Azure Active Directory

Appetize supports Azure Active Directory as an SSO provider, using the SAML protocol.

Prerequisites

Please have the entity ID (usually appetizeio-saml) and the Assertion Consumer Service URL (looks like https://appetize.io/sso/example/cb) you received from Appetize support.

Azure Active Directory Setup

In Azure Active Directory, go to Enterprise Applications. Create a new application. Choose a name for it (e.g. Appetize) and select "Integrate any other application you don't find in the gallery (Non-gallery).

List of enterprise apps. Click "New Application"
List of enterprise apps. Click "New Application"
Choose a name, e.g. "Appetize" and choose Non-gallery

With the App created, click on "App roles". Create a role named "Appetize Admin" with value appetize_admin, and another role named "Appetize Developer" with value appetize_developer.

Creating the appetizeadmin app role. Repeat for appetize_developer.
Your app roles should look like this

Return to "Enterprise Applications" and choose "Appetize". Click "Users and groups" to authorize logging in. Click "Add user/group" and choose from your organization's existing users or groups. Select a role (Appetize Admin, Developer, or User) as appropriate. Save the assignment.

Go to Users and Groups for the Appetize application
Choose users and/or groups and assign them to the Admin, Developer, or User role

Click "Single sign-on" and click "SAML". Enter the entity ID and Assertion Consumer Service URL provided by Appetize support.

Click SAML
Enter values provided by Appetize support

On the next page, click the edit button next to "Attributes & Claims". Click "Add a new claim". Name: groups, Source: attribute, Source attribute: user.assignedroles. Save the claim.

Click Edit button next to Attributes & Claims
Click "Add new claim"
Name: groups. Source attribute: user.assignedroles

Return the SAML page and download the "Federation Metadata XML" file. Send this file to Appetize support. Alternative, you may send the Certificate (Base64) and the Login URL.

Download the Federation Metadata XML and send to Appetize support

Appetize will provision SSO for your account after receiving the information. If necessary, we may also schedule a call to test the integration.

Last updated