Configure Gorilla Expense for SAML Based SSO Using Azure AD


Step -1 Create Enterprise Application

Login to the Azure Portal and open “Enterprise Application”

Go to “New Application”



Go to “Create Your Own Application”






Provide any name for the app and click on “Create”




Step-2 Configure Users or Groups to access the application

Select “Assign Users and Groups” or “Users and Groups”




Add respective users or Groups by selecting “Add User/Group”



Note:  make sure that every user has an email id updated in the email field and the exact same email should exist in Gorilla Application as well.






Step-3 Configure Single Sign On

Select “Set up single sign on” or “Single Sign-On”




Select “SAML”

 


Update “Basic SAML Configuration” and “User Attributes & Claims” with following values:



Download SAML Signing Certificate (Base64) – (Will use this certificate while configuring Gorilla Application)


Step-4 Configure Gorilla Expense Application 

  • Login to Gorilla Web Application with Admin Credentials.

  • Select Settings -> SAML Configuration


            Replace <<ApplicationName>> with actual Enterprise application name of your app

            Replace <<ID>> with actual Application Application ID

            URL just for reference:  https://myapps.microsoft.com/signin/SSOTestAD/ce95d61f-cf2c-44yd-a6af-60561d10f8

  • IDP SSO Logout URL: https://myapps.microsoft.com

  • X.509 Certificate: Open the previously downloaded certificate with notepad and copy all text and paste it into the certificate textbox. Refer the below screenshot:




Test single sign-on from Azure Portal

Once you have configured your application to use Azure AD as a SAML-based identity provider, you can test the settings to see if single sign-on works for your account.


  • Open newly created Enterprise Application ->> Single Sign On
  • Select Test and then choose to test with the currently signed in user or as someone else.

  • On successful sign-on, it will open Gorilla Web Application in new tab.



Test single sign-on from Gorilla Web Application

  • Select “Single Sign On” option from Logon page

  • Enter email id 

  • This will redirect request to Logon URL which we have configured in Gorilla Application and once authenticated user can access the Gorilla application.