Azure Federation

Integration guide

This page sets out how to integrate the Case Review Portal with the self-service or hybrid model with single sign-on.

Azure Federation

To set up Azure Federation to manage access to the Case Review Portal, follow these steps:


Your organization must have Azure AD Premium.

Your implementation manager provides you the following:

Service provider entity IDurn:amazon:cognito:sp:<UserPoolID>
SAML endpointhttps://<cognitoUrl>/saml2/idpresponse

After you have successfully set up the federation with AD FS, you must send us your Federation Metadata XML file.

1. Create an enterprise application

1.1 From the Azure Portal, navigate to the target tenant by switching to the relevant Azure Active Directory, and then click Enterprise applications:

1.2 To create an Azure AD enterprise application, click Enterprise applications > New application:

1.3 If you see a notification "You're in the new and improved app gallery experience. Click here to switch back to the legacy app gallery experience.", click the banner to go to the legacy experience:

1.4 Click app type Non-gallery application.

1.5 Choose a name for the federation, e.g. Fourthline Case Review Portal, and then click Add:

2. Configure single sign-on

2.1 In the Azure Portal, go to Overview, and then click Set up single sign-on:

2.2 Click SAML:

2.3 In the Basic SAML configuration block, click Edit:

2.4 Configure single sign-on with the settings we provided you:

Reply URLhttps://<cognitoUrl>/saml2/idpresponse
If the service provider entity ID is added automatically, delete the entry for and set the entry for urn:amazon:cognito:sp: as the default.

3. Configure the claims

3.1 On the Set up single sign-on with SAML page, in the User attributes & claims block, click Edit:

3.2 Configure the user attributes and map all required SAML claims you need to send to the relying party as follows:

A unique user identifier, also referred to as Name ID or User Principal Name:

The user's email address:

The user's first name, also referred to as Given name:

The user's surname:

The application roles:

4. Download SAML metadata

4.1 On the Set up single sign-on with SAML page, in the SAML signing certificate block, click Download for the Federation Metadata XML:

4.2 Send the federation metadata XML file to your implementation manager.

5. Add users

5.1 Go to App registrations. It displays Owned application by default.

5.2 If the list is empty, click All applications.

5.3 Select the application you want to configure roles for.

5.4 In the left menu, click App roles.

5.5 In the main screen, click Create app role.

5.6 Add the role permissions.

If there is already a default User role, check that the correct User value is set.

5.7 To add groups to the application:

  • On the main tenant screen, in the left menu, click Groups.
  • For each role, click New group.

5.8 To add roles to the groups:

  • Go to Enterprise applications, and then click the application to configure.
  • In the left menu, click Users and groups.
  • In the main screen, click Add user/group.

5.9 Select a group and the corresponding role, and then click Assign. You should have 1 group per role.

5.10 To add users to the groups:

  • Go to the Overview page and click Groups.
  • Click the group to add users to.
  • In the left menu, click Members.
  • In the top menu:
    • To add one or more users manually, click Add members.
    • To import multiple users with a .CSV file, click Bulk operations.

You have set up Azure federation!

Top of page