Azure Active Directory Integration With CloudSuite

Contents
SaaS application tutorials

Single sign-on tutorials
0-9
10,000ft Plans
123ContactForm
15Five
23 Video
360 Online
4me
8x8 Virtual Office
A
Abintegro
Absorb LMS
Abstract
Academy Attendance
Acadia
Accredible
Achieve3000
ACLP
AcquireIO
Adaptive Insights
Adobe Captivate Prime
Adobe Creative Cloud
Adobe Experience Manager
Adobe Identity Management
Adobe Sign
Adoddle cSaas Platform
ADP
ADP Globalview
Agiloft
Aha!
Airstack
Airtable
AirWatch
Alcumus Info Exchange
AlertOps
Alibaba Cloud Service (Role-based SSO)
Allbound SSO
Allocadia
Amazon Business
Amazon Web Services (AWS)
Amazon Web Services (AWS) to connect multiple accounts
AMMS
Amplitude
Anaplan
ANAQUA
Andfrankly
Andromeda
AnswerHub
Apex Portal
AppBlade
AppDynamics
Appinux
AppNeta Performance Monitor
Appraisd
Apptio
Aravo
ARC Facilities
Arc Publishing - SSO
ArcGIS Enterprise
ArcGIS Online
ARES for Enterprise
Ariba
Asana
ASC Contracts
Ascentis
Asset Bank
Atlassian Cloud
Atlassian Jira and Confluence
Atomic Learning
Attendance Management Services
AuditBoard
Autotask Endpoint Backup
Autotask Workplace
AwardSpring
B
BambooHR
Bambu by Sprout Social
BC in the Cloud
BeeLine
Benchling
BenefitHub
Benefitsolver
BenSelect
Bersin
BetterWorks
BGS Online
Bime
Birst Agile Business Analytics
BIS
BitaBIZ
Bitly
Blackboard Learn
Blackboard Learn - Shibboleth
Blink
Blue Access for Members (BAM)
BlueJeans
Bomgar Remote Support
Bonusly
Boomi
BorrowBox
Box
Boxcryptor
Bpm’online
Brandfolder
Braze
Bridge
Bridgeline Unbound
Bright Pattern Omnichannel Contact Center
Brightidea
Brightspace by Desire2Learn
Bugsnag
Bynder
C
CA PPM
CakeHR
Canvas Lms
Capriza Platform
Carbonite Endpoint Backup
Carlson Wagonlit Travel
CBRE ServiceInsight
Central Desktop
Ceridian Dayforce HCM
Cerner Central
Certain Admin SSO
Certent Equity Management
Certify
Cezanne HR Software
Chargebee
Cherwell
Chromeriver
ChronicXÂ®
Cimpl
Cisco Cloud
The Cloud Security Fabric
Cisco Webex
Cisco Umbrella
Cisco Webex Meetings
Citrix Netscaler
Citrix ShareFile
Civic Platform
Clarizen
Clear Review
ClearCompany
Clever
Clever Nelly
ClickTime
ClickUp Productivity Platform
Cloud Management Portal for Microsoft Azure
Cloudmore
CloudPassage
Cloud Service PICCO
Cobalt
Cognidox
Collaborative Innovation
Comeet Recruiting Software
Comm100 Live Chat
Communifire
CompetencyIQ
Compliance ELF
Concur
Concur Travel and Expense
Condeco
Confirmit Horizons
Confluence SAML SSO by Microsoft
Consent2Go
Contentful
ContractWorks
Control
Convene
Convercent
Coralogix
Cornerstone OnDemand
CorpTax
Costpoint
Coupa
CPQSync by Cincom
CS Stars
CyberArk SAML Authentication
CylancePROTECT
D-E
DATABASICS
Datahug
Dealpath
Degreed
Deputy
Deskradar
DigiCert
Direct
Directions on Microsoft
Discovery Benefits SSO
Displayr
dmarcian
DocuSign
Dome9 Arc
Domo
Dossier
Dovetale
Dow Jones Factiva
Darwinbox
Drift
Dropbox for Business
Druva
Dynamic Signal
Dynatrace
EAB Navigate IMPL
EAB Navigate Strategic Care
EasyTerritory
EBSCO
eCornell
Edcor
eDigitalResearch
EduBrite LMS
EFI Digital StoreFront
Egnyte
eKincare
Eli Onboarding
Elium
eLuminate
Empactis
EmpCenter
Encompass
Envi MMIS
Envoy
ePlatform
EthicsPoint Incident Management (EPIM)
etouches
Euromonitor Passport
EverBridge
Evernote
Evidence.com
ExcelityGlobal
ExpenseIn
Expensify
Explanation-Based Auditing System
Expiration Reminder
EZOfficeInventory
ExponentHR
F-G
F5
FactSet
Fidelity NetBenefits
Fieldglass
Figma
FileCloud
FilesAnywhere
FirmPlay - Employee Advocacy for Recruiting
Firstbird
FiscalNote
Five9 Plus Adapter (CTI, Contact Center Agents)
Flatter Files
Flock
FloQast
Fluxx Labs
FM&#58Systems
Foko Retail
Folloze
Foodee
ForeSee CX Suite
Form.com
Freedcamp
FreshDesk
FreshGrade
Freshservice
Freshworks
Front
Frontline Education
Fulcrum
Fuse
Fuze
G Suite
GaggleAMP
Getabstract
GetThere
Gigya
GitHub
GlassFrog
GlobalOne
GoodPractice Toolkit
GoToMeeting
Gra-Pe
Greenhouse
GreenOrbit
Grovo
GT Nexus Prod System
H-I
Hackerone
Halogen Software
Halosys
HappyFox
Harness
Helper Helper
Help Scout
Heroku
HeyBuddy
HighGear
Hightail
HireVue
Hootsuite
Hornbill
Hosted Graphite
Hosted Heritage Online SSO
HPE SaaS
HR2day by Merces
HRworks Single Sign-On
HubSpot SAML
Huddle
Humanity
Hype
HyperAnna
IBM Kenexa Survey Enterprise
IBM OpenPages
Icertis Contract Management Platform
ICIMS
IDC
IdeaScale
iDiD Manager
IDrive
Igloo Software
iLMS
Image Relay
IMAGE WORKS
Imagineer WebVision
IMPAC Risk Manager
In Case of Crisis - Mobile
Infinite Campus
Infogix Data3Sixty Govern
Infor CloudSuite
Infor Retail - Information Management
Inkling
Innotas
Innovation Hub
Insider Track
InsideView
Insight4GRC
Insignia SAML SSO
Insperity ExpensAble
InstaVR Viewer
Intacct
InTime
Intralinks
iPass SmartConnect
iProva
IQNavigator VMS
iQualify LMS
Iris Intranet
IriusRisk
iServer Portal
ITRP
itslearning
Ivanti Service Manager (ISM)
iWellnessNow
J-K
Jamf Pro
JDA Cloud
JFrog Artifactory
JIRA SAML SSO by Microsoft
JIRA SAML SSO by Microsoft (V5.2)
Jitbit Helpdesk
Jive
Jobbadmin
JOBHUB
Jobscience
JobScore
join.me
Jostle
Juno Journey
Kallidus
Kanbanize
Kantega SSO for Bamboo
Kantega SSO for Bitbucket
Kantega SSO for Confluence
Kantega SSO for FishEye/Crucible
Kantega SSO for JIRA
Keeper Password Manager & Digital Vault
Kindling
Kintone
Kiteworks
Klue
KnowBe4 Security Awareness Training
Knowledge Anywhere LMS
KnowledgeOwl
Kontiki
Korn Ferry ALP
Kronos
Kudos
L-M
Land Gorilla Client
LaunchDarkly
LCVista
Lean
Leapsome
Learning at Work
Learning Seat LMS
Learningpool Act
LearnUpon
Lecorpio
Lesson.ly
Lifesize Cloud
LINE WORKS
Learnster
LinkedIn Elevate
LinkedIn Learning
LinkedIn Sales Navigator
LiquidFiles
Litmos
LockPath Keylight
LogicMonitor
LoginRadius
Lucidchart
Lynda.com
M-Files
Mail Luck!
Manabi Pocket
Marketo
MaxxPoint
MCM
Menlo Security
Mercell
Mercer BenefitsCentral (MBC)
Merchlogix
Meta4 Global HR
Meta Networks Connector
Mimecast Admin Console
Mimecast Personal Portal
Mindflash
MindTickle
mindWireless
Miro
Mitel Connect
Mixpanel
MOBI
MobiControl
Mobile Xpense
MobileIron
moconavi
monday.com
Montage Online
Motus
MOVEit Transfer - Azure AD integration
Moxi Engage
Moxtra
Mozy Enterprise
MS Azure SSO Access for Ethidex Compliance Office™
MyAryaka
My Award Points Top Sub/Top Team
myPolicies
MyVR
MyWorkDrive
N-O
N2F - Expense reports
Namely
NegometrixPortal Single Sign On (SSO)
NEOGOV
Neota Logic Studio
NetDocuments
Netop Portal
Netskope Cloud Security
Netskope User Authentication
Netsuite
New Relic
Nexonia
Nimblex
Nomadesk
Nomadic
Novatus
Nuclino
O.C. Tanner - AppreciateHub
