Azure AD

1. First, go to the Azure portal and select Azure Active Directory. Then go to "Enterprise Application" and create a new application. Now, select "Non gallery application".

2. You will land on this page, where you can set your app name.

3. Select your newly created application and click on Single Sign On. Choose SAML application.

4. Now, you need to configure the Service Provider in Azure. Click on Edit in the first box. Use these values:

   - `Identifier (Entity Id)` field is filled with the `SP Entity ID` value on GitGuardian dashboard.- `Reply URL (Assertion Consumer Service URL)` field is filled with the `ACS URL` value on GitGuardian dashboard.

   Don't forget to click on "Save".

5. Now, some mappings need to done. Select 'Edit' on the 'User Attributes & Claim' box. Click on 'Add new claim'. Leave 'Namespace' empty and use these values:

   - `Name: first_name + Source attribute: user.givenname`- `Name: last_name + Source attribute: user.surname`

   Don't forget to click on "Save".

You also need to make sure that the User ID claim is set to Email.

6. Setup how responses and assertions are signed. Choose 'Sign both' and 'SHA-256' as digest algorithm

7. Now, you need to configure the Identity Provider in GitGuardian dashboard. Use these values:
   • Entity Id field is filled with the Azure AD Identifier
   • Single Sign-On URL field is filled with the Login URL
   • X509 Cert field is filled with the certificate. Download the Base64 certificate, use cat and copy/paste the plaintext value.

8. Test your app configuration by clicking on "Test".