Skip to main content

Azure SAML


Bold Penguin supports a wide variety of SAML 2.0 and OAuth 2.0 identity providers for SSO into the Bold Penguin Terminal.

This is specific documentation for creating a SAML 2.0 SSO link between Microsoft Azure AD and the Terminal. Additional information regarding Microsoft Azure AD is available at the end of this document.

In this document you will:

  • Create the Azure applications necessary for the connection
  • Configure the required SSO (Single Sign On) link for authentication
  • Configure user attributes
  • Map roles to users to connect your environment to Bold Penguin

Create Applications

You will create two new applications in the Azure Portal for the Bold Penguin beta and production environments.

  1. From the Azure Portal side navigation select Enterprise applications

  2. Click the button for New application

  3. Select Non-gallery application

  4. Enter a name for the application and click the Add button

  5. Select Single sign-on from the navigation side bar

  6. Select SAML

  7. In the upper right corner, select the pencil icon to edit the configuration for section 1, Basic SAML Configuration

  8. Use the table below to set the appropriate values for Identifier and Reply URL for each environment


  • Identifier
  • Reply URL


  • Identifier
  • Reply URL
  1. In the upper right corner, select the pencil icon to edit the configuration for section 2, User Attributes & Claims

  2. In section 2, User Attributes & Claims click on the row for Unique User Identifier (Name ID) to edit

  • For Choose name identifier format select Default
  • For Source attribute select user.objectid
  • Click Save
  1. Verify User Attributes & Claims matches the following:

  2. In section 3, SAML Signing Certificate locate the App Federation Metadata Url and click the copy button on the far right

  3. Email the metadata URL from step 13 to your Bold Penguin Project Manager

  4. After completing the beta application, repeat these steps for production.

Create Roles

You will create one or more roles in Azure AD that will map to roles within the Bold Penguin Enterprise Terminal. Typically, the only predefined role in Azure AD is User. For testing in the beta application, you must make some modifications to the User role.

  1. From the Azure Portal side navigation select App registrations

  2. Under All applications locate and click the beta application

  3. Select Manifest from the navigation side bar to display the JSON text of the mainfest file

  4. In the appRoles section of the manifest locate the first role with "displayName": "User"

  5. Locate the value property and change from "value": null to "value": "User"

    • Note: This is for testing purposes. Your Project Manager will help define any additional roles.
  6. Click Save

Assign Roles

You must assign our User role (or other predefined roles) to one or more Azure AD users.

  1. From the Azure Portal side navigation select Enterprise applications

  2. Locate and select your beta application

  3. From the side navigation select Users and groups

  4. Click Add user

  5. Click Users and groups to bring up the search panel

  6. From the search panel select an existing user or group

  7. Click Select

  8. Select Role should already be User. If not, select the User role and click Assign


Your Project Manager will confirm receipt of the certificate and login URL above. You should now be able to login to the Bold Penguin Enterprise Terminal using the dashboard URL for your domain:


NOTE: Replace [domain] with your unique domain provided during on-boarding.

When your users first authenticate into Azure, Bold Penguin receives the roles you mapped above in our authentication layer.

Next, you will work with your project manager to add the appropriate permissions for each role or group.

Useful Azure AD resources