Azure AD SSO Configuration Guide

Ensure you have read the SSO Setup Overview article to ensure you have configured the baseline and prepared for your IDP SSO connection.

  1. Navigate to Active Directory and select Enterprise Applications from the menu.

  2. Select the option to Add a New Application

    Add a new Azure AD application

  3. Choose Create your own application.

    Select option to create new app

  4. Add a name to help you remember the application (ex: transcend-sso).

  5. Select Set up Single sign-on and choose SAML as the SSO mode.

    Set up SSO settings for Azure AD App

  6. In the Basic SAML Configuration Settings, enter the following information:

    • Identifier (Entity ID): transcend. Note - this must be an exact match, Transcend is looking for this string.
    • Reply URL (Assertion Consumer Service URL): https://api.transcend.io/saml/ for the EU backend, or https://api.us.transcend.io/saml for the US backend
    • Sign on URL : https://app.transcend.io/login
    • Relay State (Optional): leave empty
    • Logout URL (Optional): leave empty
    AzureAd App SAML config example

Once the Transcend application is set up in Active Directory, obtain the credentials and certificate to enter in the Transcend Admin Dashboard SSO settings.

  1. In Transcend SSO Settings, enter transcend for Identity Provider Issuer. The value entered here must match transcend exactly.
  2. Under the SAML Certificates section, download the X.509 Certificate by selecting the download option for Certificate (Base64). Copy this value to Transcend.
  3. Copy the login URL from Active Directory into Transcend. It should look similar to https://login.microsoftonline.com/{{uuid}}/saml2.

Configure the groups and users who should have access to Transcend in Active Directory by navigating to the newly created Transcend app and selecting Users & Groups. Note that it may be worth creating a new group of users who should have access to Transcend.