Azure Connector Configuration

Connecting the LockSelf application to an identity federation is done via the SAMLv2 protocol. It is therefore possible to connect the application to your company Azure account.

Creating the connector

1. Click on "New application" and then on "Create your own application".
   
   
   
2. Define a name for the connector, generally "LockSelf", and click on the third checkbox "Integrate any other application you do not find in the gallery (Non-gallery)". Finally, click on "Create".
   
   
3. In the left menu, click on "Single sign-on", then on "SAML".
   
   
   

Configure the connector

1. Edit the first block "Basic SAML Configuration".
   
   
2. Fill in the information as shown below:
   
   
   1. 1. Identifier (Entity ID): corresponds to the application metadata URL.
         1. https://FQDN/saml2/metadata
      2. Reply URL (Assertion Consumer Service URL): corresponds to the reply URL that will be called by the connector.
         1. https://FQDN/saml2/response
      3. Sign-on URL (optional): corresponds to the login URL for your users.

         1. https://FQDN/?sso

            (where FQDN replaces the domain name of your LockSelf installation).

3. Edit the second block "Attributes & Claims".
   
   
   
   At this step, you must return the claims as shown above. Be careful to respect the case.
4. (Optional) If you want to push certain user groups to LockSelf, you will need to add a group claim.

If your groups are synced from a LOCAL directory:

Check the checkbox "Groups assigned to the application" then "sAMAccountName" as the source attribute.

If your groups are security groups managed directly in Azure AD:

Check the checkbox "Groups assigned to the application" then "Cloud-only group display names (preview)" as the source attribute.

Click on "Advanced options" then check "Customize the name of the group claim". Finally, type "groups" in the Name field (be careful to respect the case).

Only the groups you add in the next step will be pushed to LockSelf.

Once this is done, you will need to notify your Account Manager so that we can activate this option on the application side.

Allow users to access the application

This step consists of choosing which users or user groups can access the connector, and therefore the application.

To do this, click on "Users and groups" in the left menu.

Then choose the authorized users / groups.

Retrieve the IDP metadata

Once the connector is configured, you will be able to retrieve the IDP metadata.

The metadata is retrieved via a URL, available in the "SAML Signing Certificate" block on the "App Federation Metadata URL" line.

Copy and paste this URL, then enter it in the LockSelf application.

Verify the connection

Once these steps are completed, you will be able to test the connector:

• Step 1: To test correctly, open a private browsing window and go to your infrastructure URL (https://FQDN/?sso). If you are using the browser extension, click on the gear icon, then on "Clear cache".
   
• Step 2: On the SSO tab, enter your email in the displayed field or click directly on the "Sign in" button.
  • If this does not work, on the login page, click on the gear icons in the top right corner, and verify that in the API URL field there is /api/ at the end of the dedicated domain name. For example: https://votreentreprise.lockself-cloud.com/api/, https://lockself.votreentreprise.com/api/, etc...
     
• Step 3: You will be redirected to your organization's Azure SSO portal where you can authenticate.
   
• Step 4: Once authenticated, you will be redirected to LockSelf, which will ask you to create the PIN code associated with your account.

Update the IDP metadata

A signing certificate / token encryption update sometimes needs to be performed on the Azure connector.

In this case, you will need to update the new IDP metadata file in the Settings tab of the Administrator account, in the SSO module. For this, refer to this documentation: SSO Interconnection Configuration.

Updated June 18, 2026 14:10