If you are configuring authentication for the new Revvity tenant URLs, we recommend creating a new application in Azure/Entra. Editing the existing Azure/Entra application will most likely lock you out of your tenant's existing authentication.
Information you will need from Signals Notebook
- Log into Signals Notebook as an administrator
- Navigate to Configuration > System Settings > Authentication
- Select the URL to configure from the ‘Domain Name’ dropdown menu
- From the ‘Mode of Authentication’ options select ‘External SAML’
If you have existing SAML configuration from a different domain, that configuration will be copied into the fields below, however it will need to be removed for your new configuration to be entered.
Below are the fields you need to copy from SNB to Azure.
You need to define an Application ID, this can be any value you want with no spaces. Try to avoid using URLs as they usually create confusion with the other URLs used in the configuration.
Creating An Application in Azure
- Click on Enterprise Applications
- Click New Application
- Click Create your Own Application
- Enter a name to display to users on their Microsoft dashboard
- Select Non-Gallery and click Create
Click Single Sign On or Setup Single Sign On:
Select SAML:
On Basic SAML Configuration click Edit:
Here you will enter the values you collected from the SNB configuration page:
- Entity ID is your Application ID, this value needs to match exactly what you entered in SNB Application ID.
- Sign On URL is just your tenant URL.
- You do not need to enter a Logout URL, you can optionally enter it on SNB directly.
Click Save.
By default, Azure/Entra applications have "Assignment Required = Yes" in the application properties, this means you need to explicitly add users or groups so they can authenticate with this application:
You authentication process will fail if no users have been assigned to the application.
Optionally you can disable the Assignment Required property.
Information you will need from Azure/Entra ID
- Download the Base64 certificate OR the Federation Metadata XML (you can download either one, instructions for each follow below)
- Copy the Login URL
Obtain the certificate string
If you downloaded the Federation Metadata XML:
Copy the certificate string from the X509Certificate tag (line 27 on the screenshot below):
If you downloaded the base64 certificate:
Using a text editor, remove the BEGIN and END lines on the certificate
Using any method you prefer, turn the certificate string into a single line:
Enter Azure information into SNB
- Enter the SAML Key (certificate string in a single line with no spaces)
- Enter the login URL
Optionally you can specify a logout URL to take your users to after they logout.
Entering an incomplete/invalid SAML key will result in the following error:
You can now use the Test Configuration button to validate your settings.
Only save your settings if the test is successful or if you have a different domain to login and modify the settings.
Comments
0 comments
Article is closed for comments.