Before you start
In Microsoft Entra ID, you must have one of the following roles: Cloud Application Administrator, Application Administrator, or owner of the service principal.
In Whistleblower Software, you must have either the Administrator or System Technician role to access Settings > Security.
SAML is available on the Advanced plan only.
Before users can sign in, make sure the following are in place or login will fail: signed responses or assertions must be enabled in your identity provider, and the Name ID must be mapped to the user's email address.
Steps
Step 1: Open Azure Enterprise applications
Navigate to https://portal.azure.com and go to Azure Active Directory > Enterprise Applications.
Step 2: Create a new application
Click New application, then Create your own application. Give it a name such as "Whistleblower Software" and press Create.
Step 3: Set up SAML login
Inside the new application, select Single sign-on and choose SAML as the method.
Step 4: Download the Whistleblower Software metadata file
Go to Settings > Security in Whistleblower Software. Enable Login with SAML and click Download next to Service provider metadata file. Save this file.
Step 5: Upload the metadata file into azure
Back in Azure, upload the metadata file you just downloaded and press Save. Azure will populate the Identifier and Reply URL fields automatically from the file.
Step 6: Mapping users
In Azure, go to Attributes and Claims and make sure the Name ID is mapped to the user's email address. This is required for login to work. Without it, Whistleblower Software cannot match the incoming SAML assertion to an existing user.
Step 7: Download the Azure metadata file
In Azure, under the SAML Signing Certificate section, download the Federation Metadata XML file.
Step 8: Upload the Azure metadata file into Whistleblower Software
Go back to Settings > Security in Whistleblower Software. Under Identity provider metadata file, upload the Federation Metadata XML file you downloaded from Azure.
Step 9: Assign users or groups
In Azure, go to Users and groups for the application and add the users or groups that need access to Whistleblower Software.
We’re here to support you. If you have questions reach out to us directly via the Messenger icon in the bottom right corner of your screen, or send us an email at [email protected]