OfficeSpace Software
ON24 Virtual Environment SAML Connection
OneDesk
Oneteam
OneTrust Privacy Management Software
Onit
OnTrack
Opal
OpenAthens
OpsGenie
Optimizely
Oracle Cloud Infrastructure Console
Oracle Fusion ERP
OrgChart Now
Origami
Otsuka Shokai
OutSystems
OU Campus
Overdrive
P
Pacific Timesheet
PageDNA
PagerDuty
Palo Alto Networks - Aperture
Palo Alto Networks - Captive Portal
Palo Alto Networks - GlobalProtect
PandaDoc
Panopto
Panorama9
Pantheon
PatentSQUARE
Pavaso Digital Close
Paylocity
Peakon
Pega Systems
People
Peoplecart
Perception United States (Non-UltiPro)
Perceptyx
Percolate
PerformanceCentre
Periscope Data
Phraseanet
Picturepark
Pingboard
PlanGrid
PlanMyLeave
Pluralsight
PolicyStat
PostBeyond
Powerschool Performance Matters
Predictix Assortment Planning
Predictix Ordering
Predictix Price Reporting
Printix
Prisma Cloud
Procore SSO
productboard
Projectplace
Promapp
ProMaster (by Inlogik)
ProNovos Ops Manager
Proofpoint on Demand
Proxyclick
PureCloud by Genesys
PurelyHR
Q-R
Qlik Sense Enterprise
Qmarkets Idea & Innovation Management
QPrism
Qualtrics
Quantum Workplace
Questetra BPM Suite
QuickHelp
Qumu Cloud
Rackspace SSO
Rally Software
Real Links
Recognize
RedBrick Health
RedVector
Reflektive
RENRAKU
Replicon
Reviewsnap
Reward Gateway
RFPIO
RightAnswers
Rightscale
RingCentral
Riskware
Riva
Robin
RStudio Connect
RolePoint
Rollbar
RunMyProcess
S
SafeConnect
SafetyNet
Salesforce
Salesforce Sandbox
Samanage
SAML 1.1 Token enabled LOB App
SAML SSO for Bamboo by resolution GmbH
SAML SSO for Bitbucket by resolution GmbH
SAML SSO for Confluence by resolution GmbH
SAML SSO for Jira by resolution GmbH
Azure AD SAML Toolkit
Sansan
SAP Business ByDesign
SAP Analytics Cloud
SAP Cloud for Customer
SAP Cloud Platform
SAP Cloud Platform Identity Authentication
SAP Fiori
SAP HANA
SAP NetWeaver
Sauce Labs - Mobile and Web Testing
ScaleX Enterprise
SCC LifeCycle
Screencast-O-Matic
Schoox
Sciforma
SciQuest Spend Director
ScreenSteps
SD Elements
Secret Server (On-Premises)
Sectigo Certificate Manager
SECURE DELIVER
SecureW2 JoinNow Connector
Sedgwick CMS
Seismic
SensoScientific Wireless Temperature Monitoring System
Sequr
ServiceChannel
ServiceNow
Settling music
SharePoint on-premises
Shibumi
ShipHazmat
Shmoop For Schools
Showpad
Shuccho Navi
Signagelive
SignalFx
Sigstr
SilkRoad Life Suite
Silverback
SimpleNexus
Simple Sign
Skilljar
Skillport
Skills Base
Skills Manager
SkyDesk Email
Skyhigh Networks
SKYSITE
Skytap
Skyward Qmlativ
Slack
Small Improvements
SmartDraw
SmarterU
SmartFile
SmartLPA
SmartRecruiters
smartvid.io
Snowflake
Softeon WMS
Soloinsight-CloudGate SSO
Sonarqube
Soonr Workplace
SpaceIQ
Spacio
Splunk Enterprise and Splunk Cloud
Spotinst
SpringCM
Springer Link
Sprinklr
StatusPage
Stormboard
SuccessFactors
Sugar CRM
SumoLogic
SumTotalCentral
Supermood
SurveyMonkey Enterprise
Symantec Web Security Service (WSS)
Syncplicity
Synergi
T-V
T&E Express
Tableau Online
Tableau Server
TalentLMS
Talent Palette
Tango Analytics
Tangoe Command Premium Mobile
TargetProcess
TAS
Teamphoria
TeamSeer
Teamwork.com
Templafy
TextMagic
The Funding Portal
ThirdLight
ThirdPartyTrust
Thoughtworks Mingle
ThousandEyes
Tidemark
TigerText Secure Messenger
TimeLive
TimeOffManager
TINFOIL SECURITY
TiViTz
TonicDM
TOPdesk - Public
TOPdesk - Secure
TrackVia
Trakopolis
Trakstar
Trello
Trisotech Digital Enterprise Server
TurboRater
Uberflip
UltiPro
Ungerboeck Software
UNIFI
Useall
UserEcho
UserVoice
Velpic SAML
Veracode
Veritas Enterprise Vault.cloud SSO
Versal
Viareport (Europe)
Vibe HCM
Vidyard
Visit.org
Visitly
Visma
Vocoli
Vodeclic
Voyance
Vtiger CRM (SAML)
vxMaintain
W-Z
Watch by Colors
Wandera
Way We Do
Wdesk
webMethods Integration Suite
Weekdone
Whatfix
Whitesource
Wikispaces
Wingspan eTMF
Wizergos Productivity Software
Work.com
Workable
WorkBoard
Workday
Workfront
Workgrid
Workpath
Workplace by Facebook
Workrite
Workspot Control
Workstars
Workteam
Wrike
XaitPorter
xMatters OnDemand
Yardi eLearning
YardiOne
Yodeck
Yonyx Interactive Guides
YouEarnedIt
Zendesk
ZenQMS
ZephyrSSO
Ziflow
ZIVVER
Zoho
Zoho One
Zoom
Zscaler
Zscaler Beta
Zscaler Internet Access Administrator
Zscaler One
Zscaler Private Access (ZPA)
Zscaler Private Access Administrator
Zscaler Three
Zscaler Two
Zscaler ZSCloud
Zwayam
User provisioning tutorials
0-9
4me
15Five
A-L
Airstack
Amazon Web Services (AWS) - Role Provisioning
Asana
Atlassian Cloud
BitaBIZ
Blink
BlueJeans
Bonusly
Box
Brivo Onair Identity Connector
Cerner Central
Cisco Webex
Concur
Cornerstone OnDemand
DocuSign
Dynamic Signal
Dialpad
Druva
Envoy
Elium
Figma
Federated Directory
Fuze
Flock
Foodee
G Suite
GitHub
GoToMeeting
Infor CloudSuite
Ideo
Insight4GRC
iPass SmartConnect
Jive
LinkedIn Elevate
Lucidchart
Leapsome
Looop
Merchlogix
Meta Networks Connector
myPolicies
Mindtickle
Miro
N-Z
Netskope Administrator Console
Netsuite
Oracle Fusion ERP
Pingboard
Promapp
Priority Matrix
Proxyclick
Peakon
Reward Gateway
RFPIO
RingCentral
Robin
Rollbar
Salesforce
Salesforce Sandbox
Samanage
SAP Cloud Platform Identity Authentication
ServiceNow
Slack
Snowflake
Smartsheet
Smartfile
SpaceIQ
StarLeaf
Storegate
Signagelive
Tableau Online
ThousandEyes
Templafy
TheOrgWiki
Velpic
Visitly
Workday
Workteam
Workgrid
Wrike
Zendesk
Zscaler
Zscaler Beta
Zscaler One
Zscaler Private Access
Zscaler Two
Zscaler Three
Zscaler ZSCloud
Zoom
Tutorials for integrating SaaS applications with Azure
Active Directory
11/5/2019 • 2 minutes to read • Edit Online
To help integrate your cloud-enabled software as a service (SaaS ) applications with Azure Active Directory, we
have developed a collection of tutorials that walk you through configuration.
For a list of all SaaS apps that have been pre-integrated into Azure AD, see the Active Directory Marketplace.
Use the application network portal to request a SCIM enabled application to be added to the gallery for
automatic provisioning or a SAML / OIDC enabled application to be added to the gallery for SSO.
Quick links
APPLICATION TUTORIAL FOR SINGLE APPLICATION TUTORIAL FOR USER
LOGO SIGN-ON PROVISIONING
Atlassian Cloud Atlassian Cloud - User Provisioning
ServiceNow ServiceNow - User Provisioning
Slack Slack - User Provisioning
SuccessFactors
Workday Workday - User Provisioning
To find more tutorials, use the table of contents on the left.
Cloud Integrations
Amazon Web Services (AWS) Console Amazon Web Services (AWS) Console -
Role Provisioning
Alibaba Cloud Service (Role bases SSO)
Google Cloud Platform Google Cloud Platform - User

