How to configure Krisp SSO with MS Azure

This article describes how to setup Krisp SSO login with MS Azure. Single sign-on allows you to login using your company credentials. Krisp's single sign-on (SSO) is based on SAML 2.0.

Prerequisites

• Platform: Windows, Mac, Chrome
• Krisp Enterprise plan
• Krisp Team Admin privileges
• Single Sign-On enabled for your team
• MS Azure account admin privileges

Configuring Azure with a custom app

First, go to your Krisp team web dashboard >>> Settings >>> Enable SSO and check the Configure settings. You'll need this info in the further steps. Let's call this Krisp Settings.

To configure the integration of Krisp into Azure Active Directory, you need to add Krisp to your list of managed SaaS apps. For that, follow these steps:

1. In the Azure dashboard, go to the Portal section.
   
   
   
   
2. From the Azure services, pick the Azure Active Directory.
   
   
   
   
3. Go to Enterprise applications >>> All applications >>> New application.
   
   
   
   
4. To add Krisp as an application, click on Create your own application.
   
   
   
   
5. Give it a name (ex: Krisp_app) and click Create.
   
   
   
   
6. Go to Getting Started >>> 1. Assign users and groups, click on Add new user, add the emails of the team-members who should be able to log in with SSO, and click on Assign.
   
   
   
   
7. Now go to 2. Set up single sign on and select SAML as the SSO method.
   
   
   
   
8. Edit the "Basic SAML Configuration" box.
   
   
   
   
9. Start filling in the information:
   - Copy the "Your team slug" value from Krisp settings to the "Identifier (Entity ID)" field. Make sure to have it set as the default one.
   - Copy the "Reply URL (Assertion Consumer Service URL)" value from Krisp settings to the "Reply URL (Assertion Consumer Service URL)" field.
   - Copy the "Single Sign On URL" value from Krisp settings to the "Sign on URL" field.
   
   
   
   Save these settings.
   
   
10. Edit the "User Attributes and Claims" box. Do not modify the already existing attributes and claims.
    
    
    
    
11. Click on Add new claim.
    
    
    
    
12. Set the following values for the fields:
    - Name: Email
    - Source: attribute
    - Source attribute: user.mail
    
    
    
    Save the changes.
    
    
13. Download the Certificate (Base64) from the "SAML Signing Certificate" box.
    
    
    
    
14. Open the Krisp settings. 
    - Copy the "Your team slug" value from Krisp settings to the "Audience URI" and "Identity Provider Issuer" fields of Krisp settings.
    - Open the downloaded certificate with the text editor and copy it to the "X-509 certificate" of your Krisp settings.
    - Copy the "Login URL" value from the "Set up Krisp_app" box of your Azure AD settings to the "Identity Provider Single Sign On URL" field of Krisp settings.
    
    
    
    Click on Save Changes in the Krisp settings.
    
    

Now the assigned users will be able to log into the Krisp team account through SSO.