Skip to main content

How to configure Krisp SSO with MS Azure

  • Updated

Overview

This article describes how to setup Krisp SSO login with MS Azure. Single sign-on allows you to login using your company credentials. Krisp's single sign-on (SSO) is based on SAML 2.0.

Prerequisites

  • Platform: Windows, Mac, Chrome
  • Krisp Enterprise plan
  • Krisp Team Admin privileges
  • Single Sign-On enabled for your team
  • MS Azure account admin privileges 

Configuring Azure with a custom app

  1. In the Azure dashboard, go to the "Portal" section
    mceclip0.png

  2. From the Azure services, pick the "Enterprise applications" and click on the "New application"
    mceclip1.pngmceclip2.png

  3. Search "Sonarcube" in the Category field and pick the application. It's specifically designed for the SAML based sign-on configuration. You are free to work with any other such application.

    mceclip3.png

    You can change the name of the application. Ex: KrispApp

    mceclip4.png

    Then scroll down and click "Add"

  4. In the "Getting started" section go to "Assign users and groups"
    mceclip5.png

    Click on "Add new user", add the emails of the team-members who should be able to log in with SSO and click on "Assign".

  5. From the "Manage" section, pick the "Single sign-on" option, then select SAML as sign-on method. Edit the "Basic SAML Configuration" box.
    - Give a name to the Identifier (Entity ID). Ex: MyAzureEntityID. Make sure to set entity ID the default one
    - Copy it to both the "Audience URI" and "Identity Provide Issuer" fields of the Configure SAML window of the your Krisp team account settings

    mceclip6.png


    mceclip1.png

    - Copy the "Reply URL (Assertion Consumer Service URL)" from the Configure SAML window of the your Krisp team account settings to the "Reply URL (Assertion Consumer Service URL)" field 
    - Copy the "Single Sign On URL" from the Configure SAML window of the your Krisp team account settings to the "Sign on URL" field 

    Save the changes.

  6. Edit the "User Attributes and Claims" box
    Pick the "user.mail" option. Set:
    - Name: email
    - Source: attribute
    - Source attribute: user.mail

    Save.

  7. Download the "Certificate (Base 64)" from the 3rd box ("SAML Signing Certificate"). Open the file with a text editor program and copy to the "X-509 certificate" field of the Configure SAML window of the your Krisp team account settings

  8. Copy the "Login URL" from the 4th box ("Set up *appname*") to the "Identity Provider Single Sign On URL" field of the Configure SAML window of the your Krisp team account settings

    Save the changes in the Configure SAML window.

Now the assigned email holders will be able to sign into their Krisp accounts by logging into their Azure accounts using the Krisp team slug.

 

Check this article to know how you can get started with the Krisp SSO. 

Related articles