Azure AD - SAML Setup

Guide for setting up SSO with Azure AD using SAML

The Azure AD SSO integration allows for a centralized and secure login process for businesses that utilise Azure AD as their identity provider.

Azure AD relies on Enterprise Applications to configure SSO

Step by Step Guide

1. Go to Account Settings

2. Select SSO Config

From the menu on the left, select SSO Config to bring up the SSO Configuration screen

3. Select SAML

Azure AD uses SAML as the way to integrate their identity platform with Hava. From the two choices ('SAML' and 'OIDC') select SAML

4. Take note of the Service provider details

You should be presented with a screen showing you two sections, Identity Provider, and Service Provider. In this case the Identity Provider is represented by Azure AD and the Service Provider is Hava.

Take note of the details in the Service Provider section, as we will use these when setting up Azure AD.

5. Navigate to Azure Active Directory

In the Azure Portal, go to the Azure Active Directory service, and select Enterprise applications from the menu on the left side

6. Start creating a new application

Click the create application button on the top of the screen to start the process for setting up a new Enterprise application.

7. Select Create your own application

Have is not set up with an easy integration with Azure AD yet (this is coming soon), so we have to create our own application. Press the 'Create your own application' button on the top of the page

8. Name your application

A pane will open on the right side of the screen asking you to name the application and select one of 3 choices of what you are looking to do with the application.

  • enter as the name

  • Select Integrate any other application you don't find in the gallery (Non-gallery) from the choices

  • Click Create on the bottom of the pane

This will create the application for you and bring you to the resource in Azure AD once it has completed.

9. Go to Single sign-on

On the menu on the left, select Single sign-on to open the single sign-on configuration page.

Select SAML as the single sign-on method

10. Basic SAML Configuration

You should see a page asking you to fill in details to Set up Single Sign-On with SAML

In the Basic SAML configuration box, press edit and fill in the details that you took note of earlier in the Hava SAML setup page (Service Provider)

Map the values like this:

Azure AD NameHava Name

Identifier (Entity ID)

Issuer (Entity ID)

Reply URL (Assertion Consumer Service URL)

Assertion Consumer Service URL

Sign on URL

Login URL

Relay State (Optional)


Logout Url


When adding the Reply URL and the Sign on URL, please add a / before the ? in the url. Azure AD requires this to map urls correctly.<id> to<id>

Once this is complete, press save on the top of the screen and go back to the Single sign-on screen by pressing the X in the top right corner

11. Set up attributes

Attributes are used to map user details between Azure AD and Hava. We need to change the Unique User Identifier to be email, rather than the default of userprinciplename.

Press the edit button, then click on the Unique User Identifies to modify the source attribute

Change it to user.mail

12. Download Certificate and take note of the values in the next section

In the 3rd box, download the Certificate (Base 64) to your machine and open it in a text editor to be ready for the next stage

The 4th box contains the values for setting up the SAML configuration for the Identity Provider in Hava.

13. Go back to hava and press Add SAML Config

Copy the values from the 4th box into the form in Hava using these mappings

Hava ValueAzure AD Value

Identity Provider Entity ID

Azure AD Identifier

Identity Provider SSO URL

Login URL

Last step before testing is to insert the downloaded certificate into the text area. Make sure to copy the whole content of the file, including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines Press save.

14. Enable and test

On the bottom of the SSO config page in Hava there is a button to enable SAML. Once this is done, you are ready to test your SSO login from Azure AD.

Test this in a private browser window to make sure there is no cookies that cause you to be logged in automatically

Last updated