Authenticating Dataedo Portal with Azure AD

This guide will walk you through the process of configuring Dataedo to integrate with Azure AD as the Identity Provider.

Initial configuration in Azure Portal

1. Open Azure Portal and go to Enterprise Applications. Choose the New application option:

   

2. In the next tab, choose the Create your own application option:

   

3. In the new tab, type in the application name for your internal use (for example, "Dataedo Portal") and click Create.

   

4. You'll see a new application screen. In the Getting started section, choose Assign users and groups.

   

5. Use the Add user/group option to add a user.

   

6. In the menu to the left, choose Single Sign-on, then from the options to the right, choose SAML.

   

7. Click Edit in the Basic SAML Configuration section.

   

8. A new tab will open:

   

9. In the Identifier field, paste the address Dataedo Portal will be accessed with from your organization. Note that only HTTPS addresses are allowed.

   

10. In the Reply URL section, type in the address your Dataedo Portal will be accessed on followed by /api/api/auth/assertion-consumer (for example https://your-Dataedo-Web.address/api/api/auth/assertion-consumer).

    

11. Click Save. The tab will now look like this:

    

12. Back in the Set up Single Sign-On with SAML tab on the left, find the SAML Signing Certificate section.

    

13. Copy the address marked as App Federation Metadata Url - you will need it later.

Configuring SAML in Dataedo Portal appsettings.json file

Follow these steps to configure Azure Ad for Dataedo Portal installed on a Windows machine.

1. Find the installation path of Dataedo Portal (default address is: C:\Dataedo Portal\),

2. Go to the Applications\API\ subfolder.

3. Right-click and edit the appsettings.json file, and find the Saml2 section:

   # This sample contains inline comments for explanation purposes
   # JSON is a strict format and doesn't support inline comments
   # Remove all inline comments (#) before using this configuration in your envi
   {
   "Saml2": {
       # Paste the Identity Provider metadata URL here, or the path to the metadata XML file.
       "IdPMetadata": "https://login.microsoftonline.com/b411bcba-01b1-4de5-9fa1-45272da91a0c/federationmetadata/2007-06/federationmetadata.xml?appid=db0e60a2-0f7b-4a61-939a-56fbae2d8b8c",
   
       # Paste the Identifier from Azure's Basic SAML Configuration > Identifier field here.
       "Issuer": "https://127.0.0.1:4435",
   
       # Set the signature algorithm. Default is RSA_SHA256.
       # If you use RSA_SHA1, change this value to http://www.w3.org/2001/04/xmldsig-more#rsa-sha1.
       "SignatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
   
       # Specify the certificate validation mode. Default is ChainTrust.
       "CertificateValidationMode": "ChainTrust",
   
       # Specify the revocation mode. Default is NoCheck.
       "RevocationMode": "NoCheck"
   },
   "Saml2Client": {
       # Provide a display name for the Identity Provider.
       # Avoid using spaces; replace them with underscores (_).
       "DisplayName": "Azure_AD_SAML",
   
       # Make sure this URL points to your Dataedo Portal application address.
       "ClientUrl": "https://127.0.0.1:4435"
   }
   }

4. Go to IIS Manager, and restart the Dataedo Portal app for changes to take effect.

5. If you open Dataedo Portal, you'll see an option to log in with Azure AD:

   

6. Clicking it will either take you to the Azure login page or, if you’re already logged in, directly to your Dataedo Portal page.

Configuring SAML in Dataedo Portal Docker image

Follow this section for Portal running from a Docker image.

1. Open the .env file that should be located in the same folder as the docker-compose.yml file, find the Single Sign-On section:

   Single sign-on configuration in docker-compose.yml

   # This sample contains inline comments for explanation purposes.
   # Remove all comments (#) before using this configuration in your environment.
   
   # Paste the App Federation Metadata URL here, or the path to the metadata XML file.
   DATAEDO_SSO_IDP_METADATA="https://login.microsoftonline.com/b411bcba-01b1-4de5-9fa1-45272da91a0c/federationmetadata/2007-06/federationmetadata.xml?appid=db0e60a2-0f7b-4a61-939a-56fbae2d8b8c"
   # Paste the Identifier from Azure's Basic SAML Configuration > Identifier field here.
   DATAEDO_SSO_ISSUER="https://yourwebsite.com/"
   # Set the signature algorithm. Default is RSA_SHA256.
   # For example, for RSA_SHA1 use: http://www.w3.org/2001/04/xmldsig-more#rsa-sha1
   DATAEDO_SSO_SIGNATURE_ALGORITHM=http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
   # Certificate validation mode. Default is ChainTrust.
   DATAEDO_SSO_CERTIFICATE_VALIDATION_MODE=ChainTrust
   # Revocation mode. Default is NoCheck.
   DATAEDO_SSO_REVOCATION_MODE=NoCheck
   # Fill in the display name for the Identity Provider.
   # Use underscores (_) instead of spaces (e.g., My_Identity_Provider).
   DATAEDO_SSO_DISPLAY_NAME="My_identity_provider"
   # Make sure this URL points to your Dataedo Portal application address.
   DATAEDO_SSO_CLIENT_URL="https://yourwebsite.com/"
   

2. Update your Docker Compose with the following command:

   docker-compose up -d

3. If you open Dataedo Portal, you'll see option to log in with Azure AD:

   

4. Clicking it will either take you to the Azure login page or, if you’re already logged in, directly to your Dataedo Portal page.

Need help?

If you run into any problems or have questions, reach out to Dataedo support.