Configure Single Sign-On (SAML) with Azure Active Directory and Microsoft 365

These steps will guide you through setting up the SAML single sign-on functionality between Forumbee and Azure Active Directory and Microsoft 365 (Office 365). 

1. In Microsoft 365 (Office 365), login as an administrator. Click the waffle menu and navigate to Admin.
2. In the left navigation click Show all and select Azure Active Directory.
3. Within All services select Enterprise applications.
4. Click New application.
5. Click Create your own application.

   

6. Enter a name for your app such as "Forumbee". Select the option Integrate any other application you don't find in the gallery (Non-gallery):

   

    
   Note: If you are using the legacy app gallery experience, select the Non-gallery application option:

   

7. Click Create or Add.
8. In the left navigation, under Manage, click Single sign-on and select SAML.

   

9. In the Basic SAML Configuration section click the pencil icon.

   

10. In the following steps you will be entering values from your Forumbee account. Open another browser tab and navigate to your Forumbee account.
11. Login your Forumbee account as an administrator.
12. In Forumbee, navigate to Administration > Integrations > SAML.

    

13. Click SSO Settings to expand the section.
14. Copy the Audience field value and paste into the Microsoft field Identifier (Entity ID).
15. Copy the SSO Consumer URL field value and paste it into the Microsoft field Reply URL (Assertion Consumer Service URL).
16. (Optional) Copy the Single Logout URL field value and paste it into the Microsoft field Logout Url.
17. In Microsoft click Save then close the dialog.
18. In Microsoft in the User Attributes & Claims section click the pencil icon.

    

19. Under Additional claims click the claim row which has the value user.mail. In the Name field change the value to email. In the Namespace field, delete the value. Click Save.

    

     

    

20. Click the 2nd claim row which has the value user.givenname. In the Name field change the value to firstname. In the Namespace field, delete the value. Click Save.

    

    

21. Delete the next row which has the value user.userprincipalname. 

    

22. Click final claim row which has the value user.surname. In the Name field change the value to lastname. In the Namespace field, delete the value. Click Save.

    

    

     
23. You have now finished editing the claims. Your Additional Claims list should now look like this:

    

24. Click X to exit the User Attributes & Claims page.
25. In the SAML Signing Certificate panel, download the Certificate (Base64).

    

26. Open the downloaded certificate in a plain text editor. Copy the text.
27. In Forumbee, click Identity Provider Setup to expand the panel. Paste the certificate text into the Certificate field.
28. In Microsoft, copy the value for the field Login URL. In Forumbee, paste this into the field SSO Logon URL.
    
29. In Microsoft, copy the value for the field Azure AD Identifier. In Forumbee, paste this into the field Issuer URL. 
30. (Optional) In Microsoft, copy the value for the field Logout URL. In Forumbee, paste this into the field SLO Logout URL.
31. In Forumbee, click Save at the bottom of the Identity Provider Setup panel.
32. Download the Forumbee image Forumbee Icon.png (right-click and select 'download'). 
33. In Microsoft, add the image to the app. Under Manage navigate to Properties. Next to Logo click Select a file and upload the Forumbee image. Click Save.

    

34. In Microsoft, assign users and groups to the app. Under Manage navigate to Users and groups and click Add user/group. Follow the steps on the screen to assign users or groups.
35. In Forumbee at the top of the SAML 2.0 page, click the Enable toggle to turn SSO on.