Overview:
To complete setup, either follow along with this video, or follow the steps in text form below:
Step one: Enable SAML in the Cmd web app
Sign in to app.cmd.com
In the top-right corner, click your project's name to open the drop-down menu.
Select Project & App settings.
On the left-hand menu, under 'Administration (Global)', select Security.
(Global administrators only).Scroll down to the 'Enable SAML' section. If you haven't yet enabled it, click the checkbox.
Leave the window open. You'll return in Step three.
Step two: Complete basic SAML configuration via Azure
Log in to Azure.
From the left-hand menu, select Azure Active Directory.
3. From the 'Default Directory' menu, select Enterprise applications.
4. Click + New application.
5. Under 'Add an application', select Non-gallery application.
6. Provide a name for the new application (i.e., Cmd).
7. At the bottom of the 'Add your own application' panel, click Add to save your new
app.
8. From the 'Enterprise Application' menu on the left, select Single sign-on.
9. Select SAML.
10. Click the Edit (pencil) icon:
11. Under 'Identifier (Entity ID)', add a name, such as 'CmdSAML'.
12. Under 'Reply URL', paste 'https://app.cmd.com/sso/callback':
13. Return to the open Cmd web app window.
14. Under 'Service provider single sign-on URL', click the Copy Link icon:
15. Return to Azure.
16. Under 'Sign on URL', paste the link you just copied from the Cmd web app:
17. Click Save, then click the Edit (pencil) icon next to '2. User Attributes & Claims'.
Change the value of 'Unique User Identifier' to 'user.mail', then Save again:
Step three: Finish SAML configuration by passing information between Azure and the Cmd web app
Keep your Azure and Cmd web app windows open. If possible, split your screen to view both side by side. In the image, Azure is on the left and the Cmd web app is on the right:
2. Copy the Entity ID from Azure (red box on left) and paste the entity ID into the
'Entity ID' field in the Cmd web app (red box on right).
3. Copy the Login URL from Azure (blue box on left) and paste the link into the
'Identity provider single sign-on URL' field in the Cmd web app (blue box on right).
4. Copy the Azure AD Identifier from Azure (yellow box on left) and paste the
identifier into the 'Identity provider issuer' field in the Cmd web app (yellow box
on right).
5. Next to 'Certificate (Base64)' in Azure, click Download (orange box on the left).
Copy the contents in this downloaded file, and paste the contents of the
downloaded file into the 'X.509 certificate' field in the Cmd web app (orange box
on right).
6. When you've completed all of these steps, your Cmd app should look something
like the following screenshot. Click Save in the Cmd web app.
Step four: Select which Azure users can log into Cmd
Return to Azure:
2. From the left-hand menu, select Users and groups.
3. Click + Add user. The 'Add Assignment' panel will appear on the right.
4. Select Users and groups from the 'Add Assignment' panel.
5. Find and assign users (or user groups) to the Cmd application to enable them to
access the Cmd web app via Azure AD SSO.
Note: The email addresses associated with the users in Azure AD must also be
associated with them in the Cmd web app. For more information on how to add
users to Cmd, see Adding new users.
Step five: Test your newly-configured SAML configuration by logging into the Cmd web app
Open the Cmd web app.
If you're already signed in, sign out by clicking your project name in the top-right corner of the app and selecting Log out from Cmd from the drop-down list.
3. On the login screen, click Single sign-on.
4. Enter the email address associated with your Azure AD account, then click Single
sign-on.
5. You should be automatically logged into Cmd. If you run into problems, please
contact your Cmd representative for help with troubleshooting.
Related resources
To learn more about third-party integrations, including other SSO providers, see:
Our integrations overview