SSO with Microsoft Azure AD - Knowledge Base - ComplyAssistant

Set up SSO with Microsoft Azure AD

This article will walk you through setting up basic single-sign-on (SSO) authentication with Microsoft Azure AD.  The second part of this article discusses setting up ComplyAssistant group permissions in Microsoft AD.

Microsoft Azure AD SSO Authentication


ComplyAssistant's SAML SSO implementation can handle user authentication.  With this setup, user access to ComplyAssistant is handled through Azure AD and you have a single place to manage user access to all your applications.

  1. Login to your Microsoft Azure account.
  2. Search for and navigate to the Azure Active Directory service.
  3. Navigate to "Enterprise Applications" .

  4. Click "New Application".  

  5. Name your application and click Add.
  6. Navigate to "Single sign-on" and click "SAML".
  7. Next, in another tab or browser window, you will login to your ComplyAssistant account and naviate to Account Settings -> Login Settings ( or Single Sign-on)
  8. Next step is to copy information between both Azure AD and ComplyAssistant.
    1. Edit the Basic SAML Configuration in Azure AD.
    2. Copy the Entity ID out of ComplyAssistant and paste it into Azure AD
    3. Copy the Assertion Consumer Service (ACS) URL out of ComplyAssistant and paste it into Azure AD.
    4. Save the Basic SAML Configuration in Azure AD.
    5. Copy the SAML Signing Certificate Thumbprint in Azure AD and paste it into Complyassistant.
    6. Copy the Login URL in Azure AD and paste it into ComplyAssistant.

    7. Map ActiveDirectory contract attributes to Complyassistant attributes. ComplyAssistant attribute names are found on the Single Sign-On admin page in ComplyAssistant. 
      The screenshot below is only an example and a client's ActiveDirectory attributes could differ in naming convention. Be sure to include the ActiveDirectory attributes that match the corresponding ComplyAssistant attributes listed on the Single-Sign-On admin page. For example, the value of "Contracts" is a hardcoded example that would map all SSO users to a group name called "Contracts" in your ComplyAssistant account if and only if it exists there.

  1. Make sure to turn on SSO in ComplyAssistant
  2. Save the Complyassistant SSO settings.
  3. At this point, Azure AD and your ComplyAssistant account are connected and user access can be granted in Azure AD.  When a user logs into ComplyAssistant through SSO for the first time, the user will be created in ComplyAssistant.
  4. Users can log in by clicking Sign in with SSO on the login screen.

    • Related Articles

    • Job Titles

      A number of job titles are set up by default, but you can edit these and also create new titles. To add a new job title, click the New Job Title link on the right side of the page to display a popup. Type in the name of the job title and click ...
    • Categories

      A set of audit categories is available for each account. Click the Categories link on the left side of the page to view the complete list. In the list, click on a category to see its details, such as rule definition, compliance level type, and the ...
    • Events Dashboard

      On the Events dashboard, you can import an event, export an event, and filter the events list. Import an event Importing an event involves downloading and completing a CSV template. The template is editable in Microsoft Excel and other spreadsheet ...
    • Login Settings

      Two-factor authentication Enable two-factor authentication to require all users to enter a numeric code at each login. The user decides if s/he wants to receive the code in a mobile phone text message or email message. SAML Security Assertion Markup ...
    • Setup and assign assessments

      If at least one assessment definition is available, you can locate that definition and then set up and assign the assessment. Filter the assessment list On the right-side of the Assessments page, use the drop-down menus to filter the assessment list ...