All Collections
Enterprise Services
Configure Azure AD with Fugo Single Sign On
Configure Azure AD with Fugo Single Sign On

This article will show you how you can federate your Fugo account with your Azure AD.

Sarah avatar
Written by Sarah
Updated over a week ago

Table of Contents

  1. Configure Azure AD

  2. Basic SAML Configuration

    1. Attributes & Claims

    2. SAML Certificates

    3. Set Up Fugo SSO App

  3. Assigning Fugo Roles & Space Memberships From Your IDP

  4. Configure Fugo SSO

Identity Providers like Azure AD, Okta, Google, or Ping Identity can be convenient in limiting the number of times you need to enter your access credentials to go through authentication, especially if your organisation uses a lot of different services! An IdP solution can also provide enhanced security for your users, as you don’t have to share passwords with Fugo, and they can make user management a breeze for your IT team by giving you one central place to manage users.

With Azure AD, you can federate your Fugo account, allowing you to use Single Sign-On to access your Azure account, and then directly sign in to Fugo without having to go through a second signing-in process. Let’s walk through how to do that:

1. Configure Azure AD

  1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.

  2. Navigate to Azure Active Directory service.

  3. Click Add and then Enterprise application at the top, to add the Fugo SSO App to your AD

4. You will be navigated to Browse Azure AD Gallery. The Fugo SSO app is not available in the gallery just yet so you will need to click Create your own application to start the configuration flow.

5. Name the app as below and click create. You will now be navigated to the Fugo app page.

6. To continue with the configuration, click on the Set up single sign-on first and choose SAML from the list of single sign-on methods

7. You will now need to fill in the steps below to complete the configuration of the Fugo SSO App

2. Basic SAML Configuration

This section asks for Entity ID and Reply URL (Assertion Consumer Service URL) generated by Fugo, but Fugo only generates them once you complete Fugo SSO configuration. This is a chicken and egg situation.

So instead let’s use temporary dummy values for both the Entity ID and ACS — don’t worry, we will come back to change them later.

Click the edit button in the Basic SAML Configuration and fill in the Entity ID and ACS fields with these values:

2.a Attributes & Claims

  1. Click the edit icon

  2. Once navigated to the new screen choose Add new claim

  3. Add fugo_role as shown below.

  4. Click save and exit to the main configuration page

2.b SAML Certificates

Download the Base64 certificate. Open the certificate and then copy and paste it into your Fugo account. Make sure to remove the following:

---BEGIN CERTIFICATE--- and ---END CERTIFICATE----- when copy-pasting.

2.c Set up Fugo SSO App

Copy and paste the Login URL and the Logout URL into your Fugo Account

You are done configuring Fugo SSO in Azure AD. You now need to add configure your Fugo account

  1. Give access to users to Fugo App. In order to give access to your users, you will need to Assign users and groups to the Fugo SSO App.

  2. Go to Fugo SSO App | Overview and click Assign users and groups

3. Choose Add user/group and follow the steps to add users

4. Assign Fugo SSO app roles to Users

3. Assigning Fugo Roles & Space Memberships From Your IPD

You can now assign Fugo Roles and Fugo Space memberships when adding users to your account from your IDP. To invite new users, you simply need to make the Fugo app available for them from your IDP. When they sign in for the first time, they will be automatically added to your account with roles and space memberships as specified under the User Provisioning section.

Please note that the fugo_role attribute now requires a role name that matches the roles in your Fugo account. If the Fugo role name is not found, the new user will be assigned the default role .

Additionally, the fugo_space attribute requires a space name that matches an existing space in your account. Otherwise, the user will be added to a root space.

The default role is the admin role but it can be set to any other existing role from the Roles section

4. Configure Fugo SSO

Now, you’ll need to configure your Fugo account to work with Azure AD - as well as get rid of that dummy data we used earlier.

Sign in to your Fugo account and go to your Account Settings by clicking the top-right corner.

Select the "Single Sign On" tab. You'll need to fill in this form.

  1. Enter the name of your Identity Provider

  2. Add Login and Logout URLs

  3. Add your domain

  4. Add certificate

  5. Click Save Settings

  6. You will now see the Redirect Url (ACS) and Entity ID have been generated. Copy and paste them into the Basic SAML Configuration on your Azure AD account, overwriting the dummy values we entered in there earlier.

  7. Log out of your Fugo account, and select “Sign in with Single Sign On”.

  8. Enter your Azure AD username.

  9. You will be redirected to the Azure login process. Walk through it using your credentials.

  10. Select “Add to existing account” when prompted.

  11. Enter your Fugo username and password, to confirm you own the account.

And that’s it — you’ve federated your Fugo account with Azure Active Directory, and can now use Single Sign-in to handle authentication when it comes to logging in to Fugo. If you have any questions about this guide, or if you’re having issues getting SSO set up after you’ve walked through the steps above, please get in touch with our support team at support@fugo.ai and they’ll help you get up and running!

Did this answer your question?