Setup instructions 

SSO AD MICROSOFT AZURE + GOOGLE 

 

Introduction 
This document outlines a step-by-step process to setup authentication for Microsoft Azure AD 
and Google Suite Single sign on - SSO  

Summary 

Azure Setup 1 

Azure Setup + Desko setup 6 

Google Enterprise setup 10 

Azure setup 
1. Go to your Azure portal ​https://portal.azure.com/ 

2. Choose Azure Active Directory  

CNPJ 09.591.453/0001-04 Rua Baronesa do Gravataí, 137/307 Porto Alegre / RS 

 3. Choose Enterprise Applications 

 
 4. Add a new application 

5. Choose NON-GALLERY application

6. Add a name for the new application - DESKO 

 
 7. Add users and groups that will have access to the app 

8. Setup SAML protocol choosing Single Logon and then > SAML 

 
  
Azure setup on DESKO control panel  
1. Go to Desko control panel (​https://painel.desko.com.br​), be sure you have access as admin user. 
Ask the requester for your credentials. 

2. Go to Configuração/Autenticação 

3. Enable “Permitir Acesso SSO por SAML” (Allow SSO/SAML access) 

 
4. Add a name for the connection and a text for the login button - You can leave this task for the 
local representative 

5. Setup Identity provider and add the URLs from Azure to DESKO´s control panel as shown below 

Related fields from Azure on DESKO 

Campo da Azure  Campo do Painel Desko 

Azure AD Identification  ID da Identidade (Url do Identificador) 

Logon URL  URL de Login 

Logoff URL  URL de Logout 

6. Download Azure Base64 Certificate 

 
  

7. Upload the certificate on DESKO´s panel 

Desko supports .cer (Base64) certificate. Binary (.der) is not supported. In case you have 
a binary certificate, convert it before uploading to Desko.  

$ ​openssl x509 -inform der -in <binary certificate name>.cer -out <base64
binary certificate name>.cer

8. Desko uses claims to manage users data. Please provide claims for:  

/firstname 

/lastname 

/emailaddress 

/employeecode 

Please be sure to use the correct entries from your account. 

 
 PS: Desko uses the DECLARATION not the information under VALUE 

9. On your Azure portal, inform the Basic SAML setup information choosing EDIT in the first box.  

 
10. Add to Azure the correspondant info from DESKO for Entity ID, Declaration Service URL and 
Logon / Logoff URLs and click SALVAR (save) 

11. Do not forget to SAVE clicking on SALVAR 

12. GREAT! You are ready to access your DESKO app and use the SSO method. 
<companyaccessname>.desko.com.br and choose the option for SSO with your customized text 

13. Be Happy :) 

 
 SSO Google Enterprise setup 
1. Access your Google Admin page. Choose Apps and then SAML Apps. Then, choose ADD A 
SERVICE/APPLICATION TO YOUR DOMAIN.  

2. Click INSTALL MY OWN CUSTOM APPLICATION 

 
3. Setup the Identity Provider 

Below: Related fields on Google and DESKO Setup page

Google field  Desko field 

Entity ID  ID da Identidade (Url do Identificador) 

SSO URL  URL de Login 

4. Download the Certificate and Upload it to Desko - PEM or CER format 

5. Click NEXT and add a Name and Description for your app 

 
6. Copy the information from DESKO to ACS URL and Entity ID 

Be sure to copy the info from your DESKO panel, not from this document. 

7. Mark the NAME ID as PERSISTENT in the NAME CODE FORMAT 

8. Hit NEXT 
9. Hit FINISH 

 
 
10. Click OK on the confirmation popup 
11. Proceed to SAML ATTRIBUTES MAPPING and click on SETUP SAML ATTRIBUTES 
 

 
 
 
 
 
 
 
12. Click on ADD ANOTHER MAPPING 
 

 
 
13. Map the attributes: FIRST NAME, LAST NAME, EMAIL, EMPLOYEE CODE 
 
Copy from DESKO panel and copy to the related attribute field in the mapping box 

 
 
 
 
 
 

 
  
14. Hit SAVE 
15. Do not forget to click SAVE (SALVAR) on DESKO 
16. Click TEST SAML LOGIN 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
THE END :) 
 

Versionamento 

Versão  Author  Data 

v1.2  Cleber Rodrigues  08/10/2020 

v1.1  Cleber Rodrigues  15/09/2020 

v1.0  Mário Verdi  13/09/2020