Documentation forSolarWinds Service Desk

Azure SSO configuration

On this page

Introduction

Administrators can configure Azure with your company's SolarWinds Service Desk. To do so you need access to both your Azure Service Portal and SolarWinds Service Desk (SWSD). SolarWinds recommends having them both open at the same time but on separate browser tabs or windows, as you will be going back and forth between the two.

Learning Options

You can choose to use the SSO Configuration video tutorial or the instructions below to guide you through the SSO Configuration process.

Navigation

Navigation is dependent upon the steps below in the section titled Configure SSO with Azure.

User Provisioning

Some customers choose to provision users with Microsoft Azure Active Directory. (See User provisioning with Microsoft Azure for instructions.)

Configure SSO with Azure

Step 1: Add SolarWinds Service Desk to your Azure Active Directory

  1. Open your Azure Portal.
  2. Navigate to Azure Active Directory, and then in the left pane under Manage, click Enterprise applications.
  3. Click the New application tab, and under Application type, search for SolarWinds.
  4. Click SolarWinds Service Desk.
  5. At the bottom of the new pane that appears on the right, click Create.

Azure adds SolarWinds Service Desk and opens it.

Step 2: Change the User Assignment Requirement

  1. In SolarWinds Service Desk (SWSD) from within Azure, under Manage in the left pane, click Properties.
  2. Scroll down to User assignment required? and switch the toggle to No. This allows anyone within your Active Directory to authenticate through single sign-on with Azure.
  3. Scroll to the top and click Save.

Step 3: Set up Basic SAML Configuration in Azure

  1. In Azure, under Manage on the left pane, click Single sign-on.

  2. Click SAML.

  3. In the first section titled Basic SAML Configuration, click Edit.
  4. Enter the requested information:
    1. Identifier (Entity ID): Solarwinds.com
    2. Reply URLs

      At a minimum, two Reply URLs are required, as shown below.

      In addition, you will need your [ACCOUNTNAME], which can be found in SWSD under Setup > Account > Account Summary. Your account name comes from the first part of your Account URL. For example, if the Account URL were samanagemarketing.samanage.com, your account name would be samanagemarketing.

      Here are the Reply URLs you will need:

      • https://app.samanage.com/saml/[ACCOUNTNAME]

      • https://[ACCOUNTNAME].samanage.com/saml/[ACCOUNTNAME]

      • If you are using the Domain Management feature in SWSD you will need a third Reply URL, replacing your Account Name with the custom domain you are using in SWSD. For example:
        https://[ACCOUNTNAME].samanage.com/saml/[ACCOUNTNAME]
        would become:
        https://[DOMAINNAME].samanage.com/saml/[ACCOUNTNAME]

    3. Sign on URL: https://app.samanage.com/saml_login/[AccountName]
      Get from SWSD (Account > Single Sign-On > Azure AD), and then copy the Login URL.

  5. Click Save.

Step 4: Verify Attributes & Claims Accuracy

  1. Determine which approach you want to use:

  2. In Attributes & Claims, verify that the two different Active Directory fields below contain the same information.

    • Unique Principal Name - see Required claim > Claim name > Edit > Unique User Identifier (Name ID)

    • User Email Address - see Additional claims > Claim name

  3. If the two do not match exactly, SolarWinds suggests you contact Technical Support for assistance.

Step 5: Set up SAML Signing Certificate

  1. In Azure, go to the third section, labeled SAML Signing Certificate.

  2. Next to Certificate (Base64), click Download. Leave the file on your task bar, but do not open it immediately.

  3. If you are using Domain Management, add a reply URL using your custom domain. For example: https://[customdomain]/saml/[account name].

  4. If you are configuring SSO prior to completion of User Provisioning, disable User Assignment Required within the Properties menu in SWSD.

Step 6: Set up Login URL, Logout URL, Identifier, and Certificate

  1. In Azure, go to the fourth section, labeled Set up SolarWinds Service Desk.

  2. Next to Login URL, click Copy to Clipboard.

  3. Navigate to SWSD > Account > Single Sign-On.

  4. In the Login URL field, paste the contents of the Clipboard.

  5. In the Logout URL field, enter https://login.windows.net/common/wsfederation?wa=wsignout1.0 or your desired Logout URL.

  6. Scroll down to the Azure Identifier field and type in solarwinds.com.

    The contents of this field must exactly match the information in the Azure Identifier (Entity ID): Solarwinds.com field.
  7. In a text editor, open the downloaded certificate file (downloaded in Step 5.2 above).

  8. Copy the entire contents of the certificate file.

  9. Return to SWSD, scroll down to the text field labeled Paste your Identity Provider x.509 Certificate below, and paste the contents of your clipboard.

  10. Under the text field:

    1. Add a check mark next to Create users if they do not exist.
    2. Remove the check mark next to Redirect to the saml login page when logging into SolarWinds Service Desk by default.

    During initial configuration and testing, Solarwinds recommends leaving the second check box above unmarked.

  11. Click Update.

Step 7: Test Single Sign-On

  1. Open an incognito tab (or private browsing session) in an internet browser.

  2. Enter your account URL, and then test login.

  3. After a successful test, return to SWSD, and add check marks to both boxes under the text field.

    • Create users if they do not exist.

    • Redirect to the saml login page when logging in by default.

    If the test works for one individual in your domain it will work for all.
  4. Click Update.
    Your single sign-on configuration is complete.

If you receive an error after testing, contact Technical Support for assistance.

Related topics