Skip to main content

Azure SAML

Overview

Bold Penguin supports a wide variety of SAML 2.0 and OAuth 2.0 identity providers for SSO into the Bold Penguin Terminal.

This is specific documentation for creating a SAML 2.0 SSO link between Microsoft Azure AD and the Terminal. Additional information regarding Microsoft Azure AD is available at the end of this document.

In this document you will:

  • Create the Azure applications necessary for the connection
  • Configure the required SSO (Single Sign On) link for authentication
  • Configure user attributes
  • Map roles to users to connect your environment to Bold Penguin

Create Applications

You will create two new applications in the Azure Portal for the Bold Penguin beta and production environments.

  1. From the Azure Portal side navigation select Enterprise applications

  2. Click the button for New application

  3. Select Create your own application

  4. Enter a name for the application and ensure Non-gallery is seleceted, then click the Create button

  5. Select Single sign-on from the navigation side bar

  6. Select SAML

  7. Download the metadata file below for the appropirate environment.

  8. Select Upload metadata file and upload the appropriate file from the previous step.

    Upload metadata

  9. Ensure the following values are prefilled correctly from the uploaded metadata

    Production

    • Identifier

      https://boldpenguin-auth.boldpenguin.com
    • Reply URL

      https://boldpenguin-auth.boldpenguin.com/users/auth/saml/callback

    Beta

    • Identifier

      https://boldpenguin-auth-uat.beta.boldpenguin.com
    • Reply URL

      https://boldpenguin-auth-uat.beta.boldpenguin.com/users/auth/saml/callback
  10. In the upper right corner, select the pencil icon to edit the configuration for section 2, User Attributes & Claims

  11. In section 2, User Attributes & Claims click on the row for Unique User Identifier (Name ID) to edit

    • For Choose name identifier format select Email address
    • For Source attribute select user.mail
    • Click Save
  12. Verify User Attributes & Claims matches the following:

  13. In section 3, SAML Signing Certificate locate the App Federation Metadata Url and click the copy button on the far right

  14. Email the metadata URL from above step to your Bold Penguin Project Manager

  15. After completing the beta application, repeat these steps for production.

Create Roles

You will create one or more roles in Azure AD that will map to roles within the Bold Penguin Enterprise Terminal. Typically, the only predefined role in Azure AD is User. For testing in the beta application, you must make some modifications to the User role.

  1. From the Users and groups tab select application registration

    Application registration

  2. Select Create app role

    Create app role

  3. Fill in all the fields with Agent and select Users/Groups for allowed member types.

    Create app role

  4. Repeat the previous step for the Principal role.

  5. Disable then delete the built-in User role. You should now have the following roles available.

    Application roles

Assign Roles

You must assign our User role (or other predefined roles) to one or more Azure AD users.

  1. From the Azure Portal side navigation select Enterprise applications

  2. Locate and select your application

  3. From the side navigation select Users and groups

  4. Click Add user/group

    Users and groups

  5. Click Users and groups to bring up the search panel

  6. From the search panel select an existing user or group

    Group select

  7. Click Select

  8. Select Role and assign either the Agent or Principal role.

    Role select

  9. Click Assign to create the assignemnt

Testing

Your Project Manager will confirm receipt of the metadata URL above. You should now be able to login to the Bold Penguin Enterprise Terminal using the dashboard URL for your domain:

https://terminal.boldpenguin.com

When your users first authenticate into Azure, Bold Penguin receives the roles you mapped above in our authentication layer.

Next, you will work with your project manager to add the appropriate permissions for each role or group.

Useful Azure AD resources