How to set up SSO with SAML for Azure AD

In this article, we'll explain how to configure your Datawrapper account so you can use Single-Sign-On via Microsoft Azure Active Directory.

To use Azure AD as an identity provider for Datawrapper, you first need to add Datawrapper as a new SAML app in Azure AD, and enter the service provider data provided by Datawrapper into Azure AD. Then, enter the identity provider data provided by Azure AD into Datawrapper. To do this, follow these steps:

1. Add a new app in Azure AD by selecting Enterprise applications, then New application and then clicking Create your own application. In the top right, select Integrate any other application you don't find in the gallery, and name it Datawrapper.
2. In the left sidebar in Azure AD, click Single Sign-On and then select the SAML option:
3. Click on Edit in the Basic SAML Configuration section:



4. Open your Datawrapper team settings and navigate to the Single-Sign-On section. Enable the Enable Single-Sign-On switch and select SAML2 as protocol:

   

5. In your Azure AD settings, specify the following values for Identifier (Entity ID), Reply URL and Sign on URL:

Identifier (Entity ID):

https://app.datawrapper.de/sp
	

Reply URL:

https://app.datawrapper.de/signin/sso
	

You can find the Sign on URL at the bottom of your Datawrapper team settings as team signin URL.

6. In your Azure AD settings, copy the Login URL from Section 4 and paste it into the SSO-URL field in Datawrapper. Also, copy the Azure AD Identifier value into the Entity-ID text field in Datawrapper.
7. Download the Certificate (Base64) file from the Azure AD settings. Open the file in a text editor and copy the values into the Certificate field in Datawrapper.



8. Once everything is filled in, the settings page should look like this and display the team signin URL at the very bottom:



Distribute the team signin URL to your users to sign in to Datawrapper using the Azure AD identity provider.