Issues setting up SSO with Azure AD

  • 1
  • Problem
  • Updated 3 years ago
  • Solved
I hoping someone here can help me out, or at least point me in the right direction. :)
I'm trying to setup SSO using SAML to an Azure AD.
I've followed all the steps to create the app registration on Azure, I was able to load the SAML config using the URL to the federation metadata document endpoint in azure.

My issue is now any time I try to login using SAML, it gives me a user not found.
If I enable User Provisioning, it gives me this error:
SAML Login error: Unable to provision new User. Required attributes LastName, FirstName, Email, Username, and FederationId must all be specified in the SAML assertion.

How do I specify/edit the SAML assertion so that Skuid has all the info it needs to create the user?

Any help would be GREATLY appreciated!

Photo of Andrew Abraham

Andrew Abraham

  • 110 Points 100 badge 2x thumb
  • frustrated

Posted 3 years ago

  • 1
Photo of Zach McElrath

Zach McElrath, Employee

  • 54,246 Points 50k badge 2x thumb
Official Response
We have rolled out a fix for this to Production. It should now be possible to do User Provisioning using Azure Active Directory.

Some key limitations to be aware of right now with User Provisioning:

- The default Profile for new Users is currently always set to the "Standard" Profile. We are planning to make this configurable in our next major release. For the time being though, you will need to edit the Standard Profile to configure which Apps and Data Sources the Standard Profile has access to so that when Users login they will not 

- When freshly-provisioned Users log in for the first time, they are always sent to the route "/ui". The consequence of this is that if a User is provisioned through User Provisioning, the first time that User logs in, they will be sent to the "/ui" route and will see the "Forbidden" page, UNLESS you modify the Standard Profile to grant it the "Configure Site" Permission, which gives Users with that Profile the ability to configure anything in your Skuid Site. We are planning to make this "default route" configurable in our next major release, by enabling you to define a Default App for a Profile -- when a User logs in for the first time, they will be taken to the Default Route for their Profile's Default App. On subsequent logins, they will be taken to the most-recently-visited Route.