Azure Active Directory Configuration


  • Log in to the Azure Active Directory admin center and navigate to Enterprise Applications.
  • Click on New Application.
  • On the Add Application page, click the Non-gallery application button.
  • In the Add your own application page, type in Gimmal Discover for the Name of the application.
  • Once the application is added, click the option to Configure single sign-on and fill in the values as shown in the screenshot below:


Single Sign-on Mode: SAML-based Sign-on

Identifier: https://discover.gimmal.cloud/Account/Login

Reply URL: https://discover.gimmal.cloud/Account/SamlConsume


  • Download the Certificate (Base64) highlighted above.
  • Open the downloaded certificate file in Notepad. You will need the text to add in the Discover dashboard.
  • Copy the SAML2 Login URL highlighted above, you will need this to configure in the Discover dashboard.
  • Close the Configure Sign-on window and click on Users and Groups.
  • Add the users from your Azure Directory that need to be authenticated for Discover.



Discover Dashboard

  • Log in to the console using an Administrator account.
  • Click the Settings icon in the top right corner of the console and navigate to the Single Sign-on tab


  • Set the following values:

               Enable single sign-on: check the box for Main Login
               Identity Provider Endpoint: Paste the SAML Single Sign-on Service URL copied from the Azure AD portal
               Certificate: Edit the Base64 certificate downloaded from Azure AD in a text editor, copy the entire certificate text (including the BEGIN CERTIFICATE and END CERTIFICATE lines) and paste it into this field.

Base URL for SSO: although it says 'optional' we recommend setting this value to: discover.gimmal.cloud


  • Click the Save button to update the settings.

Login Instructions

To login to Altitude using Single Sign-on, on the login page:

Click the Use Single Sign-on link



Enter a valid Customer ID then click Login.


If the user's Azure credential is cached in the browser, the user will be logged in. If not, they will be redirected to the Microsoft 365 login page, prompted to enter their credentials, then logged into Discover following successful authentication.

Note: Checking the Force SAML Authentication box will ignore any cached credentials and force the user to reenter their Azure AD login information.