Provisioning
Salesforce Salesforce - User Provisioning
SAP Cloud Identity Platform SAP Cloud Identity Platform -

Provisioning
OneClick SSO
APPLICATION TUTORIAL FOR SINGLE
LOGO SIGN-ON
AcquireIO
Aha!
AlertOps
Amplitude
Appraisd
ArcGIS Enterprise
Atlassian Cloud
Carbonite Endpoint Backup
CakeHR
Deskradar
Displayr
dmarcian
LOGO SIGN-ON
DocuSign
Dome9 Arc
Drift
Elium
Envoy
Evernote
ExpenseIn
Foodee
Freedcamp
Freshservice
Harness
Help Scout
Hightail

LOGO SIGN-ON
Jamf Pro
Kanbanize
Knowledge Anywhere LMS
monday.com
MyWorkDrive
Nuclino
People
PurelyHR
RingCentral
ScaleX Enterprise
TargetProcess
Teamphoria
TextMagic
Velpic SAML
LOGO SIGN-ON
Wandera
Watch by Colors
Way We Do
Workteam
XaitPorter
Yodeck
Zendesk
Zscaler
Zscaler Beta
Zscaler One
Zscaler Private Access (ZPA)
Zscaler Three
Zscaler Two
Zscaler ZSCloud
Next steps
To learn more about application management, see What is application management.
Tutorial: Azure Active Directory integration with
10,000ft Plans
In this tutorial, you learn how to integrate 10,000ft Plans with Azure Active Directory (Azure AD ). Integrating
10,000ft Plans with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to 10,000ft Plans.
You can enable your users to be automatically signed-in to 10,000ft Plans (Single Sign-On) with their Azure AD
accounts.
You can manage your accounts in one central location - the Azure portal.
If you want to know more details about SaaS app integration with Azure AD, see What is application access and
single sign-on with Azure Active Directory. If you don't have an Azure subscription, create a free account before
you begin.
Prerequisites
To configure Azure AD integration with 10,000ft Plans, you need the following items:
An Azure AD subscription. If you don't have an Azure AD environment, you can get a free account
10,000ft Plans single sign-on enabled subscription
Scenario description
In this tutorial, you configure and test Azure AD single sign-on in a test environment.
10,000ft Plans support SP initiated SSO
10,000ft Plans support Just In Time user provisioning
Adding 10,000ft Plans from the gallery

To configure the integration of 10,000ft Plans into Azure AD, you need to add 10,000ft Plans from the gallery to
your list of managed SaaS apps.
To add 10,000ft Plans from the gallery, perform the following steps:
1. In the Azure portal, on the left navigation panel, click the Azure Active Directory icon.
2. Navigate to Enterprise Applications and then select the All Applications option.
3. To add a new application, click the New application button at the top of the dialog.
4. In the search box, type 10,000ft Plans, select 10,000ft Plans from the result panel then click the Add
button to add the application.
Configure and test Azure AD single sign-on

