The following document details the process to implement Single Sign-on within SafeConsole using Azure AD. In this document, we utilize the User’s “Department” field to correspond to the SafeConsole Role to which the user will be assigned. Your Azure AD setup could differ from this configuration.


NOTE: You can review the Knowledge Base (KB) Article using the link below to set up your Azure AD security groups for SafeConsole roles (ADMINISTRATOR, MANAGER, and SUPPORT). 


https://support.datalocker.com/support/solutions/articles/4000126687-sso-integration-with-safeconsole-5-3-


Configuring Azure AD

Creating a new application


1. Log in to the Azure AD portal and navigate to Enterprise Application within Azure Active Directory.



2. Click on New Application.



3. Click on Create your own application.



4. Enter the name of your Application and click on Create 



Adding Users to the Application


5. Once the Application has been created, select Users & Groups from the left-hand side panel and click on Add User.



6. Click on the Users (None Selected) window to open the Users you can select. Add the Users you wish to access SafeConsole and click on Select.




7. Click on Assign.



8. The Users will appear.




Configuring Single Sign-on

9. Select Set-up single sign-on




10. Select SAML



11. In Step 1 of the SAML-based Sign-on, select Edit.



12. Enter the following information as detailed in the screenshot below:



13. In step 2 of the Claim-based Sign-on, select Edit.

14. Enter the name memberOf.

15. Enter the Source Attribute from the dropdown menu (in this case we will use user: Department but this may differ in your Azure AD environment).


NOTE: It is important that your ‘memberOf’ claim will correspond with a role that matches your SafeConsole Roles (ADMINISTRATOR, MANAGER, and SUPPORT are the default SafeConsole roles).


16. Click on Save.




17. Return to the SAML configuration Application

18. In step 3 of the Claim Based Sign-on, download the Federation Metadata XML



Configuring the SSO connector in SafeConsole


19. Login to SafeConsole and navigate to the Single Sign-on section in the Server Settings located on the left-hand side panel and Enable Single Sign-on.



20. Select SAML2 as the SSO Provider

21. Click the Upload a SAML Metadata file to import the settings automatically button and browse to the Metadata file downloaded in step 17.

22. Important: Change the Entity ID to what you set in Step 11.



23. Test the SSO connection in Step 5 of the SAML-based Sign-on.