with OKTANextSingle Sign-On with ADFS

Last updated