In this section, you configure and test Azure AD single sign-on with 10,000ft Plans based on a test user called
Britta Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in
10,000ft Plans needs to be established.
To configure and test Azure AD single sign-on with 10,000ft Plans, you need to complete the following building
blocks:
1. Configure Azure AD Single Sign-On - to enable your users to use this feature.
2. Configure 10000ft Plans Single Sign-On - to configure the Single Sign-On settings on application side.
3. Create an Azure AD test user - to test Azure AD single sign-on with Britta Simon.
4. Assign the Azure AD test user - to enable Britta Simon to use Azure AD single sign-on.
5. Create 10000ft Plans test user - to have a counterpart of Britta Simon in 10,000ft Plans that is linked to the
Azure AD representation of user.
6. Test single sign-on - to verify whether the configuration works.
Configure Azure AD single sign-on
In this section, you enable Azure AD single sign-on in the Azure portal.
To configure Azure AD single sign-on with 10,000ft Plans, perform the following steps:
1. In the Azure portal, on the 10,000ft Plans application integration page, select Single sign-on.
2. On the Select a Single sign-on method dialog, select SAML/WS -Fed mode to enable single sign-on.
3. On the Set up Single Sign-On with SAML page, click Edit icon to open Basic SAML Configuration
dialog.
4. On the Basic SAML Configuration section, perform the following steps:

a. In the Sign on URL text box, type the URL: https://app.10000ft.com
b. In the Identifier (Entity ID ) text box, type the URL: https://app.10000ft.com/saml/metadata
NOTE
The value for Identifier is different if you have a custom domain. Contact 10,000ft Plans Client support team to get
this value. You can also refer to the patterns shown in the Basic SAML Configuration section in the Azure portal.
5. On the Set up Single Sign-On with SAML page, in the SAML Signing Certificate section, click
Download to download the Certificate (Raw) from the given options as per your requirement and save it
on your computer.
6. On the Set up 10,000ft Plans section, copy the appropriate URL (s) as per your requirement.
a. Login URL
b. Azure AD Identifier
c. Logout URL
Configure 10000ft Plans Single Sign-On
To configure single sign-on on 10,000ft Plans side, you need to send the downloaded Certificate (Raw) and
appropriate copied URLs from Azure portal to 10,000ft Plans support team. They set this setting to have the
SAML SSO connection set properly on both sides.
Create an Azure AD test user
The objective of this section is to create a test user in the Azure portal called Britta Simon.
1. In the Azure portal, in the left pane, select Azure Active Directory, select Users, and then select All users.
2. Select New user at the top of the screen.
3. In the User properties, perform the following steps.
a. In the Name field, enter BrittaSimon.

b. In the User name field, type brittasimon@yourcompanydomain.extension . For example,
BrittaSimon@contoso.com
c. Select Show password check box, and then write down the value that's displayed in the Password box.
d. Click Create.
Assign the Azure AD test user
In this section, you enable Britta Simon to use Azure single sign-on by granting access to 10,000ft Plans.
1. In the Azure portal, select Enterprise Applications, select All applications, then select 10,000ft Plans.
2. In the applications list, select 10,000ft Plans.
3. In the menu on the left, select Users and groups.
4. Click the Add user button, then select Users and groups in the Add Assignment dialog.
5. In the Users and groups dialog, select Britta Simon in the Users list, then click the Select button at the
bottom of the screen.
6. If you are expecting any role value in the SAML assertion then in the Select Role dialog select the
appropriate role for the user from the list, then click the Select button at the bottom of the screen.
7. In the Add Assignment dialog, click the Assign button.
Create 10000ft Plans test user
In this section, a user called Britta Simon is created in 10,000ft Plans. 10,000ft Plans supports just-in-time user
provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't already
exist in 10,000ft Plans, a new one is created after authentication.
NOTE
If you need to create a user manually, you need to contact the 10,000ft Plans Client support team.
Test single sign-on

In this section, you test your Azure AD single sign-on configuration using the Access Panel.
When you click the 10,000ft Plans tile in the Access Panel, you should be automatically signed in to the 10,000ft
Plans for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Additional Resources
List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory
What is application access and single sign-on with Azure Active Directory?
What is Conditional Access in Azure Active Directory?
123ContactForm
In this tutorial, you learn how to integrate 123ContactForm with Azure Active Directory (Azure AD ). Integrating
123ContactForm with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to 123ContactForm.
You can enable your users to be automatically signed-in to 123ContactForm (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with 123ContactForm, you need the following items:
An Azure AD subscription. If you don't have an Azure AD environment, you can get one-month trial here
123ContactForm single sign-on enabled subscription
123ContactForm supports SP and IDP initiated SSO
123ContactForm supports Just In Time user provisioning
Adding 123ContactForm from the gallery

To configure the integration of 123ContactForm into Azure AD, you need to add 123ContactForm from the gallery
to your list of managed SaaS apps.
To add 123ContactForm from the gallery, perform the following steps:
1. In the Azure portal, on the left navigation panel, click Azure Active Directory icon.
3. To add new application, click New application button on the top of dialog.
4. In the search box, type 123ContactForm, select 123ContactForm from result panel then click Add button
to add the application.

In this section, you configure and test Azure AD single sign-on with 123ContactForm based on a test user called
123ContactForm needs to be established.
To configure and test Azure AD single sign-on with 123ContactForm, you need to complete the following building
blocks:
2. Configure 123ContactForm Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create 123ContactForm test user - to have a counterpart of Britta Simon in 123ContactForm that is linked to
the Azure AD representation of user.
To configure Azure AD single sign-on with 123ContactForm, perform the following steps:
1. In the Azure portal, on the 123ContactForm application integration page, select Single sign-on.
dialog.
4. On the Basic SAML Configuration section, If you wish to configure the application in IDP initiated mode,
perform the following steps:
a. In the Identifier text box, type a URL using the following pattern:
https://www.123contactform.com/saml/azure_ad/<tenant_id>/metadata
b. In the Reply URL text box, type a URL using the following pattern:
https://www.123contactform.com/saml/azure_ad/<tenant_id>/acs
5. Click Set additional URLs and perform the following step if you wish to configure the application in SP
initiated mode:
In the Sign-on URL text box, type a URL using the following pattern:
https://www.123contactform.com/saml/azure_ad/<tenant_id>/sso
NOTE
These values are not real. You'll need to update these value from actual URLs and Identifier which is explained later in
the tutorial.
Download to download the Federation Metadata XML from the given options as per your requirement
and save it on your computer.
7. On the Set up 123ContactForm section, copy the appropriate URL (s) as per your requirement.
a. Login URL
b. Azure Ad Identifier
c. Logout URL
Configure 123ContactForm Single Sign-On
1. To configure single sign-on on 123ContactForm side, go to https://www.123contactform.com/form-
2709121/ and perform the following steps:
a. In the Email textbox, type the email of the user like BrittaSimon@Contoso.com.
b. Click Upload and browse the downloaded Metadata XML file, which you have downloaded from Azure
portal.
c. Click SUBMIT FORM.
2. On the Microsoft Azure AD - Single sign-on - Configure App Settings perform the following steps:
a. If you wish to configure the application in IDP initiated mode, copy the IDENTIFIER value for your
instance and paste it in Identifier textbox in Basic SAML Configuration section on Azure portal.
b. If you wish to configure the application in IDP initiated mode, copy the REPLY URL value for your
instance and paste it in Reply URL textbox in Basic SAML Configuration section on Azure portal.
c. If you wish to configure the application in SP initiated mode, copy the SIGN ON URL value for your
instance and paste it in Sign On URL textbox in Basic SAML Configuration section on Azure portal.

