STEP 2: Configure SSO settings in Azure AD
Note
Only an Azure Application Administrator can configure Azure AD.
In a different browser tab, log in to Azure AD as an Application Administrator.
Go to Enterprise applications > All applications.
Search for the Illumio SSO app and then click the app.
In the center of the page under Getting Started, click Get started on the Set up single sign on tile.
If prompted to select a single sign-on method, click SAML.
Configure Basic SAML:
On the Set up Single-Sign On with SAML page Basic SAML Configuration tile, click Edit.
On the Basic SAML Configuration panel that opens, populate the fields with the values you copied and preserved.
In the Identifier (Entity ID) field, paste the Issuer URL you copied from the Illumio PCE.
In the Reply URL (Assertion source Service URL field, click Add reply URL and then paste the Assertion Source URL you copied from the Illumio PCE. Note: Your Reply URL must have a subdomain such as www, wd2, wd3, wd3-impl, wd5, wd5-impl. For example, http://www.myIllumio.com will work but http://myIllumio.com won't.
Click Save and close the Basic SAML Configuration panel.
Click Edit on the Attributes & Claims tile.
Under Required claim, update the Claim name:
Click the three dots.
On the Manage claim page, click in the Source attribute field and select user.mail from the dropdown.
Click Save.
Back on the Attributes & Claims page, delete all of the existing claims in the Additional claims section by clicking the three dots for each one and then clicking Delete.
Click Add new claim and add three new claims:
Given Name
Surname
User.MemberOf