DeepSurface can be configured to leverage a third-party identity provider (IdP) to authenticate users when they access the DeepSurface web management console. One option is to use Microsoft's Azure Active Directory as SAML-based IdP that is available with an Azure subscription. Use the following steps to create a new DeepSurface Authentication Provider configuration to enable this integration.
Create the Authentication Provider record in DeepSurface
Navigate to Setup > Authentication > Providers
Click the button "+ Authentication Provider" in the top-right of the screen
In the pop-up, select "SAML 2.0" in the drop-down
Fill in an appropriate label for this authentication provider (such as "Azure AD")
Enter an appropriate value for the domain name of the "ASSERTION CONSUMER SERVICE URL" field. This domain name must match the one users will navigate to when accessing DeepSurface.
Click the "copy to clipboard" icon next to the ASSERTION CONSUMER SERVICE URL field to make a copy of this ACS URL. Paste this in a temporary location, such as a text editor, as we'll need this in later steps.
Do not enter any values in the METADATA XML at this stage. We'll come back to this in a minute.
Save the new authentication provider.
Configure Azure AD
Log in to Azure Portal and navigate to Microsoft Entra ID from the Azure services menu.
Click on the Enterprise Applications in the left hand menu and click on the "+ New application button".
Enter a friendly name in the App name field, such as "DeepSurface". Select other options as appropriate and click Next.
Once the app is created and you are on the app's setup screen, click on the "Single Sign On" menu item on the left.
You will see several panes, the first one to focus on is the "Basic SAML Configuration" pane, click the "Edit" icon in the top left of this pane to edit the details
In the edit form, enter the ASSERTION CONSUMER SERVICE URL you obtained in step 1 above into the Identifier (Entitiy ID) and Reply URL (Assertion Consumer Service URL), and the Sign on URL fields. These fields are required. Do not modify any other fields.
Finalize DeepSurface Authentication Provider
Return to the Setup > Authentication > Providers area in DeepSurface and edit the provider created in step 1l
Upload or paste the XML file into the METADATA XML field, as obtained from Azure AD in step 2.
Save the updated authentication provider record.
Create DeepSurface users associated with the Azure AD authentication provider
In DeepSurface, navigate to Setup > Authentication > Users.
For any user who needs to log in via Azure AD, create a user with exactly the same username they would use with Azure AD. Be sure to select your newly created authentication provider in the dropdown at the top of the user editing pop-up.
Test Azure-based login
To test a DeepSurface user linked with an Azure AD authentication provider, first log out of DeepSurface.
On the login form, enter the username of a user who should be authenticated against Azure AD, and click Next.
You should now be redirected to Azure AD. Log in with your Azure AD credentials.
After successfully authenticating to Azure AD, your browser should be redirected back to DeepSurface and you should be automatically logged in to the DeepSurface console.
For more information, consider consulting the following:
Having trouble? Don't hesitate to contact support.