a. In the Name field enter BrittaSimon.
b. In the User name field type brittasimon@yourcompanydomain.extension
For example, BrittaSimon@contoso.com
d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to 123ContactForm.
1. In the Azure portal, select Enterprise Applications, select All applications, then select 123ContactForm.
2. In the applications list, select 123ContactForm.

5. In the Users and groups dialog select Britta Simon in the Users list, then click the Select button at the
7. In the Add Assignment dialog click the Assign button.
Create 123ContactForm test user
In this section, a user called Britta Simon is created in 123ContactForm. 123ContactForm supports just-in-time
user provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't
already exist in 123ContactForm, a new one is created after authentication.
Test single sign-on
When you click the 123ContactForm tile in the Access Panel, you should be automatically signed in to the
123ContactForm for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
15Five
In this tutorial, you learn how to integrate 15Five with Azure Active Directory (Azure AD ). Integrating 15Five with
Azure AD provides you with the following benefits:
You can control in Azure AD who has access to 15Five.
You can enable your users to be automatically signed-in to 15Five (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with 15Five, you need the following items:
15Five single sign-on enabled subscription
15Five supports SP initiated SSO
Adding 15Five from the gallery

To configure the integration of 15Five into Azure AD, you need to add 15Five from the gallery to your list of
managed SaaS apps.
To add 15Five from the gallery, perform the following steps:
4. In the search box, type 15Five, select 15Five from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with 15Five based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in 15Five
needs to be established.
To configure and test Azure AD single sign-on with 15Five, you need to complete the following building blocks:
2. Configure 15Five Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create 15Five test user - to have a counterpart of Britta Simon in 15Five that is linked to the Azure AD
representation of user.
To configure Azure AD single sign-on with 15Five, perform the following steps:
1. In the Azure portal, on the 15Five application integration page, select Single sign-on.
dialog.

a. In the Sign on URL text box, type a URL using the following pattern: https://<companyname>.15five.com
b. In the Identifier (Entity ID ) text box, type a URL using the following pattern:
https://<companyname>.15five.com/saml2/metadata/
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact 15Five Client
support team to get these values. You can also refer to the patterns shown in the Basic SAML Configuration
section in the Azure portal.
6. On the Set up 15Five section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure 15Five Single Sign-On
To configure single sign-on on 15Five side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to 15Five support team. They set this setting to have the SAML SSO
connection set properly on both sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to 15Five.
1. In the Azure portal, select Enterprise Applications, select All applications, then select 15Five.
2. In the applications list, select 15Five.
Create 15Five test user
To enable Azure AD users to log in to 15Five, they must be provisioned into 15Five. When 15Five, provisioning is a
manual task.
To configure user provisioning, perform the following steps:
1. Log in to your 15Five company site as administrator.
2. Go to Manage Company.
3. Go to People > Add PEOPLE.
4. In the Add New Person section, perform the following steps:

a. Type the First Name, Last Name, Title, Email address of a valid Azure Active Directory account you
want to provision into the related textboxes.
b. Click Done.
NOTE
The Azure AD account holder receives an email including a link to confirm the account before it becomes active.
Test single sign-on

When you click the 15Five tile in the Access Panel, you should be automatically signed in to the 15Five for which
you set up SSO. For more information about the Access Panel, see Introduction to the Access Panel.
Tutorial: Integrate 23 Video with Azure Active
Directory
In this tutorial, you'll learn how to integrate 23 Video with Azure Active Directory (Azure AD ). When you integrate
23 Video with Azure AD, you can:
Control in Azure AD who has access to 23 Video.
Enable your users to be automatically signed-in to 23 Video with their Azure AD accounts.
Manage your accounts in one central location - the Azure portal.
To learn more about SaaS app integration with Azure AD, see What is application access and single sign-on with
Azure Active Directory.
Prerequisites
To get started, you need the following items:
An Azure AD subscription. If you don't have a subscription, you can get a free account.
23 Video single sign-on (SSO ) enabled subscription.
In this tutorial, you configure and test Azure AD SSO in a test environment.
23 Video supports SP initiated SSO
Adding 23 Video from the gallery

To configure the integration of 23 Video into Azure AD, you need to add 23 Video from the gallery to your list of
managed SaaS apps.
1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
2. On the left navigation pane, select the Azure Active Directory service.
3. Navigate to Enterprise Applications and then select All Applications.
4. To add new application, select New application.
5. In the Add from the gallery section, type 23 Video in the search box.
6. Select 23 Video from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.

