Configuring Azure for Simplelists SAML2 Authentication

Create an Azure Enterprise Application for Simplelists

  1. Login to your Microsoft Azure Tenant https://portal.azure.com Microsoft Azure Dashboard
  2. Click View on Manage Microsoft Entra ID or click Microsoft Entra ID

Manage Azure Active Directory

    Manage Entra ID
  1. Click Enterprise applications from the left hand menu

Create a new Enterprise Application

    Enterprise Applications
  1. Click New application

Create your own application

    Create new application
  1. Click Create your own application Create your own Application
  2. Enter Application Details
    1. Enter the name of your app (Simplelists or other unique name)
    2. Select Integrate any other application you don’t find in the gallery (Non-gallery)
    3. Click Create

Setup single sign on

    Configure Enterprise Application
  1. Click Get started under Set-up single sign on

Select a single sign-on method

    Select Signon Method
  1. Click SAML

Set up Single Sign-On with SAML

The metadata file referenced below is the saml.xml file that you can download from the Simplelists Authentication provider that is created using Configuring a SAML2 Authentication Provider

The metadata file will include most of the settings required. The RelayState value is also located on the Authentication Provider created as per Configuring a SAML2 Authentication Provider

    Setup single signon with SAML
  1. Click Upload metadata file Upload Metadata
  2. Click Add

Verify Basic SAML Configuration that was uploaded

    Basic SAML Configuration
  1. Enter the RelayState from the Simplelists settings
  2. Click Save

The RelayState is a value that Azure will pass to Simplelists when authentication is initiated from the Azure applications page. It must match the value in Simplelists, and can be found on the Authentication Provider created in Simplelists.

Download the Metadata and Certificate for Simplelists

Save each of these files to a location to upload the the Authentication Provider Settings of Simplelists.

    Download certificate and metadata.xml
  1. Click Download to the right of Certificate (Base64)
  2. Click Download to the right of Federation Metadata XML

Azure - Enable User Login

Depending on your Azure settings you may need to enable user log in for the Simplelists application in Azure.

    Simplelist Enterprise Application
  1. Click Users and Groups

Users and Groups

    Azure Users and Groups
  1. Click Add user/group

Add Assignment

    Azure Add Assignment
  1. Click None Selected under Users

Users

    Azure Select User
  1. Click on each user (or group) that you wish to add
  2. Click Select

Add Assignment

    Azure Add Assignment
  1. Click Assign

Testing Login

Access the Simplelists page and click Login

    Simplelists Main Login page
  1. Click login Simplelists login page
  2. Enter your Azure enabled email address and click submit.

If everything is correctly configured you will be presented with the Azure login page.

    Azure Enter Account ID Pick Azure Account ID
  1. Enter the "Email address, phone number or Skype" or pick the account from the list
  2. Click Next Azure enter password
  3. Enter your password
  4. Click Sign In Azure enter 2FA code
  5. You may need to enter your two factor authentication code (2FA)
  6. Click Verify Azure Stay Logged In
  7. Choose whether you want to stay logged in
  8. Click Yes or No

Azure Optional Configuration

Azure Verification certificate

Configuring a verification certificate requires Microsoft Entra (Azure) to verify that the SAML AuthnRequest was properly signed by Simplelists with the expected certificate.

This provides your application with a little additional security as only Simplelists can correctly authenticate but it does mean that login can ONLY be initiated from the Simplelists page. You cannot initiate login from the Microsoft Entra (Azure) application list.

    Shows the Enterprise Application and Certficate Verification settings
  1. Click Edit in the Verification certificates (optional) section

Verification Certificates

Verification Certificate upload settings
  1. Click Require verification certificates
  2. Click Upload certificate Select a Verification Certificate to upload
  3. Select the Simplelists signing certificate Close the Verification Certificate page
  4. Click Save
  5. Close the settings with the X.

Azure - Enable SAML Token Encryption (Optional)

SAML token encryption increases the security by fully encrypting the data sent from Azure to the web Application. The user will be unable to determine what data is in the Assertion. However, it also makes it difficult to troubleshoot because you cannot view the Assertion in the browser. Get everything else working first then decide if you want to implement this.

  1. Click Security from the left hand menu Enterprise Application - Security - Token Encryption
  2. Click Token Encryption Token Encryption - Import Certificate
  3. Click Import Certificate Ipmort the encryption certificate
  4. Select the simplelists.cer file that you can download from the Authentication Settings in Simplelists

Activate the Encryption Certificate

  1. Click on the three dot at the right side of the certificate Activate Encryption Certificate
  2. Click Activate Token Encryption Certificate

Encrypted Assertions are now enabled. However you will need to complete the next step to make it work correctly.

Sign the SAML response and Assertion (Optional)

This step is only required if you enabled token encryption.

Get everything else working first then decide if you want to implement this (and token encryption).

  1. Click Edit to the right of Token signing certificate Click Edit on Token Signing Certificate
  2. Select Sign SAML response and assertion from the Signing Option drop-down
  3. Click Save

Sign Response and Assertion