How to use Helpy Pro with Azure Active Directory (AAD) for Single Sign On

Connecting your Helpy PRO instance to Microsoft Azure Active Directory (AAD) requires adding configuration to the Helpy instance(s) you are running, and to your AAD control panel.

AAD Controls:

Start by adding the required configurations to the domain in AAD as follow:


1. From the Azure AD main screen, Click “Enterprise Applications”




2. Click “New Application”


3. Select “Non Gallery Application”



4. Type “Helpy Pro” into the Name field



5. Choose “Configure single sign-on”


6. Next, pick “SAML”

You will now see a screen with configuration for the integration. Click “Download” for the Base64 Certificate. This will be used in the next steps. Also, take note of the Login URL, Azure AD identifier and Logout URL as these will also be used in the next steps.

7. In section 1: Basic SAML Configuration, add the following values:

Identifier: helpypro
Reply URL: https://YOURDOMAIN/users/auth/saml/callback


8. In section 2: Attributes, you will need to change the attributes passed from AAD to match those expected by Helpy Pro:

Here is the default configuration:


This is how it should look:


Note: You can experiment with this to get the information you need into Helpy Pro.


Helpy PRO Configuration Steps:

You will now complete configurations on the instance itself, by adding a configuration file with data taken from the Azure AD control panel, and associating it with the instance you are working on.


1. Create a file on your Helpy Pro server named “aadauth.yml”:

touch aadauth.yml


2. Copy and paste the file format from https://gist.github.com/scott/d1bb03bf15bec718e0a50a5857ce0ddb This includes a working configuration for many of the needed values. Start by replacing with the URL of your Helpy Pro instance.

3. Referring to the Azure AD Single Sign on page above, add the following values where indicated in the file:

Idp_entity - Add the Azure AD identifier value here 
idp_sso_target_url - Enter the “Login URL”
Idp_slo_target_url - Enter the “Logout URL”


4. On the line “idp cert” cut and paste the certificate you downloaded above.

5. Associate your config file with your Helpy instance by setting the AUTH_FILE environment variable to the path of your file:

sudo helpy config:set AUTH_FILE=/path/to/aadauth.yml

6.Restart your server instance

sudo helpy restart


References and helpful links:

    https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications


    Did this solve your problem?