Set up SAML single sign-on (SSO) with Azure Active Directory

Human Managed uses Okta as our identity provider (IDP) to deliver authenticated user profile data to downstream applications. 

This article covers how to set up SAML-based single sign-on (SSO) on Azure Active Directory (Azure AD) to give your users access to Human Managed. When you integrate Azure AD with Human Managed's Okta app, you can: 

• Enable your users to be authenticated for Human Managed apps with their Azure AD accounts 
• Manage your member accounts from the Okta enterprise app in Azure AD 
• Reduce administrative effort such as password creation 
  
  

Before you begin

You need the following to integrate Azure AD with Okta: 

• An Okta instance
• An Azure Active Directory Premium instance
• A Microsoft 365 developer account 

Step 1: Create a service request ticket to set up SAML SSO 

1. Submit a request 
2. In the Subject, type or select Enable SAML SSO

Step 2: Create the Okta enterprise app in Azure AD 

1. Sign in to the Microsoft Azure portal, click the portal menu icon in the top left, and select Azure Active Directory.
2. In the right pane, click Enterprise application under Manage.
3. On the Enterprise applications screen, click New application.
4. Click Create your own application.
5. In the Name field, enter Okta or your preferred name for the application and select Integrate any other application you don't find in the gallery (non-gallery).
6. Click Create.

7. Click Single sign-on in the left menu and click SAML.

8. In the SAML Signing Certificate area, select Download for Certificate (Base64), and download the certificate to your computer.
   You'll need the certificate when you make Azure Active Directory an identity provider in Okta.

9. In the Set up Okta area, record the values in these fields:

   • Login URL

   • Azure AD Identifier

   You'll need these values when you make Azure Active Directory an identity provider in Okta.

Step 3: Test the Azure AD integration 

When Human Managed completes the integration with your Azure Active Directory, you will receive a notification that the service request has been fulfilled by Human Managed.  Now, you can test the integration to confirm that Azure Active Directory can communicate with Human Managed's Okta. 

1. Open the HMapps portal (https://identity.hm.works/).
2. Sign in using your Azure AD account 
   
3. If successful, the Human Managed Apps (HMApps) Dashboard appears with all applications you have access to. If applications have not been assigned, no applications appear on the dashboard.
   
4. The service request is fulfilled and will auto-close when there is no more questions or communication from you. 

What to expect after SSO is enabled

Any members already signed in when SSO is enabled will remain signed in. Going forward, all members will sign up and sign in to Human Managed with their IDP account. If you chose to require SSO, your members will see a sign in page before they can access any of the subscribed Human Managed applications.