In this article, we will explain in detail how you can integration Azure AD and Kendis using SAML for Single Sign-On.
Note: If you have configured already Kendis application in AzureAD then skip to Step 2.
Step 1: Configuring Kendis application in AzureAD for SAML
1. Go to https://portal.azure.com/ and select "Azure Active Directory" from Azure Services.
2. Select "Enterprise applications" from the left navigation menu.
3. From the “All applications page", select +New application".
4. Then select "Non-gallery application" from the "Add an application" page.
5. Add your application name. After your title is added, press the "Add" button.
6. After the creation of the application you will land on the application "Overview" dashboard. Here click on the "2. Setup single sign-on" option card.
7. After clicking on "Setup single sign-on" you will land on the "Method" page. Select SAML from this page
8. You will land on the SAML-based Sign-on configuration page.
9. Edit "Basic SAML Configuration".
10. Now enter the “Identifier Entity ID” and “Reply URL assertion consumer service URL” (You will get this from Kendis as shown in the screenshot below).
11 After adding the URL you can test the connection by clicking on the "Test" Button (It will log in automatically if you have mapped the fields in Kendis otherwise it might show you an error).
This is how the error looks like. It means that the configuration has not been done in Kendis.
Step 2: Configuration in Kendis
1. To get the " Identity Provider single sign-on URL" go to created application "Single sign-on" on the Azure portal and copy "Login URL".
2. To Get the "identity provider issuer" go to the created application dashboard and select "Single sign-on" from the left nav.
Now copy the "Identifier (Entity ID)" from “Basic SAML Configuration”.
To get the certificate, download the "Certificate (Base64)" from single sign-on page “SAML Signing Certificate”. Drag and drop the certificate (.cer) file to notepad and it will show the text of the certificate.
Copy the content between the “-----BEGIN CERTIFICATE-----“and “-----END CERTIFICATE-----“. So make sure you don't copy the ---- BEGIN and --- END text, it must be excluded.
Step 3: Kendis Configuration Screen
The mapping in Kendis will look like something shown in the screenshot below.
Step 4: Assigning Role to the Created User
1. Go to Users and Groups from the Left Nav in the Azure Portal
2. Click on +Add User
3. Click on Users and Groups and then select users from the Right Menu that has the list of users or groups.
4. Click on Select and the user is added
Step 5: Test SAML Login
Now go to Kendis and at the sign-in screen, you will see the "Login with Saml" button on the login screen.
Click on the “Login with Saml” button and you will seamlessly sign in to your Kendis Account.
Note: Once user log-in they will see an empty Kendis application, but they can't create or edit boards, admin user needs to grant them the rights, by assigning them to "Board Collection" or assign them to the group that already has access to one of the board collections, check this article for more details.