Ask Gaviti support team for some necessary SSO configuration before you begin.
1. Reply URL (Assertion Consumer Service URL):
2. Sign on URL:
Ask for support to provide you these two URLs.
Create a new enterprise application.
Open Microsoft Azure Enterprise applications click here
1. Click on “+ New application”
2. Click on “+ Create your own application”
3. Input the name: “Gaviti” and click on “Create” (It can take a few seconds…)
4. Click on “Manage” → “Single sign-on” on the left side menu
5. Click on “SAML” and start filling 4 sections as described.
1st section (Basic SAML Configuration):
1. Click on “Edit” to edit the Basic SAML Configuration.
2. Click on “Add identifier” and enter the Identifier: “gaviti” into the new empty row.
3. Click on “Add reply URL” and enter the reply URL into the new empty row (you received it
from Gaviti support). e.g. “https://api.gaviti.com/v2/auth/sso/callbackUrl?securityPolicyId=[uuidv4]”
4. Enter the Sign on URL “Assertion Consumer Service URL” (you received it from Gaviti
support). e.g. “https://app.gaviti.com/login/sso?securityPolicyId=[uuidv4]”
5. Click on “Save”
6. Click on “X” to close the right side menu after it is successfully saved.
2nd section (Attributes & Claims):
1. Click on “Edit” to edit the Attributes & Claims.
2. Click on “Unique User Identifier (Name ID)”.
3. Change the Source attribute to “user.mail”.
4. Click on “Save”.
5. Click on “X” to go back to the SAML-based Sign-on page.
3rd section (SAML Certificates): Download the Certificate (Base64) and save it for next steps.
4th section (Set up Gaviti): Copy the “Microsoft Entra Identifier” and save it for next steps.
The final result should look like this:
Get the user access URL.
At the same main screen in Azure.
1. Click on “Manage” → “Properties” in the left side menu.
2. Copy the User access URL and save it for next steps.
Add users/groups to the enterprise application.
1. Click on “Manage” → “Users and groups” in the left side menu.
2. Click on “Add user/group”.
3. Click on “None Selected”.
4. Select the users/groups that you want to give access to.
5. Click “Select”.
6. Click “Assign”.
Final required details
The Gaviti supports should receive from you all these collected details:
1. Certificate file (Base64).
2. Microsoft Entra Identifier.
3. User access URL