Comment on page

Azure SAML

Use this guide to set up Azure SSO SAML for your organization on Popl Teams

Overview

Azure SAML 2.0 is a widely-used authentication protocol that allows users to log in to multiple applications using a single set of credentials. By using this protocol, companies can centralize their user authentication and authorization, reducing the need for multiple login credentials and streamlining the user experience. Additionally, Azure SAML 2.0 provides a secure way to authenticate users, ensuring that only authorized individuals can access company resources.
Using Popl Teams Azure SAML 2.0 capabilities, companies can save time, improve security, and enhance their team's experience, making this integration a popular choice for many organizations using Popl Teams.

Step by Step Guide

  1. 1.
    Start by going to Enterprise Applications on the Azure Admin Portal. Once there, click on "New Application", which will take you to browse the Azure AD Gallery.
  2. 2.
    Click on "Create your own application", which will open a side menu as shown below. Input "Popl" for the first option titled "What's the name of your app?" and check "Integrate any other application you don't find in the gallery (Non-gallery)". Then click "Create" at the bottom of the screen.
  1. 3.
    Click the option that shows "Set up single sign on", then on the next page click "SAML".
  2. 4.
    On the next page titled Set up Single Sign-On with SAML, click Edit on the "Basic SAML Configuration" pane.
For "Identifier (Entity ID)", click Add identifier and input:
Popl
For "Reply URL (Assertion Consumer Service URL)", click Add reply URL and input:
https://us-central1-poplco.cloudfunctions.net/msAutoSync/saml?isMicrosoft=true
  1. 5.
    Once those two items are added, make sure that the "Attributes & Claims" pane looks like below. All values shown are set by default, but always good to double check.
Attributes & Claims Pane (Default values)
  1. 6.
    Once step 5 is confirmed, you are all set to begin adding Users or groups to the SAML integration to begin testing SAML login. A user must be added to the integration either individually or via a group in order for the SAML login to work successfully. Users or groups can be provisioned to the integration for SAML via the "Users and groups" tab as shown below.
Note: Provisioning users via Azure won't actually create Popl digital business cards for each user. To create digital business cards for each user so they can log in with SAML SSO to an already set up digital card, please follow the steps for setting up our Azure AD integration here:
  1. 7.
    As a final step, please send the enterprise application metadata file in XML format to [email protected] and we will complete the SAML setup on our end. Our team will send a confirmation email response once this process is complete.

Logging in with SAML via Desktop

For enterprise-grade security and streamlined access to the Popl dashboard, SAML protocol can be utilized for user login on desktop. To log in via SAML, users can click on the Popl enterprise tile, which should be visible on their Microsoft dashboard of applications if the user is part of the provisioned groups. Upon clicking the application tile, the user will be redirected to Popl Teams, where they will be logged in instantly, facilitating seamless user experience and ensuring a secure authentication.

Logging in with SAML via Mobile App

When users want to log in to their Popl account via the mobile app, they can either tap on the Popl enterprise tile in the Azure portal mobile app, or use the "Login with Microsoft" option in the Popl app. Both options ensure secure authentication and 2FA enforcement via Microsoft. The "Login with Microsoft" option is available on the app's login screen.

"Need Admin Approval" Error or "Approval Required" Error

If you run into this error, please follow the instructions on this documentation to fix: https://intercom.help/eventtemple/en/articles/5152672-need-admin-approval-approval-required-when-connecting-outlook-office365
See below, most likely the "Users can consent to apps accessing company data on their behalf" simply needs to be switched from "No" to "Yes". Once this is done, all users will be able to use Login with Microsoft to log in using SP initiated log in.
How to resolve the "Need Admin Approval" Error
If any issues or questions, please contact us at [email protected], we are available nearly 24/7 and will get back to you within 6-8 hours or less.
Made with 🤍 Popl