We assume you have a working understanding of Azure AD and have it established as your identity provider.
1 - Obtain your Tribal Habits SSO URL
Login to your Tribal Habits portal and proceed to Admin, then Accounts, then Configure SAML. Your SAML SSO URL will be located in the Identity Provider Configuration panel. It is typically https://yourorganisation.tribalhabits.com/saml/auth.
2 - Create a new Azure AD Application and enter Basic SAML Configuration
Create a new Azure AD Application and then go to the Single Sign-on page and enter the following details under Basic SAML Configuration.
- Identifier URL: https://yourorganisation.tribalhabits.com/saml/auth
- Reply URL: https://yourorganisation.tribalhabits.com/saml/auth
- Log Out URL: https://yourorganisation.tribalhabits.com/saml/idp_sign_out
3 - Enter the User Attributes and Claims
Edit each of the attributes as below (also remove the namespace URI this is not needed)
- EmailAddress -> Email
- Givenname -> FirstName
- Name -> remove this value
- Surname -> LastName
Change the Name identifier value to use the attribute you want mapped to the username field in Tribal Habits:
4 - Save the SAML Signing Certificate
Save the Base 64 Certificate.
Also copy the following values:
- Login URL (IDENTITY PROVIDER SSO URL)
- Azure AD Identifier (IDENTITY PROVIDER ENTITY ID)
- Logout URL (IDENTITY PROVIDER SLO URL)
5 - Set up your Tribal Habits configuration
Login to your Tribal Habits portal and proceed to Admin, then Accounts, then Configure SAML. Click Edit and tick 'Enable SAML for your portal?'.
Then enter the required information into the fields as you obtained above in Step 4.
For the certificate, obtain the contents of the Base 64 certificate as you saved it earlier by opening it in Notepad or similar and copy/pasting the certificate data.