Azure SSO

1. Generate a Certificate in Metricly

  1. Navigate to Account Profile > SSO.
  2. Select Generate. generate
  3. Copy the generated certificate and use it to create a .cert file.
  4. Select Continue.

Keep this tab open and open a new tab; you must now login to Azure and upload the certificate.

2. Create New Application in Azure

  1. Log into Azure as an administrator.
  2. Navigate to Azure Active Directory > Enterprise Applications. azure-enterprise-applications
  3. Select + New Application. azure-new-application
  4. Select Non-Gallery Application and name your SSO application. azure-non-gallery-application
  5. Name your SSO application and select Add. azure-name-add-application
  6. Select Configure single sign-on (required). azure-configure-sso-required
  7. Select SAML for the single sign-on method. azure-saml-method

You are now ready to define your new SSO application’s SAML and user settings. If you need to return to these settings in the future, follow this path: Azure Active Directory > Enterprise applications > Your Application Name > Single sign-on > SAML-based Sign-on.

Upload Certificate From Metricly To Azure SAML SSO Application

  1. Select Upload metadata file. azure-upload-cert
  2. Upload the .cert file created in Metricly from the first step.

Define Azure SAML SSO Configuration

  1. Select Edit on the Basic SAML Configuration card. A slide-out panel appears. azure-edit-basic-saml
  2. Input the following values:
    • Identifier (Entity ID): netuitive-api
    • Reply URL (Assertion Consumer Service URL): https://app.metricly.com/saml/SSO
    • Sign on URL: https://app.metricly.com/saml/SSO
    • Relay State: Your Tenant Name (optional)

Add your tenant name to the Relay State field if you do not want to enter it when logging into Metricly from Azure. Your tenant name is the company name you used when you signed up for a Metricly account. Contact support if you do not know your tenant name.

Define User Attributes & Claims

  1. Select Edit on the User Attributes & Claims card.
  2. Select + Add new claim. azure-add-new-claims
  3. Add the following claims:
    • email: user.mail
    • firstName: user.givenname
    • lastName: user.surname
    • role: "Read Only"

The role claim attribute can also be set to "Administrator", however this makes all SSO users administrators in Metrcly. We recommend updating your administrator accounts individually and leaving the default role to Read Only.

Define & Download SAML Signing Certificate

  1. Select Edit on the SAML Signing Certificate card.
  2. Select the following dropdowns:
    • Signing Option: Sign SAML Assertion
    • Signing Algorithm: SHA-256
  3. Download the Certificate (Base64).
  4. Download the Federation Metadata XML. azure-download-cert

These files must be uploaded to Metricly.

3. Finish SSO Set-up in Metricly

  1. Navigate to Account Profile > SSO.
  2. Upload the Certificate (Base64) file from Azure.
  3. Upload the Federation Metadata XML file from Azure. upload-metadata-xml
  4. When finished, it should look like this: metricly-sso-complete

Login URLs

  • login URL: https://app.metricly.com/#/login?sso=true
  • login URL (tenant name pre populated): https://app.metricly.com/#/login?sso=true&tenantName=Your+Tenant+Name