Skip to main content

Microsoft Azure SSO Configuration

This guide describes how to configure Microsoft Azure with uStudio Enterprise Podcast. Manage users and groups with SAML and SCIM protocols. Experience uStudio Enterprise Podcast with single sign-on (SSO) via SAML. Perform create, read, update, and delete (CRUD) operations on users and groups via SCIM. These actions give you more flexibility in controlling your uStudio user base in real time.

Features

  • Assign Users
  • Assign Groups
  • Create Users
  • Update Users
  • Deactivate Users
  • Create Groups
  • Update Groups
  • Delete Groups

PREREQUISITE

Please contact support@ustudio.com to establish a service account and receive your Company Code, SCIM API Token, Account UID, and Connection UID.

Create your Azure Enterprise Application

  1. Select Enterprise applications when managing Microsoft Azure (Entra ID) applications.
    Screenshot (1).png
  2. Click + New application.
    Screenshot (2).png
  3. Click + Create your own application.
    Screenshot (3).png
  4. Enter your application's name (i.e. uStudio Audience). Then, click Create.
    Screenshot (4).png

Configure Single Sign-on with SAML

  1. Select Single sign-on and click Edit on Basic SAML Configuration.
    Screenshot (7).png
  2. Enter in the following values:
    • Entity ID as urn:auth0:ustudioinc:prod-companycode-podcast-sso where companycode is replaced by your Company Code in all lowercase characters (i.e. ustudio).
    • Assertion Consumer URL as https://ustudioinc.auth0.com/login/callback?connection=prod-companycode-podcast-sso where companycode is replaced by your Company Code in all lowercase characters (i.e. ustudio).
    • Sign on URL as https://companycode.podcast-links.ustudio.com where companycode is replaced by your Company Code in all uppercase characters (i.e. USTUDIO). This smart link will route your users to our web application or mobile application. We only support Service Provider initiated requests.
      Screenshot (8).png
  3. Click Save.
  4. Click Edit on Attributes & Claims. By default you will see these settings below.
    Screenshot (9).png
    Note: We highly recommend that you change the required Name ID claim to a unique ID such as user.employeeid and set the format to Unspecified. Otherwise, the default user.userprinciplename as an Email address is fine. Please make sure the Name ID is constant to avoid account duplications and login errors.
  5. Under Additional claims, click the ellipses (...) on the name claim and Delete it.
  6. Click the emailaddress claim to edit as follows:
    • Set Name to email.
    • Clear out the Namespace.
    • Set Name format to Unspecified.
      Screenshot (10).png
    • Click Save.
  7. Click the givenname claim to edit as follows:
    • Set Name to given_name.
    • Clear out the Namespace.
    • Set Name format to Unspecified.
    • Click Save.
  8. Click the surname claim to edit as follows:
    • Set Name to family_name.
    • Clear out the Namespace.
    • Set Name format to Unspecified.
    • Click Save.
  9. Click + Add a group claim and set the following parameters:
    • Select Security groups.
    • Set Source attribute to Group ID or sAMAccountName.
    • Under Advanced options, checkbox "Customize the name of the group claim" and enter groupName as Name.
    • Click Save.
      Screenshot (12).png
  10. Now, your Attributes & Claims should look like these settings below.
    Screenshot (14).png
  11. Under SAML Certificates and Set up <App>, please provide support@ustudio.com with your App Federation Metadata URL or the XML file itself. At the very least, we need your X509 Certificate and Sign-on URL.
    Screenshot (15).png

Configure Provisioning with SCIM

  1. Select Provisioning from the left-hand panel and click Get Started.
  2. Set Provisioning Mode to Automatic.
  3. Set Tenant URL to 
    https://named-users.ustudio.com/api/v1/accounts/ACCOUNT-UID/connections/CONNECTION-UID?aadOptscim062020
    Where ACCOUNT-UID is replaced by your Account UID and CONNECTION-UID is replaced by your Connection UID as provided by uStudio Support.
  4. Set Secret Token to your SCIM API Token provided by uStudio Support.
  5. Click Test Connection. Success is a green checkmark.
  6. Click Save.
    Screenshot (17).png
  7. Set Provisioning Status to On and click Save.
    Screenshot (18).png
  8. Click "Provision Microsoft Entra ID Groups" and ensure the settings below.
    • Checkbox for Create.
    • Checkbox for Update.
    • Checkbox for Delete.
    • The following default attributes are present: displayName, externalId, and members.
    • Click Discard if no changes are made. Otherwise, click Save.
      Screenshot (20).png
  9. Click "Provision Microsoft Entra ID Users" and ensure the settings below.
    • Checkbox for Create.
    • Checkbox for Update.
    • Delete all default attributes except for userName, active, emails[type eq "work"].value, name.givenName, and name.familyName.
    • Click Save.
      Screenshot (19).png
  10. Click Start provisioning while in the Overview section of Provisioning.Screenshot (22).png

Assign Users and Groups

  1. Select Users and groups from the left-hand panel.
  2. Click + Add user/group and select which users or groups you want to have access to uStudio.
    Screenshot (21).png
  3. If SCIM is enabled, you will notice in the Provisioning section that cycles are preformed on assigned users and groups. The Provisioning logs are useful for tracking the changes that users and groups are undergoing.
    Screenshot (22).png
Facebook Twitter LinkedIn
Where Media Goes to Work ™
©2020 uStudio, Inc.
Privacy Security
Home About Press Patents Contact Blog Community Careers