Azure SAML

Use this guide to set up Azure SSO SAML for your organization on Popl Teams

Overview

Azure SAML 2.0 is a widely-used authentication protocol that allows users to log in to multiple applications using a single set of credentials. By using this protocol, companies can centralize their user authentication and authorization, reducing the need for multiple login credentials and streamlining the user experience. Additionally, Azure SAML 2.0 provides a secure way to authenticate users, ensuring that only authorized individuals can access company resources.

Using Popl Teams Azure SAML 2.0 capabilities, companies can save time, improve security, and enhance their team's experience, making this integration a popular choice for many organizations using Popl Teams.

Step by Step Guide

  1. Start by going to Enterprise Applications on the Azure Admin Portal. Once there, click on "New Application", which will take you to browse the Azure AD Gallery.

  2. Click on "Create your own application", which will open a side menu as shown below. Input "Popl" for the first option titled "What's the name of your app?" and check "Integrate any other application you don't find in the gallery (Non-gallery)". Then click "Create" at the bottom of the screen.

  1. Click the option that shows "Set up single sign on", then on the next page click "SAML".

  2. On the next page titled Set up Single Sign-On with SAML, click Edit on the "Basic SAML Configuration" pane.

For "Identifier (Entity ID)", click Add identifier and input:

Popl

For "Reply URL (Assertion Consumer Service URL)", click Add reply URL and input:

https://us-central1-poplco.cloudfunctions.net/msAutoSync/saml?isMicrosoft=true

  1. Once those two items are added, make sure that the "Attributes & Claims" pane looks like below. All values shown are set by default, but always good to double check.

  1. Once step 5 is confirmed, you are all set to begin adding Users or groups to the SAML integration to begin testing SAML login. A user must be added to the integration either individually or via a group in order for the SAML login to work successfully. Users or groups can be provisioned to the integration for SAML via the "Users and groups" tab as shown below.

Note: Provisioning users via Azure won't actually create Popl digital business cards for each user. To create digital business cards for each user so they can log in with SAML SSO to an already set up digital card, please follow the steps for setting up our Azure AD integration here:

Azure Active Directory

  1. For the final step, please send the "App Federation Metadata Url" to teams@popl.co and we will complete the SAML setup on our end. Our team will send a confirmation email response once this process is complete. As shown below, simply copy the Url and send via email to us!

Logging in with SAML via Desktop

For enterprise-grade security and streamlined access to the Popl dashboard, SAML protocol can be utilized for user login on desktop. To log in via SAML, users can click on the Popl enterprise tile usually available at https://myapplications.microsoft.com/, which should be visible on their Microsoft dashboard of applications if the user is part of the provisioned groups. Upon clicking the application tile, the user will be redirected to Popl Teams, where they will be logged in instantly, facilitating seamless user experience and ensuring a secure authentication.

There are two types of logins via a Desktop:

  • IDP-initiated login (SAML): This type of login starts from https://myapplications.microsoft.com/, which is the identity provider (IDP). When a user logs in via https://myapplications.microsoft.com/, the SAML Microsoft app that you created using the instructions above will be used to log the user in.

  • SP-initiated login (SAML or 0Auth): This type of login starts from our dashboard: dash.popl.co, which is us, the service provider (SP). When a user wants to log in via dash.popl.co (SP initiated), they can either use the "Continue with SSO" button or the "Continue with Microsoft" button to log in. The "Continue with SSO" button will use SAML to log the user in, while the "Continue with Microsoft" button will use an 0Auth method. Both SAML and 0Auth are fully secure login methods and usually the company admin decides how they'd like their users to log into certain platforms. Note: If when clicking on "Continue with SSO" a user is notified to log in using another method like email/pass, this means that Popl does not have a valid SAML XML file from their particular company domain. For example, if a member is trying to log in using "Continue with SSO" with the email john@popl.co, if Popl does not have a valid SAML XML file for @popl.co, then a popup will appear telling the user to log in with another method instead.

Logging in with SAML via Mobile App

When users want to log in to their Popl account via the mobile app, they can either tap on the Popl enterprise tile in the Azure portal mobile app, or use the "Login with Microsoft" option in the Popl app. Both options ensure secure authentication and 2FA enforcement via Microsoft. The "Login with Microsoft" option is available on the app's login screen.

"Need Admin Approval" Error or "Approval Required" Error

If you run into this error, please follow the instructions on this documentation to fix: https://intercom.help/eventtemple/en/articles/5152672-need-admin-approval-approval-required-when-connecting-outlook-office365

See below, most likely the "Users can consent to apps accessing company data on their behalf" simply needs to be switched from "No" to "Yes". Once this is done, all users will be able to use Login with Microsoft to log in using SP initiated log in.

If any issues or questions, please contact us at teams@popl.co, we are available nearly 24/7 and will get back to you within 6-8 hours or less.

With 🤍 from Popl.

Last updated