This section describes the settings for using Unifinity with Microsoft Azure Active Directory as an IdP (Identity Provider).
procedure
1. creating enterprise applications
On the Azure Active Directory screen, click on "Enterprise Applications" and then click on "New Application".
Click on "Create Your Own Application."
What is the name of your application?
Specify [Unifinity] as the name of the application.
What operations would you like to perform in your application?
[Select "Integrate other applications not found in the gallery
Click Create.
Click on "Single Sign On" and then on "SAML.
Click on "Basic SAML Configuration,
Specify the EntityID displayed on the UniBaaS single sign-on screen in the "Identifier (entity ID)" field, and specify the ACS URL in the "Response URL" field.
Click on Edit "Attributes and Claims," then click on "Unique User Identifier (Name ID)."
Select "user.mail" as the source attribute and click Save.
Download the "Federation Metadata XML" of the "SAML Certificate", open it in Notepad, select all of it, copy it to the clipboard, and paste it into the MetaData of the UniBaaS single sign-on configuration screen.
Set the Login URL in "Unifinity Setup" to the Login URL on the UniBaaS single sign-on configuration screen.
If you want to map the department name of a user property on Azure Active Directory to a group in UniBaaS, click "Add New Claim" on the "Attributes and Claims" screen.
Specify Group for "Name," select "user.department" for "Source Attribute," and click Save.
Specify Group for GroupName Mapping on the UniBaaS single sign-on configuration screen.
Assignment of user accounts
Assign users to the application so that the enterprise application created in step 1 is available to Azure Active Directory users.
On the Azure Active Directory screen, click on "Enterprise Applications" and select the application [Unifinity] created in step 1.
Under "Users and Groups," click on "Add User or Group.
Click on "Not selected."
Select a user, click "Select", and then click "Assign".
User assignment is completed.
Behavior of IdP-Initiated SSO
https://office.com/apps in your browser and follow the "All Apps" link to see the Unifinity app.
Clicking on the link in your Windows browser will bring up the UniBaaS corporate administration page. (In this case, an Azure Active Directory authenticated account must be assigned to a group with administrative privileges on UniBaaS. )
Clicking the link in your iOS or Android browser will launch the Unifinity Application Player in an authenticated state.