Configure and test Azure AD SSO with 23 Video using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in 23 Video.
To configure and test Azure AD SSO with 23 Video, complete the following building blocks:
1. Configure Azure AD SSO - to enable your users to use this feature.
2. Configure 23 Video SSO - to configure the Single Sign-On settings on application side.
3. Create an Azure AD test user - to test Azure AD single sign-on with B.Simon.
4. Assign the Azure AD test user - to enable B.Simon to use Azure AD single sign-on.
5. Create 23 Video test user - to have a counterpart of B.Simon in 23 Video that is linked to the Azure AD
6. Test SSO - to verify whether the configuration works.
Configure Azure AD SSO
Follow these steps to enable Azure AD SSO in the Azure portal.
1. In the Azure portal, on the 23 Video application integration page, find the Manage section and select
Single sign-on.
2. On the Select a Single sign-on method page, select SAML.
3. On the Set up Single Sign-On with SAML page, click the edit/pen icon for Basic SAML Configuration
to edit the settings.
4. On the Basic SAML Configuration section, enter the values for the following fields:
a. In the Sign on URL text box, type a URL using the following pattern: https://<subdomain>.23video.com
https://www.23video.com/saml/trust/<uniqueid>
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact 23 Video Client
5. On the Set up Single Sign-On with SAML page, in the SAML Signing Certificate section, find
Certificate (Base64) and select Download to download the certificate and save it on your computer.
6. On the Set up 23 Video section, copy the appropriate URL (s) based on your requirement.
Configure 23 Video SSO
To configure single sign-on on 23 Video side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to 23 Video support team. They set this setting to have the SAML
SSO connection set properly on both sides.
In this section, you'll create a test user in the Azure portal called B.Simon.
1. From the left pane in the Azure portal, select Azure Active Directory, select Users, and then select All users.
3. In the User properties, follow these steps:
a. In the Name field, enter B.Simon .
b. In the User name field, enter the username@companydomain.extension. For example,
B.Simon@contoso.com .
c. Select the Show password check box, and then write down the value that's displayed in the Password
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to 23 Video.
1. In the Azure portal, select Enterprise Applications, and then select All applications.
2. In the applications list, select 23 Video.
3. In the app's overview page, find the Manage section and select Users and groups.
4. Select Add user, then select Users and groups in the Add Assignment dialog.
5. In the Users and groups dialog, select B.Simon from the Users list, then click the Select button at the
6. If you're expecting any role value in the SAML assertion, in the Select Role dialog, select the appropriate
role for the user from the list and then click the Select button at the bottom of the screen.
Create 23 Video test user
The objective of this section is to create a user called B.Simon in 23 Video.
To create a user called B.Simon in 23 Video, perform the following steps:
1. Sign on to your 23 Video company site as administrator.
2. Go to Settings.
3. In Users section, click Configure.
4. Click Add a new user.
5. In the Invite someone to join this site section, perform the following steps:
a. In the E -mail addresses textbox, type the email address of a user like B.Simon@contoso.com.
b. Click Add the user...
Test SSO
When you click the 23 Video tile in the Access Panel, you should be automatically signed in to the 23 Video for
which you set up SSO. For more information about the Access Panel, see Introduction to the Access Panel.
Additional resources
What is conditional access in Azure Active Directory?
Tutorial: Azure Active Directory integration with 360
Online
In this tutorial, you learn how to integrate 360 Online with Azure Active Directory (Azure AD ). Integrating 360
Online with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to 360 Online.
You can enable your users to be automatically signed-in to 360 Online (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with 360 Online, you need the following items:
360 Online single sign-on enabled subscription
360 Online supports SP initiated SSO
Adding 360 Online from the gallery

To configure the integration of 360 Online into Azure AD, you need to add 360 Online from the gallery to your list
of managed SaaS apps.
To add 360 Online from the gallery, perform the following steps:
4. In the search box, type 360 Online, select 360 Online from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with 360 Online based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in 360
Online needs to be established.
To configure and test Azure AD single sign-on with 360 Online, you need to complete the following building
blocks:
2. Configure 360 Online Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create 360 Online test user - to have a counterpart of Britta Simon in 360 Online that is linked to the Azure
AD representation of user.
To configure Azure AD single sign-on with 360 Online, perform the following steps:
1. In the Azure portal, on the 360 Online application integration page, select Single sign-on.
dialog.

https://<company name>.public360online.com
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact 360 Online Client support team to get
the value. You can also refer to the patterns shown in the Basic SAML Configuration section in the Azure portal.
6. On the Set up 360 Online section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure 360 Online Single Sign-On
To configure single sign-on on 360 Online side, you need to send the downloaded Metadata XML and
appropriate copied URLs from Azure portal to 360 Online support team. They set this setting to have the SAML

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to 360 Online.
1. In the Azure portal, select Enterprise Applications, select All applications, then select 360 Online.
2. In the applications list, select 360 Online.
Create 360 Online test user
In this section, you create a user called Britta Simon in 360 Online. Work with 360 Online support team to add the
users in the 360 Online platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the 360 Online tile in the Access Panel, you should be automatically signed in to the 360 Online for
Tutorial: Azure Active Directory single sign-on (SSO)
integration with 4me
In this tutorial, you'll learn how to integrate 4me with Azure Active Directory (Azure AD ). When you integrate 4me
with Azure AD, you can:
Control in Azure AD who has access to 4me.
Enable your users to be automatically signed-in to 4me with their Azure AD accounts.
Prerequisites
4me single sign-on (SSO ) enabled subscription.
4me supports SP initiated SSO
4me supports Just In Time user provisioning
Adding 4me from the gallery

To configure the integration of 4me into Azure AD, you need to add 4me from the gallery to your list of managed
SaaS apps.
5. In the Add from the gallery section, type 4me in the search box.
6. Select 4me from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
Configure and test Azure AD single sign-on for 4me

Configure and test Azure AD SSO with 4me using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in 4me.
To configure and test Azure AD SSO with 4me, complete the following building blocks:
Create an Azure AD test user - to test Azure AD single sign-on with B.Simon.
Assign the Azure AD test user - to enable B.Simon to use Azure AD single sign-on.
2. Configure 4me SSO - to configure the single sign-on settings on application side.
Create 4me test user - to have a counterpart of B.Simon in 4me that is linked to the Azure AD

1. In the Azure portal, on the 4me application integration page, find the Manage section and select single
sign-on.
2. On the Select a single sign-on method page, select SAML.
3. On the Set up single sign-on with SAML page, click the edit/pen icon for Basic SAML Configuration to
edit the settings.
a. In the Sign on URL text box, type a URL using the following pattern:
ENVIRONMENT URL
PRODUCTION https://<SUBDOMAIN>.4me.com
QA https://<SUBDOMAIN>.4me.qa
ENVIRONMENT URL
PRODUCTION https://<SUBDOMAIN>.4me.com
QA https://<SUBDOMAIN>.4me.qa
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact 4me Client support
team to get these values. You can also refer to the patterns shown in the Basic SAML Configuration section in the
Azure portal.
5. 4me application expects the SAML assertions in a specific format, which requires you to add custom
attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of
default attributes.
6. In addition to above, 4me application expects few more attributes to be passed back in SAML response
which are shown below. These attributes are also pre populated but you can review them as per your
requirements.
NAME SOURCE ATTRIBUTE
first_name user.givenname
last_name user.surname
7. In the SAML Signing Certificate section, click Edit button to open SAML Signing Certificate dialog.
8. In the SAML Signing Certificate section, copy the THUMBPRINT and save it on your computer.
9. On the Set up 4me section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to 4me.
2. In the applications list, select 4me.
Configure 4me SSO

1. In a different web browser window, sign in to 4me as an Administrator.
2. On the top left, click on Settings logo and on the left side bar click Single Sign-On.
3. On the Single Sign-On page, perform the following steps:
a. Select the Enabled option.

