Service Provider (SP) Initiated SAML Authentication Flow
SqlDBM offers Service Provider (SP) Initiated SAML Authentication for a variety of Identity Providers (IdPs). The diagram below illustrates the request workflow.
SSO Setup Steps
-
Before configuring anything in Azure, reach out to SqlDBM to get your Company Identifier. This value is going to be needed in Step 4.2.2
Open a support ticket with SqlDBM and request SSO setup.
- Navigate to https://support.sqldbm.com/hc/en-us/requests/new (log in if not already, before continuing)
- Select Account SSO: Enablement Request from the request type dropdown
- Fill out the following fields:
- Subject: Enable SSO
- IdP Admin Email: Provide the primary IdP Admin's email address
- Description: Requesting Company Identifier to enable SSO
- Submit the form
-
Create Application in Azure Active Directory
Navigate to the Azure Active Directory portal
Go to ‘Enterprise applications’ → ‘New application’ → ‘Create your own application’
Name the application (we recommend a name that reflects “SqlDBM”)
Select “Integrate any other application you don’t find in the gallery”
-
Assign Application to Users
Assign the app to Azure AD users, ensuring the admin account for your subscription is included
-
Set up SAML
In the app settings, go to "Set up single sign-on" and choose "SAML".
-
Configure the following
-
Basic SAML Configuration
Identifier (Entity ID):
https://idp.sqldbm.comReply URL:
https://idp.sqldbm.com/saml/metadata/<company identifier>/AcsSign on URL: leave blank
Relay state: leave blank
-
Logout Url: leave blank
-
-
Setup Claims:
-
Email
This should correspond to the user’s email address
-
Claim type should match the following (case sensitive):
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
-
Submit a Request to Enable SSO
Once your team has completed the setup steps mentioned above, please proceed update your previously created support ticket and provide the following information
App Federation Metadata Url
What to expect once you have submitted a ticket:
The support team will review the information shared
Once the information is verified, your SSO will be enabled and we'll check that it properly redirects to your IdP and notify you on your ticket
Please verify that logging in is successful and let us know
After Enabling SSO
For new users
Accept the invitation to join your organization by clicking the link in your invitation email, sent by your Admin via the Admin Console
Enter your email
Enter the verification code sent to your email to confirm SSO association
Visit your subscription page to confirm that you accepted the invitation
Your account will now be linked to the subscription
For existing subscription users
-
Log in using SSO by selecting the appropriate IdP from the options provided, or proceed directly to the SQLDBM private SSO sign-in page
Enter your email
Enter the verification code sent to your email to confirm SSO association
To access SSO, use the icons on the Sign-In page. If your provider isn’t listed, click the three dots to find the correct IdP.