Azure AD Authentication Using SAML

Configure Azure AD authentication for Catalog using SAML. In this guide you will create an Azure AD app, configure claims, and add the certificate to Catalog.

Before You Start

You'll need Azure rights to configure a new Azure AD app.

Create the Azure AD App for Catalog

1. Go to the Azure admin portal at https://aad.portal.azure.com/.

2. Go to Enterprise applications > All applications.

   

3. Click New Application.

4. Name your app. For example, Catalog.

5. Select Integrate any other application you don't find in the gallery (Non-gallery).

6. Set the entity ID (identifier) to production-castorSAML.

7. Set the Reply URL based on your account region:

   • For accounts using app.castordoc.com: https://api.castordoc.com/auth/saml/callback
   • For accounts using app.us.castordoc.com: https://api.us.castordoc.com/auth/saml/callback

8. Update the claims with the following mappings.

   • user.givenname maps to firstName
   • user.surname maps to lastName
   • user.mail maps to email
   Claim Configuration

   • Keep the Namespace empty for each claim.
   • Claim names are case sensitive.
   

9. Download the certificate.

Add URL And Certificate to Catalog

1. In Catalog, go to Settings > Authentication.
2. Copy and paste the certificate and URL, making sure to format them correctly.

{
  "entrypoint": "https://...",
  "certificate": "..."
}

Allow Users To Connect To the Catalog App

Make sure to have the right audience allowed to connect to Catalog.

1. Go to the admin portal and open the newly created Catalog application.
2. Click Users and Groups.
3. Add relevant groups and users to give them access to Catalog.

Multiple Authentication Options

Catalog can keep both SAML and email with password strategies active.