Configure Azure Active Directory as Primary Authentication

By setting up Azure Active Directory as the primary authentication service for Bitium, you can extend your primary identity to all your cloud apps. Employees will log into Bitium using their Azure Active Directory username and password.

Active Directory Integration is available to Business Plus and Unlimited plan users. To learn more, please visit our Plans page or contact support@bitium.com.

In order to set Azure AD as your org’s form of authentication into Bitium, please follow the following steps:

  1. Login to Azure and select Active Directory from the left-hand menu.

    Azure Active Directory as Primary Auth

    Select Active Directory in Azure

  2. Click on the directory you want to use.

    Azure Active Directory as Primary Auth

    Choose Directory

  3. Click “Applications” at the top of the screen

    Azure Active Directory as Primary Auth

    “Applications”

  4. Click the “Add” icon at the bottom of the screen.

    Azure Active Directory as Primary Auth

    “Add” the Directory

  5. In the popup window, click “Add an application my organization is developing”

    Azure Active Directory as Primary Auth

    Add a New App

  6. Give the application a name (e.g. “Bitium”) and click the next arrow.

    Azure Active Directory as Primary Auth

    Create the Bitium App

  7. Go to Bitium’s “Manage [ORG]” menu and select Directories.

  8. On the Directory setup screen, select “SAML”.

  9. On the Step 1: Service page, make sure “Authentication” is selected. Click “Next”.

  10. Copy the IdP values from the bottom of the setup screen: “Assertion Consumer Service URL” and “Issuer”

    Azure Active Directory as Primary Auth

    Copy IdP Values

  11. Back in Azure, paste the “Assertion Consumer Service URL” into the “SIGN-ON URL” field and “Issuer” into “APP ID URI” field. Click the checkmark to save.

    Azure Active Directory as Primary Auth

    Paste Values in Azure

  12. At the bottom of the screen, click the “View Endpoints” icon

    Azure Active Directory as Primary Auth

    View Endpoints

  13. Copy out the values for “Federation Metadata Document” and “SAML-P Sign-On Endpoint”

    Azure Active Directory as Primary Auth

    Copy Metadata and Endpoint Values

  14. Open the “Federation Metadata Document” in a new browser tab. Near the top, locate the first “X509Certificate” field.

    Azure Active Directory as Primary Auth

    X509Certificate

  15. In Bitium, input the following values

    1 - the value from “SAML-P SIGN-ON ENDPOINT” from “App Endpoints” popup

    2 - select “urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

    3 - the x509 value copied from the metadata.xml

    4 - http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

    5 - http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

    6 - http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

    Azure Active Directory as Primary Auth

    Input Values in Corresponding Fields

  16. After all data have been inputted, click “Save” at the bottom of the screen.

Once complete, all of your users will use their Azure AD credentials to log into Bitium.

Note: Email addresses published by Azure must match those allowed by your Bitium org.