Configuring Azure AD with PHPKB SAML Single Sign-On (SSO) Plugin


In this article, we will guide you with steps on how to configure Azure AD with the SAML Single Sign-On (SSO) Plugin of PHPKB knowledge base software.

Configuring Azure AD with SAML SSO Plugin

You need to be logged in to the admin control panel of PHPKB software with the Superuser account. Once you are logged in as a superuser, please follow the instructions given below,

  1. Configure Azure AD as Identity Provider (IdP)

    1. In Tools > Manage Settings > SAML tab, click View Metadata of this SP button. Here, you can find the SP metadata such as SP Entity ID and ACS (AssertionConsumerService) URL which are required to configure the Identity Provider.
    2. Log in to Azure AD Portal
    3. Select Azure Active Directory > App registrations and click on the New registration option:
      New Registrattion
    4. Assign a Name and choose the account type. In the Redirect URI field, provide the ACS URL provided in the View Metadata of this SP and click on the Register button: Register
    5. Navigate to Expose an API menu option and click the Set button and replace the APPLICATION ID URI with the Service Provider Entity ID (provided in the View Metadata of this SP). Alternatively, you can set this value (start copying after “//” (double slash), for example: b23eaba2-5499-40d3-80fa-7cf5f432cefb) in Manage Settings > SAML tab > Service Provider Entity ID (SP Entity ID) field: Expose an API

      NOTE: Please ensure that the SP Entity ID value from the View Metadata of this SP does not have a trailing slash(’/’). If SP Entity ID has a trailing slash then update it by removing the trailing slash from the SP EntityID / Issuer field under the Service Provider Metadata tab of the plugin, enter the updated value at Azure and click on the Save button.

    6. Go back to Azure Active Directory > App Registrations window and click on the Endpoints option: Endpoints
  2. Configuring PHPKB as Service Provider (SP)

Note: In the federationmetadata.xml file from Azure AD, there are four X509 certificates, and you can use the second one in the list, located under EntityDescriptor/RoleDescriptor/KeyDescriptor[2]/KeyInfo/X509DataX509Certificate.

Caution: Kindly be aware that, by default, Microsoft updates this certificate every 45 days, so the previous one will expire after this time, and you will have to update it manually.


Custom Fields

Article ID: 274
Created: November 13, 2021
Last Updated: June 10, 2022
Author: Palwinder Singh [singh@phpkb.com]

Online URL: https://www.phpkb.com/kb/article/configuring-azure-ad-with-phpkb-saml-single-sign-on-sso-plugin-274.html