Purpose: Guidelines on how to set up SAML for Azure SSO.
Simple Use Case: You would like a SAML solution into Orion with Azure.
Scope and Outputs: This is an out of the box solution for using Azure SAML to Orion Connect SSO.
Process Overview:
Assistance with Set up Azure for your SAML SSO to Orion. You’ll need to request a partner ID from Orion as well as provide us with your certificate and issuer/entity ID.
Process Steps:
- Submit a case to SME Integrations via the Orion Support App to request a Partner ID and Secret, you’ll need the Partner ID for the setup. Please allow 1-2 business days turn around.
- Set up Basic SAML Configuration
- Update Identifier (Entity ID): This should be your issuer URL or Firm name. *Please provide this information to Orion with your certificate via the Orion Support app to SME Integrations. Please allow 2-4 weeks from for your certificate to be inserted.
- Reply URL (Assertion Consumer Service URL) :
- https://auth.orionadvisor.com/sso/SAMLConsumer/
- Leave Sign on URL, Relay State, and Logout URL blank
- Input User Attributes & Claims : You will need to include the following: ** Please note attributes are case sensitive and must be as listed**
- authFlow = “Trusted”
- partnerId = “Your Orion issued partner ID”
- Unique User Identifier: Username in Orion
- Complete SAML Signing Certificate
- Signed areas need to be either Response or Both (Both is recommended)
- SAML Signing Certificate – Edit- Select BOTH sign SAML Response and Assertion
- Signed areas need to be either Response or Both (Both is recommended)
Process Visualization:
Process Tips or Controls:
- We do offer the authFlow types of “trustedPrompt” as well, however, “Trusted” is best practice.
- Be sure the partnerId, authFlow, and authFlow type (above) are spelled as listed, as they are case sensitive.