Skip to main content

Sisense SSO Azure



  • Gregory Short

    Any documentation update on this?  Having some step-by-step instructions would be great to get this working with our Azure AD.

  • Jim Thomas

    We finally got it working so here is what our documentation is:


    • cert for the url
    • url with bindings to https (we use 443)

    Azure ADFS New App Registration

    Provide to networking team:
    Identifier: https://<sisense domain>.[com | org]/
    Reply URL: https://<sisense domain>.[com | org]/api/v1/authentication/login_saml_callback

    We need to use the ADFS handler for sisense:
    Specific download link:

    Copy files to machine, specific location: C:\Program Files\Sisense\PrismWeb\ in new folder ADFSHandler

    We now need to edit ADFSProxy.ashx open notepad as admin:

    1. change the DestinationADFSUrl to the url provided by Azure ADFS

    Azure ADFS calls it
    SAML Single Sign-On Service URL:<domain guid blah>/saml2

    2. We had this issue where it appeared that Azure ADFS was sending a saml 1.1 so towards the bottom you will need to change the comparison to "exact". If exact also fails change back to default:

    xw.WriteStartElement("samlp", "RequestedAuthnContext", SAML_NS_PROTOCOL);
    xw.WriteAttributeString("Comparison", "exact"); //exact for ADFS we need to replace it to the minimum, so ADFS will be able to login user via different flow (windows,kerberos etc)

    3. you will need to install the cert provided from Azure ADFS on the machine
    4. In Sisense your login should look like this:

    Hope this helps!

  • Unite Admin

    If anyone comes across this for Azure AD SSO, you can get it working by doing the following:

    1. Set your identifier in the Enterprise Application's SSO configuration to 'Sisense'
    2. Open C:\Program Files\Sisense\PrismWeb\vnext\src\common\middlewares\samlAuthentication.middleware.js
    3. Change this line:

    identifierFormat: 'urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress'


    identifierFormat: 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified,

    Then, do an iisreset and restart the Sisense.Prism service.


    I have a case opened and I hope to get this resolved in a future release.  I am currently running 7.1.3 and tested the above today with success.  However, it's a use at your own risk modification and I just needed it for a proof of concept.

  • Jared Russell

    @Unite Admin - were you ever able to get it fully setup? Was it resolved in a future release? Thanks!

  • Brittany Hainsworth

    For anyone having this issue in 7.4, I was able to fix it by editing the same file that @unite admin changed but the location has changed, and the identifier format I used is different.

    C:\Program Files\Sisense\app\gateway-service\src\middlewares\samlAuthentication.middleware


    for the identifier format, use 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'


Please sign in to leave a comment.