This guide will take you through the steps for configuring Azure as the SAML IDP for HyperComply, allowing your users to authenticate to HyperComply through Azure instead of the usual email/password combination.
- First we’ll log into HyperComply and copy a value we’ll need for Azure configuration.
- Next we’ll create the HyperComply Azure “Enterprise Application” and configure it for HyperComply SAML.
- Finally we’ll copy some values from our new Azure Application into HyperComply so HyperComply can securely validate SAML assertions from Azure.
- Navigate to https://app.hypercomply.com/settings/saml_config
- Copy the value of the “SAML ACS Endpoint” at the bottom of the screen.
- Keep this tab open and complete the steps below, you will need to enter some values from Azure on this screen at the end of this process.
Azure Application Creation
- Log in to your Azure Portal.
- Navigate to Azure Active Directory > Enterprise Applications.
- Click ‘New Application’ > ‘Create your own application’
- Name your application ‘HyperComply’, choose ‘Integrate any other application you don’t find in the directory’. Click ‘Create’
- Navigate to ‘Users and groups’ in the left pane and assign yourself as a user to test the integration.
- Navigate to ‘Single sign-on’ in the left pane and choose ‘SAML’.
- Click ‘Edit’ for the ‘Basic SAML Configuration’ section
- Add the ‘SAML ACS Endpoint’ value you copied from HyperComply into the ‘Identifier (Entity ID)’ and check the ‘Default’ checkbox next to this value. You can delete the default value that was there when you opened the page.
- Also add the ‘SAML ACS Endpoint’ value you copied from HyperComply into the ‘Reply URL (Assertion Consumer Service URL)’.
- Click ‘Save’.
- Under the ‘SAML Signing Certificate’ section, copy the URL shown in the ‘App Federation Metadata Url’ field.
- Open the url in a new tab, this will show a large XML document.
- Search for ‘entityId’.
- Copy the first value found into the ‘IDP Entity Id’ field in HyperComply. It should look something like ‘https://sts.windows.net/92977eee-c4e2-43ab-bf7a-90b9e2eaaaaa/’
- Search for ‘wsa:EndpointReference’
- Copy the first value found into the ‘IDP Endpoint URL’ field in HyperComply. It should look something like ‘https://login.microsoftonline.com/92977eee-c4e2-43ab-bf7a-90b9e2eaaaaa/wsfed’
- Search for ‘X509Certificate’
- Copy the first value found into the ‘IDP Certificate’ field in HyperComply. It should be roughly 1000 characters long.
- Check the ‘Enable SAML’ box in HyperComply and click ‘Save’
- In the final ‘Test single sign-on with HyperComply’ section, click ‘Test’.
- Select ‘Sign in as current user’ and click ‘Test Sign In’
- You should be logged into HyperComply successfully.
At this point you have connected your Azure AD SAML IDP to HyperComply, allowing users to log into HyperComply from Azure. Any user that logs into HyperComply via Azure will have an account created for them (if they don’t already have an account). Allowing Azure users to log into HyperComply can be done by adding users to the HyperComply “Application” you created above in Azure, these users will be automatically provisioned as HyperComply users the first time they log into HyperComply via Azure AD SAML.