If you have Azure Directory set up for your company, you can use it to authenticate users in Sigma.
To set up Sigma as an enterprise application in Azure directory, you’ll need the following URLs
Read on for step by step directions on how to set up Azure Directory for Sigma.
Step 1: Register Sigma as an Enterprise Application
Log on to Azure as Global Administrator and navigate to the Enterprise Applications (Can be found in sidebar or via search bar) and click “+New application”. You’ll be taken to the following screen:
Select Non-Gallery application and give your Application a name like “Sigma Computing.” Then click “Add”
Select the “Single sign-on” menu and choose “SAML” for the sign-on method
On this page we’ll configure SAML to work with Sigma. Start with Box 1, “Basic SAML Configuration”
Enter the Identifier: https://api.staging.sigmacomputing.io/api/v2/saml2/2/metadata.xml
Enter the Reply URL: https://api.staging.sigmacomputing.io/api/v2/saml2/assert
Then click “Save”
Select Box 2, “User Attributes & Claims”.
- Delete all existing claims except for the “user.principalname” claim.
- Click the user.principalname claim to modify it. Change the Source Attribute from “user.principalname” to “user.mail”. Click Save
- Click “Add new claim”. For Name enter “firstName” and for the Source Attribute select “user.givenname from the dropdown. Click Save
- Click “Add new claim”. For Name enter “lastName” and for the Source Attribute select “user.surname”. Click Save
When you’re done you should have three claims that look like this:
From the “SAML Signing Certificate, click the “Download” button next to “Certificate (Base64)”. We’ll use this information later to enter into Sigma.
From Box 4, Click the copy button next to the URL for “Login URL” and save it locally. We’ll enter this information into Sigma later.
Step 2: Add Users and Groups to the Sigma Application
Add the Users and Groups to the application that you would like to have access to Sigma
Step 3: Configure Sigma
As Sigma Admin, logon to Sigma and go into the Settings menu. Click the Organization tab and click “Advanced Settings”
Enter Azure AD authentication info:
Under Authentication select “SAML”.
Under Identity Provider Login URL, enter the “Login URL” (You should have obtained this when registering Sigma as an application in Azure Directory)
In the “Identity Provider X509 certificate” box, enter the base64 certificate (Certificate downloaded when registering Sigma as an application. You will need to open the certificate with a text editor and enter that text into the box.)
You’re done! To test, log out of Sigma and try logging back in via the “Log in with SAML” option