Faddom allows you to setup user authentication from any IdP using SAML/SSO authentication. To do this, you can follow the below guide, which is based on Azure EntraID. The process for other IdPs are similar and the fields required are identical for all. If you have any issues, please contact support@faddom.com.
To set this up, first navigate, in Faddom, to Settings > Access Control > Identity Providers will be presented with this page.
The Name is the display name in the Faddom UI, and is especially useful is you need to configutre multiple IdPs. This is the name that Faddom will display on the Faddom login page that users see. This is defined by yourselves and can be anything you wish.
For the rest of the fields, some require information from the IdP and some is information to be placed in the IdP. To complete the fields, follow the guide below (based on EntraID).
To set this up in Azure, you need to do the following -
Create an Enterprise App Registration. If you are mapping an Azure environment, this is different to the App Registration needed for Azure discovery.
Select Create your own application. You will see the below popup and you enter the name of the Application - we recommend Faddom - and select the third option
Once the app is generated, open it up if it doesn't do so automatically and select Single Sign On > SAML
Click on Edit in the Basic SAML Configuration, set the SP Entity ID in your provider. You can either copy the default value in Faddom of https://faddom.com or you can set a custom one in the IdP provider and paste this into Faddom.
Copy the Reply URL field from Faddom and paste it into the provider section
Copy the metadata URL or download the file to enter into Faddom
Note: To use the metadata URL Faddom needs direct access to the URL provided. If it does not have this, please use the file from your IdP.
Copy the Login URL and IdP Identifier (in this example it is the Microsoft Entra Identifier) and paste the two values into the relevant field in Faddom
To allow the application to work, you need to assign a group. To do thi,s click on Add Users and Groups. The group needs to be assigned to the user either in a local on-prem LDAP (e.g. Active Directory) and synchronised with the IdP (e.g. EntraID) or it can be assigned directly in the IdP (e.g. Azure/EntraID)
Select one or more users or groups from the list by clicking them. The ones you select are listed under Selected items.
Click Select. The number of users and groups selected are shown on the Add Assignment page then click Assign
Next, a Group Claim needs to be created for the Application. To do this click on Edit on Attributes & Claims
Click Add a group claim and select Groups assigned to the application
In Source Attributes select sAMAccountName
Select the checkbox for Emit Group name for cloud-only...
Select Advance Options
Select Customized the name of the group claim
Type the name of the attribute name faddom.roles or your chosen name, and ensure it is matched to the Role Attributes field in Faddom.
Save
Click on Save
You can then follow our guide How to Setup User Access to setup the roles in Faddom to match a role in Azure to provide users with the permissions to access Faddom