Skip to content

Azure SAML Setup for Formbird Integration

Overview

This guide outlines the steps to configure Single Sign-On (SSO) using SAML (Security Assertion Markup Language) for Formbird, integrated with Azure Active Directory (AD) as the Identity Provider (IdP).

Configuration Steps

  1. Configure Formbird: Configure Formbird according to client data requirements, which must include a unique identifier for user profiles (email address)

  2. Import User Data: Import client user data which must include agreed system unique identifier (manual data upload or inbound data feed). The screenshot below is Microsoft Azure Active Directory’s UI to import users.

import data

  1. Setup Formbird as a Service Provider (SP):
  2. Define the Entity ID, typically the Formbird URL (e.g., https://servername.formbird.com).
  3. Specify the Assertion Consumer Service (ACS) URL, which processes SAML assertions (e.g., https://servername.formbird.com/auth/login/saml). define entity id
  4. Modify the NameID format to "user.email" for uniformity. modify nameId

  5. Retrieve and download the "App Federation Metadata Url" and associated certificate for Formbird's configuration. ```javascript

        "authenticationProviders": {
        "saml": {
            "entryPoint": "https://login.microsoftonline.com/......",
            "cert": "MIIC8DCCAdigAwIBAgIQIPqW1dusd5hOwdGgGpM5GjANBgkqhkiG9w0BAQsFAD...."
        }
    }
```
*Note: The values for entryPoint and cert above are just portions of its real value. Please copy and paste the full values when configuring authenticationProviders.*

This can be copied from SSO server. Example below is from Azure’s Active Directory UI’s 3rd Step on setting up SAML. The "App Federation Metadata Url" will be the “entryPoint” and Certificate (Raw) will be the “cert”.
<img src="step-3.png" alt="download cert"/>
- `entryPoint`: identity provider entrypoint (is required to be spec-compliant when the request is signed)
- `cert`: the IDP's public signing certificate used to validate the signatures of the incoming SAML Responses`
    • Test the single sign on and copy the login url to client's configuration under authenticationProviders.saml.authenticationLink. test

  6. Export IdP Metadata File from Azure AD:

  7. Instruct customer to export their IdP metadata file in XML format from Azure AD.

  8. Identify and nominate specific accounts for initial SSO testing.

  9. Import IdP Metadata File into Formbird:

  10. Setup the Relying Party Trust in their Identity Provider (IdP) for the Formbird SP, and manually enter / import SP metadata. This will be done in customer side.

  11. Configure Relying Party Trust in Azure AD:

    • The customer needs to configure Claim Rules in their IdP:
      • Define data source for authentication (e.g. Active Directory)
      • Define attributes used for identity assertion, which must include at minimum the unique identifier defined in the Formbird in step 1 ( email address)
      • Configured to use the transient Name ID format