Create a new SAML application in Azure
Within the Azure Active Directory, select "Enterprise applications." , click on “+Create new application”.
Click on "+ Create your own application", name the app (the name you choose for your intranet) and then select "Integrate any other application you don't find in the gallery (Non-gallery)", create the new enterprise application.
Configure SSO for your SAML application
Select “SAML” as the Single Sign On method
Edit the Basic SAML configuration
Identifier (Entity ID): https://[subdomain].haystack.so/api/saml/metadata
Reply URL (ACS URL) URL: https://[subdomain].haystack.so/api/saml/acs
Sign on URL: https://[subdomain].haystack.so/login
Below screenshots use the “staging” subdomain, remember to replace it with your haystack subdomain.
After the SAML app is configured, the SSO configs look like below
Copy the Metadata URL (for IDP metadata) into Haystack User Login Options
We will do this step for you if you do not have an Admin in Haystack yet (just pass the “app federation metadata URL” you can find in the SAML app SSO tab).
If you are a haystack admin, go to Haystack “Admin Console”- > “User Provision and Login”, paste the issuer URL from the Azure SAML app (SSO tab). Remember to replace “staging” in the urls below with your haystack subdomain.
Assign users to the Haystack App
Find the created Haystack app in Azure AD “Enterprise applications”, select "User and Groups" tab and click "+ Add user/group".