Configuring SAML with Microsoft Azure

Award Force can be configured for single sign-on with Microsoft Azure and SAML. This means users of your Microsoft Azure portal don't have to register for a separate set of login credentials on Award Force. To configure this connection, follow the steps below.

1. In your Microsoft Azure portal, create a new application
   
2. Select Set up single sign on
   
   
3. In the Basic SAML Configuration settings set the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) as below but replace your_Award_Force_account_domain with the URL of your Award Force account
   • Identifier (Entity ID): https://your_Award_Force_account_domain/saml/metadata
   • Reply URL (Assertion Consumer Service URL): https://your_Award_Force_account_domain/saml/callback
4. Award Force requires three attributes: firstName, lastName, and email which can be configured in the 'Attributes & Claims' section
   
   Note: you will need to set Name identifier format to Persistent. For the Additional claims please delete any values in the Namespace field.
5. Log into the Manage workspace your Award Force account and go to Settings > Users > Registration
6. Under '3rd party authentication', select the SAML checkbox
   
7. Copy and paste the Azure AD Identifier from Microsoft Azure to the Issuer field
8. Copy and paste the Login URL from Microsoft Azure to the Single sign-on service URL
9. Download the certificate from Microsoft Azure and copy and paste the text to the X.509 certificate field in Award Force.
   
   Note: the option to encrypt the assertion is optional.
10. Save

A SAML login button will now be visible on your home page. Users who are logged into Microsoft Azure can click this button and be logged in to your Award Force account automatically. Alternatively you can provide a direct link from your own website to https://your_Award_Force_account_domain/login.