Configure Azure Active Directory as Primary Authentication
By setting up Azure Active Directory as the primary authentication service for Bitium, you can extend your primary identity to all your cloud apps. Employees will log into Bitium using their Azure Active Directory username and password.
Active Directory Integration is available to Business Plus and Unlimited plan users. To learn more, please visit our Plans page or contact firstname.lastname@example.org.
In order to set Azure AD as your org’s form of authentication into Bitium, please follow the following steps:
Login to Azure and select Active Directory from the left-hand menu.
Click on the directory you want to use.
Click “Applications” at the top of the screen
Click the “Add” icon at the bottom of the screen.
In the popup window, click “Add an application my organization is developing”
Give the application a name (e.g. “Bitium”) and click the next arrow.
Go to Bitium’s “Manage [ORG]” menu and select Directories.
On the Directory setup screen, select “SAML”.
On the Step 1: Service page, make sure “Authentication” is selected. Click “Next”.
Copy the IdP values from the bottom of the setup screen: “Assertion Consumer Service URL” and “Issuer”
Back in Azure, paste the “Assertion Consumer Service URL” into the “SIGN-ON URL” field and “Issuer” into “APP ID URI” field. Click the checkmark to save.
At the bottom of the screen, click the “View Endpoints” icon
Copy out the values for “Federation Metadata Document” and “SAML-P Sign-On Endpoint”
Open the “Federation Metadata Document” in a new browser tab. Near the top, locate the first “X509Certificate” field.
In Bitium, input the following values
1 - the value from “SAML-P SIGN-ON ENDPOINT” from “App Endpoints” popup
3 - the x509 value copied from the metadata.xml
After all data have been inputted, click “Save” at the bottom of the screen.
Once complete, all of your users will use their Azure AD credentials to log into Bitium.
Note: Email addresses published by Azure must match those allowed by your Bitium org.