Factbird has an integration to set up Active Directory Log in using SAML2. To set it up, you’ll need to configure an application in Active Directory and send some information to Factbird. The guide below outlines the necessary steps:
Setting up Microsoft Entra / AD integration
-
Set up a new Enterprise application: In the Azure Portal, click ‘Active Directory’ and choose ‘Enterprise Applications’ from the side menu. Click ‘Create your own application’ at the top. Give the application a name (for example ‘Factbird’), and select the option Integrate any other application you don't find in the gallery (Non-gallery).
-
Configure Single Sign-On for the Application: Select the newly create application in the Azure Portal, and click the ‘Single sign-on’ menu. Select SAML as the single sign-on method. Enter the following values in the configuration:
Basic SAML Configuration
Identifier (Entity ID):
-
https://auth.cloud.factbird.com (primary identifier, will be replaced by the secondary entry in the future. A notice will be sent out in advance.)
-
https://auth.cloud.factbird.com (secondary identifier)
Sign on URL: https://auth.cloud.factbird.com
Relay State: (Leave empty)
Logout Url: https://auth.cloud.factbird.com/logout
If you have a private cloud solution at Factbird, replace the Reply URL and Logout URL (but not the Entity ID) with the corresponding URLs for your private cloud, i.e. https://auth.cloud.companyName}.factbird.com
Attributes & Claims Make sure at minimum the following claims are added: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
SAML Certificates
Under ‘Verification certificates’, you can add Factbird’s certificate, which you can find in the bottom of this article. -
The final setup should look like this:
- Grant users permissions to log in through the Enterprise Application There are two options here:
-
- Allow all your AD users to log in to Factbird: Go to the Properties menu on the application in the Azure Portal. Change the setting ‘Assignment Required?’ to ‘No’.
- Allow specific users or groups only: Go to the ‘Users and Groups’ menu. Add the users and/or groups that should be allowed to access Factbird.
-
Download Metadata XML and send to Factbird Under SAML Certificates, you can download a Federation Metadata XML file. This contains information needed to configure SSO for your application on Factbird’s end. Download the file and forward it to your Factbird contact person.
Once we have received your metadata file and set everything up on our end, you should be able to log with your Active Directory login.
Shared cloud If you are on the shared Factbird solution, you have to go to https://auth.cloud.factbird.com/set-pool/{companyName} the first time you want to log in with Active Directory.
Private cloud If you are on a private cloud solution in Factbird, you’ll automatically be asked to log in through AD when you try to access Factbird, instead of the usual login form.
Renewing the certificate
When you first set up the Enterprise application, you automatically create a SAML Signing certificate, which eventually expires. You’ll most likely receive an email from Azure a few months in advance:
To renew the certificate, perform the following steps:
- You set up a new certificate for the Enterprise Application in your AD (in the example above, the application is called “FactBird - Formerly BlackBird”, but you may have chosen a different name). To do that, follow step 1 to 3 from in the email, but do not activate the certificate yet.
- You download the “federation metadata XML” file from the same page, and send it to us.
- We replace the previous metadata file with the new one in our system.
- You activate the new certificate in your AD, and optionally delete the old one.
After these steps, your integration should work with the new certificate.