Skip to main content

Azure AD Authentication Using SAML

Before You Start

You'll need Azure rights to configure a new Azure AD app.

Create the Azure AD App for Catalog

  1. Go to the Azure admin portal at https://aad.portal.azure.com/.

  2. Go to Enterprise applications > All applications.

  3. Click New Application.

  4. Name your app. For example, Catalog.

  5. Select Integrate any other application you don't find in the gallery (Non-gallery).

  6. Set the entity ID (identifier) to production-castorSAML.

  7. Set the Reply URL based on your account region:

    • For accounts using app.castordoc.com: https://api.castordoc.com/auth/saml/callback
    • For accounts using app.us.castordoc.com: https://api.us.castordoc.com/auth/saml/callback

  8. Update the claims with the following mappings.

    • user.givenname maps to firstName
    • user.surname maps to lastName
    • user.mail maps to email
    danger
    • Keep the Namespace empty for each claim.
    • Claim names are case sensitive.

  9. Download the certificate.

Add URL And Certificate to Catalog

  1. In Catalog, go to Settings > Authentication.
  2. Copy and paste the certificate and URL, making sure to format them correctly.
{
  "entrypoint": "https://...",
  "certificate": "..."
}
Catalog application Settings page with the Authentication tab selected, showing a Configure SAML modal. The SAML Configuration text area is empty and highlighted with an error message indicating that the configuration cannot be empty.

Allow Users To Connect To the Catalog App

Make sure to have the right audience allowed to connect to Catalog.

  1. Go to the admin portal and open the newly created Catalog application.
  2. Click Users and Groups.
  3. Add relevant groups and users to give them access to Catalog.
Multiple Authentication Options

Catalog can keep both SAML and email with password strategies active.