Single Sign ON (SSO) Set-up for Azure AD

Please follow the below screenshots for Azure AD to set up Single Sign ON (SSO) to Human Focus System.

1. Login to Azure AD and click on Enterprise Applications

Single Sign On

2. Click + Sign of New Applications.

Single Sign On

3. Click on “Create your own application”

D-0534 HFSingleSignON-AzureSetupSteps3-V2

4. Give your application a name, select the last option appearing on the page and Click Create.

Single Sign On

5. Click on Set up Single Sign on Option

Single Sign On

6. Click SAML Option.

Single Sign On

7. Enter the following in Identifier and Reply URL fields


Reply URL:

D-0534 HFSingleSignON-AzureSetupSteps7-V2

8. Edit the User Attributes & Claims section

Under Claim Name, you will see the primary claim, Unique User Identifier (Name ID), with the claim Value set to user.userprincipalname [nameid-format:emailAddress]. On clicking this claim, you will find the following details on the Manage claim page:

Single Sign On

Close this page. Now, delete the default attributes that you see under the Additional claims section. We will be adding our own set of attributes.

Single Sign On

Now, to add your attributes, click on + Add new claim.

9. Open Manage claim page

10. In the Manage claim page, enter first_name under Name, select user.givenname under the Source attribute, and click Save.

Single Sign On

Similarly, add the following attributes:

Name Value
last_name user.surname
email user.userprincipalname
roles user.assignedroles

10. Role Mapping in Contentstack

If you want to enable Role Mapping in Contentstack, then it is highly important to add the roles attribute as we need this for IdP Role Mapping which we will cover in the next set of steps.

Single Sign On

You will see the added attributes in the User Attributes & Claims section.

D-0534 HFSingleSignON-AzureSetupSteps11-1-V2

11. SAML Signing Certificate section

In the SAML Signing Certificate section, click the Download link beside Certificate (Base64). This will download and save the Base64 version of the certificate which need to be sent to Human Focus. If

Single Sign On

If needed, edit the Notification Email Addresses section, change the notification email, and click on Save.

Single Sign On

12. Send data to Human Focus

Under the Set up section, you will find important data, such as Login URL, Azure AD Identifier, and Logout URL of your Microsoft Azure AD app. This data need to be sent to Human Focus

Single Sign On