cancel
Showing results for 
Search instead for 
Did you mean: 
intapiuser
Community Team Member
Community Team Member

Introduction

This article explains how to set up SAML 2.0 integration between Sisense and Azure AD.
For more information about SSO in Sisense see
By default, Sisense supports Forms Authentication only. Starting from the L2021.11 version, you can also enable support for Windows Authentication and MFA. For more details, contact the Sisense support team.

Configuration on Azure side

  1. Log in to your Azure account.
  2. Expand the left-hand menu:
  3. Go to Azure Active Directory
  4. Select Enterprise applications:
  5. Under the All Applications section, select New application:
  6. Create your own application for ‘Integrate any other application you don’t find in the gallery’ purpose, name it Sisense:
  7. Under Overview > Assign users and groups, configure access permissions for your SSO integration. Once configured, go back to Overview and switch to Set up single sign-on:
  8. Select SAML type of the SSO:
  9. Edit Basic SAML Configuration with the following settings:
Name
Value
Identifier (Entity ID)
Sisense
Reply URL
(Assertion Consumer Service URL)
https://my.sisense.com/api/v1/authentication/login_saml_callback/

* replace my.sisense.com with your Sisense URL
Note
Azure allows HTTPS format only for Reply URL. To configure HTTPS in Sisense, see Setting Up SSL for Sisense.
If you configure the integration in the Sisense test environment without SSL, you can set HTTP reply URL directly in the manifest of the SAML application, reference.
Once saved, go to Edit User Attributes and claims.
 
10. Use Add New Claim to add the following attributes
11. Optional. Add a New Group Claim as per screenshot:
Your Azure AD needs to be synchronized with on-premise Microsoft Active Directory to use this claim. See more details in Configure group claims for applications with Azure Active Directory.
12.  Return back to the Single Sign-On page and copy the following parameters: 

Azure AD additional info

In the latest versions of Sisense, it is required to fill the Relay State field in, it is marked as optional at provider side:
RelayState is a parameter that identifies a specified destination URL your users will access after signing in with SSO. In case of Sisense, it could be a path to the main page: “https://my.sisense.com/app/main#/home” 

Configuration on Sisense side

  1. Go to Admin tab > Single-Sign On.
  2. Select SAML, turn the toggle on. Use parameters from Step 12 above:
  • Remote Login URL = Login URL
  • Remote Logout URL = Logout URL
  • Public X.509 Certificate = Content of Certificate (Base 64) file (you can open it with a text editor)
3. Configure claim names according to your config in Azure AD. If you created a group claim in Azure SAML app, choose Define by Group and enter memberOf as the Group Claim name.
Rate this article:
Comments
RJ_Ponzio
7 - Data Storage
7 - Data Storage

Is there any way to allow multiple tenants to utilize SSO?  

We currently have two tenants, but are only permitted a single "Remote Login URL" in Sisense SSO settings.  Is there any way to enter two possible "Remote Login URLs" or another way to allow more than one tenant ID?

Version history
Last update:
‎02-16-2024 11:26 AM
Updated by: