Links

Azure AD SAML setup

Enable your Azure AD users to access Trelica with Single-Sign-On (SSO).

Adding Trelica to Azure AD

Create an Enterprise Application

Log in to Azure AD and search for the Enterprise Applications service.
Click New application.
Trelica is part of the Azure Application gallery, which helps speed-up configuration. Search for it in the Add from the gallery section, and then select Trelica:
A panel will open on the right-hand side. At the bottom, click Add.

Assign users and groups

Choose 1. Assign users and groups to assign a test user to the application.
Click Add user.
Search for your user account (we will use this for testing later) and click Select:
You should see a message confirming Application assignment succeeded:

Configure SSO in AD

In the left-hand menu click Single sign-on and then select SAML.
In the Basic SAML Configuration box click the edit icon.

Get configuration information from Trelica

Azure AD needs the ACS URL from Trelica. You can see this on the SAML Identity providers page.
Open Trelica in a new browser tab, as you will need to switch back to Azure AD shortly.
Log in to Trelica and then go to Admin > Settings > Users > SAML providers.
Click the copy icon next to the SAML Assertion Consumer Service (ACS) URL to copy it to the clipboard. Go back to the Azure AD browser tab and paste Ctrl + V the ACS URL into the Reply URL field:
At the top of the page, click Save.

Configuring Trelica

Scroll down the page and click the copy icon to copy the App Federation Metadata URL to the clipboard.
The next step involves putting the App Federation Metadata URL you copied from Azure AD into Trelica.
Go back to your Trelica browser tab (or go to Admin > Settings > Users > SAML providers):
Click New. The New SAML Identity Provider dialog is displayed.
In the Name field enter Azure AD and set the Metadata type to Metadata from URL.
Paste Ctrl + Vthe App Federation Metadata URL you copied from Azure AD into the Metadata URL field.
Click Create.

Finalizing configuration in Azure AD

Go back to the Azure AD tab in your browser and test the connection by clicking Sign in as current user.
You should see a message confirming that Azure AD successfully issued a token.

Testing

To test that SAML SSO is working, open the Microsoft My Apps portal and click the Trelica icon.
Trelica is listed in the Microsoft My Apps portal.
After a short pause you should be logged in to Trelica.