SSO Implementation with Azure

Sign in to the Azure management portal using your Azure Active Directory administrator account.

Step 1

Browse to the Azure Active Directory >Enterprise applications.

Select “New application”.

Click on “Create your own application”, enter your application name (e.g.: RandomCoffee), and choose “Integrate any other application you don’t find in the gallery (Non-gallery)”.

Step 2

On the application overview page, click on “Set up single sign-on”.

You will arrive on the SSO configuration page.

In another window, please go to the RandomCoffee SSO configuration page:“mycompanyname” in the URL with the slug you’ve been provided with when setting up your account with RandomCoffee Customer Success Team). You should see a page like this:

Go back to the Azure SSO configuration page. Go to section 1 “Basic SAML Configuration” and click on “Edit”:

Copy and paste the values from the RandomCoffee SSO configuration page to the Azure Basic SAML Configuration page:


You should now see the Basic SAML configuration step filled in:

Step 3

Now go to section 2, “Attribute & Claims”. Click on“Edit”. First, edit the “Required Claim” by clicking on it:

Update the “Source attribute” setting to make sure “user.mail” is selected, and double check that the “Name identifier format” is “Email address”.


Now, edit the “Additional claims” by doing the following for each claim, referring to the “Value” visible on the Additional claims table:

Clicking on each claim will lead you to the edit window; please update as follows:

E.g. for “user.mail”:


Step 4

Now go to section 3, “SAML signing certificate”.

Download the “Federation Metadata XML”. Go to the RandomCoffee SSO configuration page and upload the file in the“Identity Provider details” section. The“Identity Provider SSO URL”, “Identity Provider Issuer” and “X.509 certificate” fields should automatically be filled.

On the same page, add a display name (e.g.: “Azure”), as well as IdP Domains. This is required if you want users to connect from, and not from Azure.“Display name” will update the button as users enter their emails with the domains specified in the IdP domains field:

Step 5

At the bottom of the Identity Provider Details on the RandomCoffee SSO configuration page, check the box “Automatically add new users using this authentication method to my team ”if you want users not yet created on RandomCoffee to be able to be created when they first login with Azure. If not checked, a user without an account on RandomCoffee trying to log in with SSO won’t be able to log in.

Step 6

On the RandomCoffee SSO configuration page, click on “Save Authentication”.

Step 7

On the Azure SSO configuration page, click on “Users & groups” in the sidebar. Assign specific users or groups to let them log into RandomCoffee. By going back to the SSO section, you can also live-test it with your account once you’ve been assigned to RandomCoffee.

You’re all set!

Last updated