b. In the Remote logout URL textbox, paste the value of Logout URL, which you have copied from the
Azure portal.
c. Under SAML section, in the SAML SSO URL textbox, paste the value of Login URL, which you have
copied from the Azure portal.
d. In the Certificate fingerprint textbox, paste the THUMBPRINT value separated by a colon in duplets
order (AA:BB:CC:DD:EE:FF:GG:HH:II), which you have copied from the Azure portal.
e. Click Save.
Create 4me test user
In this section, a user called Britta Simon is created in 4me. 4me supports just-in-time user provisioning, which is
enabled by default. There is no action item for you in this section. If a user doesn't already exist in 4me, a new one
is created after authentication.
NOTE
If you need to create a user manually, contact 4me support team.
Test SSO
When you click the 4me tile in the Access Panel, you should be automatically signed in to the 4me for which you
set up SSO. For more information about the Access Panel, see Introduction to the Access Panel.
Try 4me with Azure AD
Tutorial: Azure Active Directory integration with 8x8
Virtual Office
In this tutorial, you learn how to integrate 8x8 Virtual Office with Azure Active Directory (Azure AD ). Integrating
8x8 Virtual Office with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to 8x8 Virtual Office.
You can enable your users to be automatically signed-in to 8x8 Virtual Office (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with 8x8 Virtual Office, you need the following items:
8x8 Virtual Office single sign-on enabled subscription
8x8 Virtual Office supports IDP initiated SSO
8x8 Virtual Office supports Just In Time user provisioning
Adding 8x8 Virtual Office from the gallery

To configure the integration of 8x8 Virtual Office into Azure AD, you need to add 8x8 Virtual Office from the
gallery to your list of managed SaaS apps.
To add 8x8 Virtual Office from the gallery, perform the following steps:
4. In the search box, type 8x8 Virtual Office, select 8x8 Virtual Office from result panel then click Add

In this section, you configure and test Azure AD single sign-on with 8x8 Virtual Office based on a test user called
Britta Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in 8x8
Virtual Office needs to be established.
To configure and test Azure AD single sign-on with 8x8 Virtual Office, you need to complete the following building
blocks:
2. Configure 8x8 Virtual Office Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create 8x8 Virtual Office test user - to have a counterpart of Britta Simon in 8x8 Virtual Office that is linked
to the Azure AD representation of user.
To configure Azure AD single sign-on with 8x8 Virtual Office, perform the following steps:
1. In the Azure portal, on the 8x8 Virtual Office application integration page, select Single sign-on.
dialog.
4. On the Basic SAML Configuration dialog, perform the following steps:

a. In the Identifier text box, type a URL using the following pattern: https://sso.8x8.com/saml2
b. In the Reply URL text box, type a URL using the following pattern: https://sso.8x8.com/saml2
on your computer.
6. On the Set up 8x8 Virtual Office section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure 8x8 Virtual Office Single Sign-On
1. Sign-on to your 8x8 Virtual Office tenant as an administrator.
2. Select Virtual Office Account Mgr on Application Panel.
3. Select Business account to manage and click Sign In button.
4. Click ACCOUNTS tab in the menu list.
5. Click Single Sign On in the list of Accounts.
6. Select Single Sign On under Authentication methods and click SAML.

7. In the SAML Single Sign on section, perform the following steps:
a. In the Sign In URL textbox, paste Login URL value which you have copied from the Azure portal.
b. In the Sign Out URL textbox, paste Logout URL value which you have copied from the Azure portal.
c. In the Issuer URL textbox, paste Azure AD Identifier value which you have copied from the Azure
portal.
d. Click Browse button to upload the certificate which you downloaded from Azure portal.
e. Click the Save button.


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to 8x8 Virtual Office.
1. In the Azure portal, select Enterprise Applications, select All applications, then select 8x8 Virtual
Office.
2. In the applications list, type and select 8x8 Virtual Office.

Create 8x8 Virtual Office test user
In this section, a user called Britta Simon is created in 8x8 Virtual Office. 8x8 Virtual Office supports just-in-time
already exist in 8x8 Virtual Office, a new one is created after authentication.
NOTE
If you need to create a user manually, you need to contact the 8x8 Virtual Office support team.
Test single sign-on
When you click the 8x8 Virtual Office tile in the Access Panel, you should be automatically signed in to the 8x8
Virtual Office for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
integration with Abintegro
In this tutorial, you'll learn how to integrate Abintegro with Azure Active Directory (Azure AD ). When you integrate
Abintegro with Azure AD, you can:
Control in Azure AD who has access to Abintegro.
Enable your users to be automatically signed-in to Abintegro with their Azure AD accounts.
Prerequisites
Abintegro single sign-on (SSO ) enabled subscription.
Abintegro supports SP initiated SSO
Abintegro supports Just In Time user provisioning
Adding Abintegro from the gallery

To configure the integration of Abintegro into Azure AD, you need to add Abintegro from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Abintegro in the search box.
6. Select Abintegro from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Abintegro

Configure and test Azure AD SSO with Abintegro using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Abintegro.
To configure and test Azure AD SSO with Abintegro, complete the following building blocks:
a. Create an Azure AD test user - to test Azure AD single sign-on with B.Simon.
b. Assign the Azure AD test user - to enable B.Simon to use Azure AD single sign-on.
2. Configure Abintegro SSO - to configure the single sign-on settings on application side.
a. Create Abintegro test user - to have a counterpart of B.Simon in Abintegro that is linked to the Azure

1. In the Azure portal, on the Abintegro application integration page, find the Manage section and select
single sign-on.
edit the settings.
https://www.abintegro.com/Shibboleth.sso/Login?entityID=<Issuer>&target=https://www.abintegro.com/secure/
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact Abintegro Client support team to get
5. On the Set up single sign-on with SAML page, in the SAML Signing Certificate section, find
Federation Metadata XML and select Download to download the certificate and save it on your
computer.
6. On the Set up Abintegro section, copy the appropriate URL (s) based on your requirement.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Abintegro.
2. In the applications list, select Abintegro.
Configure Abintegro SSO

To configure single sign-on on Abintegro side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to Abintegro support team. They set this setting to have the
Create Abintegro test user
In this section, a user called Britta Simon is created in Abintegro. Abintegro supports just-in-time user
exist in Abintegro, a new one is created after authentication.
Test SSO
When you click the Abintegro tile in the Access Panel, you should be automatically signed in to the Abintegro for
Try Abintegro with Azure AD
Absorb LMS
In this tutorial, you learn how to integrate Absorb LMS with Azure Active Directory (Azure AD ). Integrating Absorb
LMS with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Absorb LMS.
You can enable your users to be automatically signed-in to Absorb LMS (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Absorb LMS, you need the following items:
Absorb LMS single sign-on enabled subscription
Absorb LMS supports IDP initiated SSO
Adding Absorb LMS from the gallery

To configure the integration of Absorb LMS into Azure AD, you need to add Absorb LMS from the gallery to your
list of managed SaaS apps.
To add Absorb LMS from the gallery, perform the following steps:
4. In the search box, type Absorb LMS, select Absorb LMS from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Absorb LMS based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Absorb
LMS needs to be established.
To configure and test Azure AD single sign-on with Absorb LMS, you need to complete the following building
blocks:
2. Configure Absorb LMS Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Absorb LMS test user - to have a counterpart of Britta Simon in Absorb LMS that is linked to the
To configure Azure AD single sign-on with Absorb LMS, perform the following steps:
1. In the Azure portal, on the Absorb LMS application integration page, select Single sign-on.
dialog.
4. On the Set up Single Sign-On with SAML page, click Edit button to open Basic SAML Configuration
dialog.
If you are using Absorb 5 - UI use the following configuration:
https://company.myabsorb.com/account/saml
https://company.myabsorb.com/account/saml
If you are using Absorb 5 - New Learner Experience use the following configuration:
https://company.myabsorb.com/api/rest/v2/authentication/saml
https://company.myabsorb.com/api/rest/v2/authentication/saml
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact Absorb LMS Client
5. The following screenshot shows the list of default attributes, where as nameidentifier is mapped with
user.userprincipalname.
7. On the Set up Absorb LMS section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Absorb LMS Single Sign-On
1. In a new web browser window, sign in to your Absorb LMS company site as an administrator.
2. Select the Account button at the top right.
3. In the Account pane, select Portal Settings.

