Has anyone hooked up Yellowfin to Azure AD using SAML Bridge?

Thanks Simon

Good to know it is possible. This is not my area at all but thought I would help our team who are also struggling with this.

I realise this is a big ask but can you share the onelogin.saml.properties file from this project (with sensitive details removed of course?)

Thanks

Dean

Hi Mark,

Thanks for the response

Our sales consultants are reaching out also but the feedback so far is that there is no reference config around. That's why I asked here in case someone in the community had the info we need

Thanks

Dean

Hi Dean,

Are your sales consultants reaching out to us? I can reach out to our consultancy team to see if they have had any experience/documentation on this if you prefer?

Regards,

Mark

Hi Mark,

Sorry, yeah I was referring to our Yellowfin sales manager and consultant. Apologies for being unclear

So far they haven't been able to track any reference docs specifically for Azure AD. I think I have pieced together something that will work but a reference onelogin.saml.properties file for AAD would be immensely helpful

Thanks

Dean

Hi Dean,

I hope all is well,

Can I ask if you have had any response from our Yellowfin Sales/Consultancy team? I would also like to question whether or not our guide with connecting to ADFS would be of a similar guide/steps to getting Azure AD set up?

If you can let me know I would appreciate this greatly.

Regards,

Mark

Hi Mark,

They haven't been able to locate anything as far as I know.

Re the ADFS guide, from what I can tell the setup in Azure AD looks very different so I don't think the guide is of much help

There are 2 ways to do this with Azure AD. One is a tool provided by Microsoft called AD Connect which connects Azure to your ADFS. Our team were a little hesitant to implement this and would prefer a direct hookup to Azure (we have a somewhat unique setup)

The 2nd option then is SAML, hence the question. Using the SAML Config guide I was able to piece something together which I think may work. Again though a lot of the documentation refers to ADFS and the naming conventions are different between ADFS and Azure AD. After a good bit of Googling I think I have found what bits go where but we have yet to test it. I couldn't find any examples of someone hooking the Onelogin Java API to Azure AD but it would have been a lot easier if I did.

Ultimately, an updated/new guide exactly like this one https://wiki.yellowfinbi.com/display/USER74/SAML+Configurations but pointing to the Azure names/config instead of ADFS (there's a whole section on name ID format which may or may not be needed for example) or even bespoke ones similar to this one for Okta https://community.yellowfinbi.com/knowledge-base/article/configuring-yellowfin-to-authenticate-via-okta would be ideal

I think you'll see a general move away from on prem auth towards cloud IDPs etc so some guides for the likes of Azure, Google etc would be great

Thanks

Dean

Hi Dean,

Thank you for the detailed response. I agree, it would be great if we had a similar guide for Azure AD as we do for ADFS. I can bring this up with the wider team...

Going forward can I ask if we can mark this ticket as Answered as I can see further communication with Sales/Consultants. I say this as this is something that our consultancy team can push and hopefully assist with getting this set up for you (fingers crossed).

Let me know.

Regards,

Mark

Hi Mark,

Absolutely, mark it as answered.

If we get something working will I be able to post back in case others have the same issue?

Thanks

Dean

Hi Dean,

Thank you for confirming. Yes, simply re-open the ticket.

Have a great week ahead.

Regards,

Mark

Hi Dean,

I also struggled to find a guide for this, but managed to get it working the end! So, so that no-one else has to go through the same pain, attached are my notes. These worked for me with YF 8 & Azure SQL as my backend DB. The SQL query to update the config DB turned out to be quite key & was found in collaboration with YF. Hopefully it made it back into their internal KB as it was a painful, but useful (in the end) journey at the time between us.

Hope this helps!!!

Kind Regards,

Pete

Hi Peter,

Thank you for this document! It is extremely helpful

We had parked this for awhile but I think your doc will start us back up again!

Thanks

Dean

Thank you for the updates on this.

Regards,

Mark