The purpose of this document is to provide set up information on the Azure AD integration.


This document provides step by step instructions on how to connect the Outpost24 tools OUTSCAN and HIAB with Azure AD.


An Identity Provider (IdP) offers user authentication as a service. It is a trusted provider that allows the use of single sign-on (SSO) to access other application. SSO enhances usability by reducing password fatigue as passwords are maintained on your IdP.

Set Up Identity Provider


To enable SSO on HIAB/OUTSCAN you will have to import meta-data from your IdP into HIAB/OUTSCAN. You will also need to export the service provider’s meta-data from HIAB/OUTSCAN and import it to your IdP.


While reading the response from IdP during signing in to our portal, we accept signed assertions with parameters. The parameters list which your IdP is returning in response must include your user name in a parameter. By default it is set to parameter named uid but you can set up to different parameter (eg Subject attribute).

Set up Identity Provider Integration

To set up Identity Provider:

  1. Go to Menu > Settings > Integrations and select the Identity Provider tab.

    Integrations Settings - Identity Provider.

  2. Provide the below information to enable Identity Provider (IdP):
    • Enabled: Select the Enabled checkbox to enable the protocol for single sign-on trusting another source to log in.

 Use one or both of the following option to provide metadata of IdP:

    • Get metadata from file: Select Identity provider’s metadata file by clicking the + symbol beside the field.
      Metadata contains information such as how it works, what type of login is acceptable and so on.
    • Get metadata from URL: Provide a URL from which the OUTSCAN or HIAB (Service Provider) should fetch metadata from IdP.
    • Subject attribute: Enter uid string. This field cannot be left empty.


      The parameter name must be typed as expected in the SAML authentication response (one single word starting with lowercase and may include some upper cases (eg camelCase)).

    • Signature hash algorithm: Select between SHA-256 or SHA-1.

After enabling the required settings:

  1. Click Save to save the current settings.
  2. Click Reset to fully remove the current settings. This disables the integration.
    • IDP Metadata: Click this button to display the currently uploaded metadata of the Identity Provider.
    • SP Metadata: Click on this button to display the service provider’s metadata.

Getting the SP Metadata File

You will require the SP metadata file from the Outpost24 tool you wish to integrate with.

On the Outpost24 Tool

  1. Navigate to Main Menu > Settings > Integrations > Identity Provider
  2. Select the Enabled checkbox and click the SP Metadata button

    Identity Provider

Azure AD Configuration

  1. Login to https://portal.azure.com.
  2. Once in the portal, in the navigation bar search Active Directory.

    Active Directory

Creating a new Enterprise Application

  1. In the side bar navigation select Enterprise Applications.

    Enterprise Applications

  2. Select the + New application button.

    New Application

  3. In the Add an application screen, select Non-gallery application, and give the application a name that is recognizable and click Add. Azure will create the application ready for configuration.

    Add an Application

    Add Your Own Application

Setting up Single Sign On

  1. In the Getting Started section select Setup single sign on and select the SAML option.

    Getting Started

    Select the SAML option

  2.  Select the Upload metadata file and navigate to the downloaded Outpost24 metadata file from the previous steps. This populates the fields under the Basic SAML Configuration view.

    Upload Metadata File

    Entity ID should show: https://<IP>/opi/XMLAPI?ACTION=SHOWSPMETADATA

    Reply URL should show: https://<IP>/opi/XMLAPI?ACTION=SAMLRESPONSE

    You will need to add the Sign on URL manually: https://<IP>/opi/XMLAPI?ACTION=SAMLRESPONSE

    Where IP is the <IP> of the Outpost24 Tool you are integrating with.

  3. Next you need to create a custom User Attribute.

    1. Click Edit under the User Attributes and Claims section.
      User Attributes and Claims Section

    2. Click the + Add new Claim button.
      Add New Claim

  4. Configure the following information in the Manage Claim screen.

    Manage Claim

    Name: uid

    Namespace: can be left blank

    Source: Select the Transformation radio button

  5. In the Manage Transformation pop up view enter the following information.

    Manage Transformation

    Transformation: Join()

    Parameter 1: user.givenname

    Separator: This depends on the user naming convention used in Outpost24 if a username is Firstname.Surname the separator would be a . (period).

    Parameter 2: user.surname

    As a result the UID sent to Outpost24 with the above configuration for Joe Bloggs would be Joe.Bloggs.

    Manage Claim

  6. Click the Add button. The transformation field now show the configuration you just created.

  7. Click the Save button.

  8. Return to the Outpost24 HIAB Application configuration screen.

    Email addresses cannot be used as usernames for SAML as the technology will ignore anything after an @ symbol meaning login will fail in Outpost24 Tools.

Configuring Outpost24 Tools

Under section 3 of the SAML-based Sign On screen > SAML Signing Certificate. Download the Federation Metadata XML file. You receive a XML file which is named the name of the application you have created in Azure.

SAML Signing Certificate

You need to edit the XML to add some information for the integration to work properly.

Uploading the file in its current state will result in an error.

Within the EntityDescriptor tag, which is normally on line 1 of the XML file you will need to add an attribute validUntil and an expiration date for the integration. 


The time should be in UTC format yyyy-mm-ddThh:mm:ss


Once saved, navigate to the Outpost24 Tool and go to the following location

  1. Main Menu > Settings > Integrations.
  2. Select the Get metadata from file + icon.

    Get Metadata From File

  3. Select the XML file downloaded from Azure.
    If the file is valid, a new tab opens with the XML file printed within the displayed window for validation.
  4. Close this tab once complete.

Verifying Integration Functionality

  1. Navigate to the login screen for the Outpost24 Tool
  2. Enter the Outpost24 username (FirstName.LastName as previously configured) of the user added to the Outpost24 Application within Azure
  3. Click single sign on and you will be redirected to login via the Azure portal.

The users AD account will need to be added to the Outpost24 Application in Azure to successfully login.


© 2022 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.


Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.