Ambassador Cloud supports single sign-on via SAML 2.0. In order to configure single sign-on you will need to contact a member of the Ambassador Support team.
- Ambassador Cloud Enterprise Subscription.
- Cloud Application Administrator access to the Entra admin center for your organization.
- Your unique case sensitive company ID provided by Ambassador Support.
Go to the Entra Admin console for your company.
Browse to Identity > Applications > Enterprise applications.
Select New application.
Select Create your own application.
Enteras the app name, select option Integrate any other application you don't find in the gallery (Non-gallery) and click Create.
On the application page, select Properties, and upload the Ambassador Logo. Set the Visible to users? option to
Yesand hit Save.
On the application's page, Single sign-on, and select SAML as the sign-on method.
Edit the Basic SAML Configuration
In the Identifier (Entity ID) field, click Add identifier and enter.
- Enter your case sensitive company ID here and then copy this URL to use in the next step:
In the Reply URL (Assertion Consumer Service URL) field, click Add identifier and enter the above URL (after inputting your case-sensitive company ID).
In the Relay State (Optional) field, enterand click Save.
Edit the Attributes & Claims.
CLick the Unique User Identifier (Name ID) claim.
In Source attribute select
Back on the Signe sign-on screen, copy the App Federation Metadata Url value and give it to support to complete the configuration.
When your Application is created you should be able to see it in the MyApps portal.
Go to Identity > Applications > Enterprise applications and select the Ambassador Cloud application.
Select Users and groups and click Add user/group
Under the Users section, assign as many users/groups as required.
Save your changes.
Go to the application properties and make sure that the option Assignment required? is set to
Once your support contact has notified you that your SSO integration has been activated, you will want to test it to ensure that it is working properly. If these tests do not proceed as expected, then please schedule a live debug session with your Ambassador Support contact.
To test Identity Provider initiated Sign On, you should ensure that you are starting from a logged out browser with clean state by creating a new incognito session for each test.
Go to MyApps portal.
You should see the Ambassador Cloud application on your dashboard. If you do not then make sure your user is added to the Application as described in Step 2
Click on the Ambassador Cloud application. You should end up at the Ambassador Cloud website and be logged in.