To make accessing MURAL easy and secure for everyone in your organization, you might choose to implement SSO (single sign-on). SSO allows members to authenticate into MURAL with their company’s network credentials. SSO relies on connecting MURAL with an IdP (identity provider) to verify a collaborator’s identity. And since Azure AD is one of the most common IdPs, we offer a dedicated integration to help speed up configuration.
Install the MURAL Identity application
The first half of this configuration happens in Azure AD. So, install our Azure AD connector and follow the Azure AD-specific steps. Then, return to this article when you’re instructed to configure MURAL.
Upload Azure AD’s metadata
Now that you’ve downloaded the Base64 certificate, you’re ready to return to MURAL. This certificate contains metadata that helps complete your configuration. So, the first step is to upload that metadata on the SSO page of your company dashboard.
To upload Azure AD’s metadata into MURAL:
Click your name in the bottom left corner of the dashboard.
Select Company dashboard from the list of options.
Click SSO in the left sidebar.
Click Upload XML file.
Select the XML file downloaded from Azure AD.
Click Open. The Sign in URL and Sign in certificate auto populate.
Select HTTP-POST as the Request binding type.
Select SHA256 as the Sign in algorithm type.
Add claim mapping
Now, you’re ready to add claim mapping. Claim mapping is the final piece of the bridge you’re building between MURAL and Azure AD. Let’s say MURAL speaks one language and Azure AD speaks another. Claim mapping acts as the translator between them.
With claim mapping, you can take attributes from Azure AD and assign them to attributes within MURAL. For example, Azure AD refers to an individual’s email address using the URL http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress. This is called the attribute’s name, and MURAL needs to know those names to find all the data it’s looking for.
To configure claim mapping in MURAL:
From the SSO page of the company dashboard, type http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress in the Email address field.
Note: The value from the email address claim is used as the unique identifier and email address of a member’s MURAL account. If you have existing members using MURAL, make sure the claim value matches the email of their existing MURAL account.
Type http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname in the First name field.
Type http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname in the Last name field.
Test the SSO configuration
A successful simulated test of your SSO configuration is required before you can save it. You can run a test right from the SSO page on your company dashboard.
To test your SSO configuration:
From the SSO page of the company dashboard, click Test single sign-on. The page redirects to Azure AD.
Enter your Azure AD credentials, if requested. The page returns to MURAL.
Verify all attributes mapped correctly in the sample fields shown.
Copy the SSO test link and share it with others to test from more browsers and devices.
Note: The SSO test link is valid for 60 minutes after you run your test.
Click Save single sign-on.
Click Yes when prompted.
Note: Once you save your SSO configuration, SSO will be enabled for all members. This does not interrupt existing sessions, but all members will be prompted to log in using SSO on their next session.
If your test is not successful, review your configuration in both MURAL and Azure AD. Then, run your test again. If you’re unable to fix the issue, reach out to email@example.com for assistance.