How to configure SSO with Azure Active Directory


  • The purpose of this guide is to help walk you through the process of configuring Sendbird’s Dashboard Single Sign On (SSO) with the SSO Provider, Azure AD.

Getting Started

  1. Obtain the Organization Key from the Sendbird Dashboard

    1. Navigate to your Sendbird Dashboard, and go to Organization > Access Control

    2. Click Configure under SAML Single Sign-On

    3. Take note of the Organization Key. We’ll need this shortly.

  2. Create an enterprise application in Azure AD

    1. As an Azure Admin, navigate to Azure Active Directory, select Enterprise applications and finally click new application:

    2. Create your own application

    3. Set the app name as “Sendbird” and select the option to integrate any other application you don’t find in the gallery.

    4. Once your application has been created, select Single sign-on from the left menu, and select SAML.

    5. Next we’ll configure Azure for SAML. Select Edit on the Section 1 card:

    6. Fill in the following fields:
      1. Identifier (Entity ID):
      2. Reply URL (Assertion Consumer Service URL):<Organization Key>/acs
    7. Select Edit on the Section 2 card:

    8. Click the Unique User Identifier (Name ID) claim to edit it. Edit it to match the following:

    9. Remove all of the additional claims by clicking the … and selecting delete. Our User Attributes and Claims should look like:

    10. Return to the SAML Single Sign-On page and select Edit on section 3 card.

    11. Set the Signing Option to Sign SAML response and assertion
    12. Once the Signing Option has been updated, download the Base64 certificate from the section 3 card.
    13. Finally, make note of the Login URL and the Azure AD Identifier from the section 4 card. You will need these for the Sendbird Dashboard in the next step

  3. Configure SSO in the Sendbird Dashboard

    1. In your Sendbird Dashboard → Access Control → , under SAML Single Sign-On (Where we obtained the Organization Key), fill in the following items using the Setup Instructions from Azure
      1. Sendbird Entity ID: Azure AD Identifier
      2. Sendbird SSO Endpoint URL: Azure Login URL
      3. Sendbird Public Certificate: Contents of the Sendbird.cer downloaded from the section 3 card in Azure.

      Note: Enable “Allow Just-inTime provisioning” to allow automatic account creation when signing in from Azure. If this is not enabled, users will need to have an existing account in Sendbird to sign in.

    2. Save, and you’re all set. SSO has been configured to work between Azure and the Sendbird Dashboard.