Microsoft Intra ID Integration

Max-Antoine
Max-Antoine
  • Updated

Configure SAML on Azure

  1. To create a new application in Azure, go to Identity > Application > Enterprise Application > New Application

  2. Click on Create your own application. Next, enter the name of the application (e.g. Wave Connect) and choose "Integrate any other application you don't find in the gallery".

    Create your own application

  3. Now click on the Single Sign-On tab and click SAML. The form below should appear.

    SSO Form

  4. Enter the Identifier (Entity ID) (e.g. wave-connect)

    indentifier(entity id)

  5. Add https://app.wavecnct.com/__/auth/handler for the Reply URL.

     

    Note: Currently, only service-provider (SP) initiated SAML is available.

    reply-url

  6. Recommended: In the Attributes & Claims section, change the Unique User Identifier to email address.

    attributes & Claimsmanage_claims

     
    Note: Don't forget to assign users and /or groups to the application.

Configure SAML on Wave for Teams

  1. Open Wave for teams and go to the Organization Settings. Now, open Configure SAML form.

    Configure_SAML_Form

  2. Entity ID maps to Azure AD Identifier.

    Entity_ID

  3. SSO URL maps to Azure Login URL.

    SSO_URL

  4. x509 Certificate maps to Azuer Certificate (Base64).

    x509_Certificate

  5. Service Provider Entity ID maps to Azure Identifier (Entity ID).

    Service_Provider_Entity_ID

How to Sign in With SSO

  1. The user can use either of these methods:
    A. Member attempt to log in to Wave Connect (Wave) by entering his/her email address.
    B. The user attempts to login by clicking on the SSO button and entering the organization username (this can be found and configured under your organization settings on Teams by Wave Connect).

    Organization Username
  2. Wave sends a request to the identity provider.
  3. The identity provider checks this member's credentials.
  4. The identity provider sends a response to Wave to verify the member's identity.
  5. Wave accepts the response and logs the member into their Wave account.