This guide walks you through setting up a custom SAML-based login using Azure Enterprise Applications, allowing authenticated users to bypass the Ciphr SSO login screen.
When to use this guide
- You want to create your own Azure SAML application instead of using Ciphr’s default sign in
- You need to customise login behaviour, such as redirecting users via a custom domain
- You're troubleshooting or testing non-standard SSO flows
For standard SAML setup, refer to: Ciphr sign-in SAML configuration
For OpenID (Azure Entra) setup, refer to: Ciphr sign-in Entra OpenID (Azure) configuration
Step-by-step setup
- Go to Azure Portal > Enterprise applications
- Click + New application
- Choose + Create your own application
- Name your application > the default Integrate any other application you don’t find in the gallery should be automatically selected
- Click Create
- Go to Manage > Users and Groups
- Click + Add user/group
- Assign users or roles to the application. These are the users or roles that will be permitted to use single sign-on. For example, to assign a user: Click on None Selected
- Assign users
- Click Select
- Click Assign
- Go to Manage > Single sign-on
- Select SAML
- Click Edit under Basic SAML Configuration
Now open Ciphr sign in
- Select Single sign-on
- Under SAML Configuration, click Add identity provider
- Add a name
- Copy the Entity ID
- Return to Azure and paste this into Identifier (Entity ID)
- Return to Ciphr Sign In and copy the Reply URL
- Return to Azure and paste into Reply URL
| ⚠️ Important: If your reply URL contains uppercase letters, please ensure they are converted to lowercase after pasting into Azure |
- Click Save
Return to Azure
- Under 4. Set up, copy the Login URL
- Paste into Single sign-on end point in Ciphr sign in
- From Azure, copy the Microsoft Entra Identifier and paste it into the Identity provider entity ID in Ciphr sign in
- Optional: Add Single logout binding type and paste Logout URL from Azure into Single logout endpoint
- Add your organisation’s email domain(s) into Allowed Domains
- Click Add
Return to Azure > 3. SAML Certificates
- Download the Raw Certificate (not Base64)
Return to Ciphr sign in
- Click on Browse files under Signing certificate
- Locate the file and click Open
- Tick Is enabled
- Click Submit
Return to Azure
- User 5. test single sign-on, click Test
- From the right-hand side panel, click Test sign in
- If successful, you’ll be redirected and logged in via your Azure app
Show in My Apps dashboard
To show or hide the app from My Apps, go to Manage > Properties
- Change the Visible to users? setting
The app will appear in My Apps (https://myapplications.microsoft.com). It can also be linked via a custom domain by copying the User access URL link in Manage > Properties.
Footer
Comments
0 comments
Article is closed for comments.