

<pre>
!!Enterprise Licenses Only\\
\\
!__Prerequisits:__ on the Preferences panel [Misc page|Misc] need to set the __Remember invalid usernames__ parameter value to __0__ and clear the __HTTP Redirect Base__ field value. This is a __must__ with any plugin integration scenario.
\\
\\
Azure SAML is the same as all other SAMl providers, just a little different UI configuration.  Use the screenshots below to help guide you.\\
\\
1.) Create a new application.\\
[attachments|1_new_application.png]\\
\\
\\
2.) Create your own, we don't have a template to choose from.\\
[attachments|2_create_your_own.png]\\
\\
\\
3.) On the left choose Single Sign On to configure the SSO part of the SAML.\\
[attachments|3_properties.png]\\
\\
\\
4.) Choose SAML.\\
[attachments|4_sso_saml.png]\\
\\
\\
5.) Edit.\\
[attachments|5_edit.png]\\
\\
\\
6.) Configure the URL's for your CrushFTP server.  The top one will be the 'SAML Issuer' configuration on the SAMLSSO CrushFTP plugin config.\\
[attachments|6_config.png]\\
\\
7.) Download the metadata XML from the site after saving in step 6.  Edit with a text editor.\\
[attachments|saml_metadata_XML.png]\\
\\
7.1.) Navigate to CrushFTP SAMLSSO plugin configure it based on Azure's Single sign-on (see screenshot too):\\
{{{
[CrushFTP settings]                                 [Azure Settings]
SAML Provider URL (EntityID)       -&gt;             Azure AD Identifier
SAML Audience                      -&gt;             Identifier (Entity ID)
IDP Redirect URL (HTTP-POST)       -&gt;             Login URL
SAML Issuer                        -&gt;             Identifier (Entity ID)
}}}\\
\\
[attachments|plugin_azure_setting_macth.png]\\
\\
7.2.) On CrushFTP SAMLSSO plugin for &quot;_Authentication type:_&quot; set &quot;urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport&quot;.
{{{
Authentication type:urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
}}}\\
\\
7.3.) For &quot;This CrushFTP server's URL&quot; -&gt; put a slash in the end of the url:\\
{{{ 
This CrushFTP server's URL: https://your.domain.com/
}}}
7.4.) From the &quot;Federation Metadata XML&quot; -&gt; Look in the middle of the XML for the X509 base64 encoded certificate info.  Copy it and paste into the &quot;BASE64 encoded PEM Signing certificate&quot; in SAMLSSO plugin in CrushFTP.\\
\\

</pre>