How to configure SSO with Azure Active Directory

Background

• The purpose of this guide is to help walk you through the process of configuring Sendbird’s Dashboard Single Sign On (SSO) with the SSO Provider, Azure AD.

Getting Started

1. Obtain the Organization Key from the Sendbird Dashboard

   1. Navigate to your Sendbird Dashboard, and go to Organization > Access Control

      

      Screen Shot 2021-03-04 at 5.06.00 PM.png316×708 98.3 KB

   2. Click Configure under SAML Single Sign-On

      

      Screen Shot 2021-03-04 at 5.07.26 PM.png878×626 209 KB

   3. Take note of the Organization Key. We’ll need this shortly.

      

      Screen Shot 2021-03-04 at 5.20.21 PM.png916×686 153 KB

2. Create an enterprise application in Azure AD

   1. As an Azure Admin, navigate to Azure Active Directory, select Enterprise applications and finally click new application:

      

      Screen Shot 2021-03-04 at 5.21.01 PM.png1116×282 105 KB

   2. Create your own application

      

      Screen Shot 2021-03-04 at 5.21.30 PM.png1118×388 147 KB

   3. Set the app name as “Sendbird” and select the option to integrate any other application you don’t find in the gallery.

      

      Screen Shot 2021-03-04 at 5.22.03 PM.png922×564 161 KB

   4. Once your application has been created, select Single sign-on from the left menu, and select SAML.

      

      Screen Shot 2021-03-04 at 5.22.55 PM.png1076×486 152 KB

   5. Next we’ll configure Azure for SAML. Select Edit on the Section 1 card:

      

      Screen Shot 2021-03-04 at 5.23.27 PM.png1058×362 88.2 KB

   6. Fill in the following fields:

      1. Identifier (Entity ID): https://sendbird.com
      2. Reply URL (Assertion Consumer Service URL): https://gate.sendbird.com/sso/<Organization Key>/acs

   7. Select Edit on the Section 2 card:

      

      Screen Shot 2021-03-04 at 5.24.01 PM.png1028×308 53 KB

   8. Click the Unique User Identifier (Name ID) claim to edit it. Edit it to match the following:

      

      Screen Shot 2021-03-04 at 5.24.40 PM.png1040×584 91.9 KB

   9. Remove all of the additional claims by clicking the … and selecting delete. Our User Attributes and Claims should look like:

      

      Screen Shot 2021-03-04 at 5.25.17 PM.png1118×540 85.7 KB

   10. Return to the SAML Single Sign-On page and select Edit on section 3 card.

       

       Screen Shot 2021-03-04 at 5.25.42 PM.png1146×394 130 KB

   11. Set the Signing Option to Sign SAML response and assertion

   12. Once the Signing Option has been updated, download the Base64 certificate from the section 3 card.

   13. Finally, make note of the Login URL and the Azure AD Identifier from the section 4 card. You will need these for the Sendbird Dashboard in the next step

       

       Screen Shot 2021-03-04 at 5.26.16 PM.png1104×330 99.8 KB

3. Configure SSO in the Sendbird Dashboard

   1. In your Sendbird Dashboard → Access Control → , under SAML Single Sign-On (Where we obtained the Organization Key), fill in the following items using the Setup Instructions from Azure

      1. Sendbird Entity ID: Azure AD Identifier
      2. Sendbird SSO Endpoint URL: Azure Login URL
      3. Sendbird Public Certificate: Contents of the Sendbird.cer downloaded from the section 3 card in Azure.
      

      Screen Shot 2021-03-04 at 5.27.15 PM.png1080×726 262 KB

      Note: Enable “Allow Just-inTime provisioning” to allow automatic account creation when signing in from Azure. If this is not enabled, users will need to have an existing account in Sendbird to sign in.

   2. Save, and you’re all set. SSO has been configured to work between Azure and the Sendbird Dashboard.