Connecting Mosaic with Microsoft Azure

Initial Setup with Microsoft Azure SAML

  1. On the Welcome to Azure! page, find the Enterprise applications option.

  1. Click on the Enterprise applications option and click on New application.

  1. Click on the Create your own application button.

  1. Input a name that is easily identifiable and select Integrate any other application you don't find in the gallery (Non-gallery).

  1. Once the app has been created by Azure, navigate to the Single sign-on menu.

  1. Go to Mosaic settingsSecuritySAML 2.0 Single Sign On

🚧

Please Note:

Only admins are able to access the “Security“ tab on Mosaic settings.

  1. On Mosaic’s SAML 2.0 Single Sign On menu, fill in:
  • Domain:
    • Domain associated with Microsoft Azure.

🚧

Please Note:

The email associated with the admin (who is setting up the SAML) must have the same domain as the one being inputted.

  • For example, if the admin uses an email [email protected], the only domain the admin could input is thisisdomain.com.
  • SSO URL:

    • Copy the Login URL under Set up [name of the application] App from Step #4 of the Azure Single sign-on menu.
  • Certificate:

    • Download Certificate (Base64) under SAML Signing Certificate in Step #3 of the Azure Single sign-on menu.
    • Open downloaded certificate with a text editor of choice.
    • Copy the full content of the certificate.

  1. Copy and paste ACS URL and Entity ID from Mosaic’s SAML 2.0 Single Sign On menu to Microsoft Azure’s Basic SAML Configuration section; all other fields can remain untouched.

  1. Next, click on Attributes & Claims and then Add new claim.

  • Add the following additional attributes:
    a. email

b. first_name

c. last_name

  1. Add users to the SAML app through the Users and groups menu.

  1. Next, go back to Mosaic and click Done.

  • Upon successful activation, SAML 2.0 Single Sign On will have the following options.

  1. Next time a user with an email address belonging to the specified domain logs into Mosaic, they will be redirected to authenticate with Microsoft Azure the moment they click Next after inputting their email.