SSO Integration: Microsoft Azure AD Instructions

What: This resource lists the steps needed to configure Microsoft Azure AD to support SSO SAML integration with Tenna.

Microsoft Azure AD Configuration Steps

Step 1. Create Enterprise Application in Azure AD

1. Go to Azure Active Directory.
   1. In the left sidebar, choose Enterprise applications.
   2. Choose New application.
   3. On the Browse Azure AD Gallery page, choose Create your own application.
   4. Under What’s the name of your app?” enter Tenna for your application and select Integrate any other application you don’t find in the gallery (non-gallery).

   It will take few seconds for the application to be created in Azure AD, then you should be redirected to the Overview page for the newly added application.

Step 2. Configure the Tenna Application

1. On the Getting Started page, find the "Set up single sign on" tile and select choose "Get started"
2. On the next screen, select SAML.
3. In the middle pane under Set up Single Sign-On with SAML, in the Basic SAML Configuration section, choose the edit icon
4. In the right pane under Basic SAML Configuration
   1. Replace the default Identifier ID (Entity ID) with the value urn:amazon:cognito:sp:us-east-1_OcObtz01o (red arrow below)
   2. In the Reply URL (Assertion Consumer Service URL) field enter the value https://prd-tenna.auth.us-east-1.amazoncognito.com/saml2/idpresponse (red arrow below)
5. Choose Save
6. Setup user claims (TBD)
7. Scroll down to the SAML Signing Certificate section, and copy the App Federation Metadata Url to be provided to Tenna to finish the integration Configuration 

Step 3. Assign Users to Tenna Application

1. On the Getting started page, select "Assign users and groups"
2. Select Add user/group 
3. Select users and click on assign button
4. Verify selected users show up under the Tenna App.