This article describes how to setup Krisp SSO login with MS Azure. Single sign-on allows you to login using your company credentials. Krisp's single sign-on (SSO) is based on SAML 2.0.
- Platform: Windows, Mac, Chrome
- Krisp Enterprise plan
- Krisp Team Admin privileges
- Single Sign-On enabled for your team
- MS Azure account admin privileges
Configuring Azure with a custom app
- In the Azure dashboard, go to the "Portal" section
- From the Azure services, pick the "Enterprise applications" and click on the "New application"
- Search "Sonarcube" in the Category field and pick the application. It's specifically designed for the SAML based sign-on configuration. You are free to work with any other such application.
You can change the name of the application. Ex: KrispApp
Then scroll down and click "Add"
- In the "Getting started" section go to "Assign users and groups"
Click on "Add new user", add the emails of the team-members who should be able to log in with SSO and click on "Assign".
- From the "Manage" section, pick the "Single sign-on" option, then select SAML as sign-on method. Edit the "Basic SAML Configuration" box.
- Give a name to the Identifier (Entity ID). Ex: MyAzureEntityID. Make sure to set entity ID the default one
- Copy it to both the "Audience URI" and "Identity Provide Issuer" fields of the Configure SAML window of the your Krisp team account settings
- Copy the "Reply URL (Assertion Consumer Service URL)" from the Configure SAML window of the your Krisp team account settings to the "Reply URL (Assertion Consumer Service URL)" field
- Copy the "Single Sign On URL" from the Configure SAML window of the your Krisp team account settings to the "Sign on URL" field
Save the changes.
- Edit the "User Attributes and Claims" box
Pick the "user.mail" option. Set:
- Name: email
- Source: attribute
- Source attribute: user.mail
- Download the "Certificate (Base 64)" from the 3rd box ("SAML Signing Certificate"). Open the file with a text editor program and copy to the "X-509 certificate" field of the Configure SAML window of the your Krisp team account settings
- Copy the "Login URL" from the 4th box ("Set up *appname*") to the "Identity Provider Single Sign On URL" field of the Configure SAML window of the your Krisp team account settings
Save the changes in the Configure SAML window.
Now the assigned email holders will be able to sign into their Krisp accounts by logging into their Azure accounts using the Krisp team slug.
Check this article to know how you can get started with the Krisp SSO.