Azure AD via SAML

Requirements: you'll need to have enough Azure rights to configure a new Azure AD app

1. Create the Azure AD App for Catalog

danger

For step 8, the Namespace of each claim should remain empty

Claim Names are case sensitive

1. Go to the workspace as admin https://aad.portal.azure.com/

2. Go to Enterprise applications | All applications

   

3. Click on New Application

4. Name your app, something such as Catalog

5. Select option "Integrate any other application you don't find in the gallery (non Gallery)"

6. Set the entity_id (identifier) to: production-castorSAML

7. Set the Reply URL to:

   1. https://api.castordoc.com/auth/saml/callback for accounts using app.castordoc.com
   2. https://api.us.castordoc.com/auth/saml/callback for accounts using app.us.castordoc.com

8. Update the claims as per the image below:

   1. user.givenname ⇒ firstName
   2. user.surname ⇒ lastName
   3. user.mail ⇒ email

   

9. Download the certificate and copy the login URL, you'll need to send these to Catalog

   

Send your certificate and Login URL to the Catalog team using https://safenote.co/ or an alternative secure method to share credentials.

2. Allow your users to connect to the Catalog App

Make sure to have the right audience allowed to connect to Catalog

• Go to the admin portal, on the newly created Catalog Application
• Click on "Users and Groups"
• Add relevant groups and users for them to have access to Catalog

For setup purposes, do keep in mind that Catalog can keep both SAML and Email/Password strategies live.