Azure
Step 1: Configuring Azure
After logging in to the Azure Portal, click Azure Active Directory.
1. On the left pane, click Enterprise Applications, then click New Application.
2. Click Create Your Own Application.
3. Specify a name for the app and select Integrate Any Other Application You Don't Find in The Gallery.
4. Click Create.
5. On the Application Overview page, under Getting Started, click Set Up Single Sign On.
6. Click SAML.
7. Under User Attributes & Claims, replace existing Claims with the following details:
> user.lastname – user.surname
> user.firstname – user.givenname
> user.email – user.localuserprincipalname
> name – user.userprincipalname
> Unique User Identifier – user.userprincipalname
8. Under SAML Signing Certificate, click Add A Certificate.
 | If you are resetting your SAML, you will need to create a new cetificate for the new SAML. Old certificates need to be deleted. |
9. Click New Certificate.
10. Select your preferred Signing Option and Signing Algorithm.
11. Specify the Notification Email Address and click Save.
12. Click on the Thumbprint field to display options for the certificate and select Make Certificate Active.
13. Close the SAML Signing Certificate screen to return to the SAML-based Sign-on screen.
14. Click Download to download the Federation Metadata XML.
15. After you have downloaded the IdP Metadata, complete Step 2: SAML Settings in Deploy.
16. On the Azure Portal, edit the Basic SAML Configuration:
> Fill in the Identifier (Entity ID) using the Deploy Audience URI.
> Fill in the Reply URL (Assertion Consumer Service URL) using the Deploy Assertion Consumer URL.
> Fill in the Sign On URL using the Deploy Assertion SAML Login URL.
17. Click Save.
Step 3: Assigning Access to Deploy Through Azure (IdP-initiated login)
1. On the left pane, click Users and Groups.
2. Click Add User.
3. On the Add Assignment page, click Users to display the list of all users. Select the desired users from the list and click Select.
4. Click Assign.