4. Select the Manage SSO Settings tab.
5. On the Manage Single Sign-On Settings page, do the following:

a. In the Name textbox, enter the name like Azure AD Marketplace SSO.
b. Select SAML as a Method.
c. In Notepad, open the certificate that you downloaded from the Azure portal. Remove the ---BEGIN
CERTIFICATE --- and ---END CERTIFICATE --- tags. Then, in the Key box, paste the remaining content.
d. In the Mode box, select Identity Provider Initiated.
e. In the Id Property box, select the attribute that you configured as the user identifier in Azure AD. For
example, if nameidentifier is selected in Azure AD, select Username.
f. Select Sha256 as a Signature Type.
g. In the Login URL box, paste the User Access URL from the application's Properties page of the Azure
portal.
h. In the Logout URL, paste the Sign-Out URL value that you copied from the Configure sign-on
window of the Azure portal.
i. Toggle Automatically Redirect to On.
6. Select Save.

b. In the User name field type brittasimon\@yourcompanydomain.extension
d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Absorb LMS.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Absorb LMS.
2. In the applications list, type and select Absorb LMS.
Create Absorb LMS test user
For Azure AD users to sign in to Absorb LMS, they must be set up in Absorb LMS. In the case of Absorb LMS,
provisioning is a manual task.
1. Sign in to your Absorb LMS company site as an administrator.
2. In the Users pane, select Users.
3. Select User tab.

4. On the Add User page, do the following:
a. In the First Name box, type the first name, such as Britta.
b. In the Last Name box, type the last name, such as Simon.
c. In the Username box, type a full name, such as Britta Simon.
d. In the Password box, type user password.
e. In the Confirm Password box, retype the password.
f. Set the Is Active toggle to Active.
5. Select Save.
NOTE
By Default, User Provisioning is not enabled in SSO. If the customer wants to enable this feature, they have to set it
up as mentioned in this documentation. Also please note that User Provisioing is only available on Absorb 5 - New
Learner Experience with ACS URL- https://company.myabsorb.com/api/rest/v2/authentication/saml
Test single sign-on

When you click the Absorb LMS tile in the Access Panel, you should be automatically signed in to the Absorb LMS
for which you set up SSO. For more information about the Access Panel, see Introduction to the Access Panel.
Tutorial: Integrate Abstract with Azure Active
Directory
In this tutorial, you'll learn how to integrate Abstract with Azure Active Directory (Azure AD ). When you integrate
Abstract with Azure AD, you can:
Control in Azure AD who has access to Abstract.
Enable your users to be automatically signed-in to Abstract with their Azure AD accounts.
Prerequisites
Abstract single sign-on (SSO ) enabled subscription.
Abstract supports SP and IDP initiated SSO
Adding Abstract from the gallery

To configure the integration of Abstract into Azure AD, you need to add Abstract from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Abstract in the search box.
6. Select Abstract from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.

Configure and test Azure AD SSO with Abstract using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Abstract.
To configure and test Azure AD SSO with Abstract, complete the following building blocks:
2. Configure Abstract SSO - to configure the Single Sign-On settings on application side.
5. Create Abstract test user - to have a counterpart of Britta Simon in Abstract that is linked to the Azure AD
1. In the Azure portal, on the Abstract application integration page, find the Manage section and select
Single sign-on.
4. On the Basic SAML Configuration section the application is pre-configured in IDP initiated mode and the
necessary URLs are already pre-populated with Azure. The user needs to save the configuration by clicking
the Save button.
initiated mode:
In the Sign-on URL text box, type a URL: https://app.abstract.com/signin
6. On the Set up Single Sign-On with SAML page, In the SAML Signing Certificate section, click copy
button to copy App Federation Metadata Url and save it on your computer.
Configure Abstract SSO

Make sure to retrieve your App Federation Metadata Url and the Azure AD Identifier from the Azure portal, as
you will need those to configure SSO on Abstract.
You will find those information on the Set up Single Sign-On with SAML page:
The App Federation Metadata Url is located in the SAML Signing Certificate section.
The Azure AD Identifier is located in the Set up Abstract section.
You are now ready to configure SSO on Abstract:
NOTE
You will need to authenticate with an organization Admin account to access the SSO settings on Abstract.
1. Open the Abstract web app.

2. Go to the Permissions page in the left side bar.
3. In the Configure SSO section, enter your Metadata URL and Entity ID.
4. Enter any manual exceptions you might have. Emails listed in the manual exceptions section will bypass SSO
and be able to log in with email and password.
5. Click Save Changes.
NOTE
You’ll need to use primary email addresses in the manual exceptions list. SSO activation will fail if the email you list is a user’s
secondary email. If that happens, you’ll see an error message with the primary email for the failing account. Add that primary
email to the manual exceptions list after you’ve verified you know the user.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Abstract.
2. In the applications list, select Abstract.
Create Abstract test user
To test SSO on Abstract:
1. Open the Abstract web app.
2. Go to the Permissions page in the left side bar.
3. Click Test with my Account. If the test fails, please contact our support team.
NOTE
You will need to authenticate with an organization Admin account to access the SSO settings on Abstract. This organization
Admin account will need to be assigned to Abstract on the Azure portal.
Test SSO
When you click the Abstract tile in the Access Panel, you should be automatically signed in to the Abstract for
integration with Academy Attendance
In this tutorial, you'll learn how to integrate Academy Attendance with Azure Active Directory (Azure AD ). When
you integrate Academy Attendance with Azure AD, you can:
Control in Azure AD who has access to Academy Attendance.
Enable your users to be automatically signed-in to Academy Attendance with their Azure AD accounts.
Prerequisites
Academy Attendance single sign-on (SSO ) enabled subscription.
Academy Attendance supports SP initiated SSO
Academy Attendance supports Just In Time user provisioning
Adding Academy Attendance from the gallery

To configure the integration of Academy Attendance into Azure AD, you need to add Academy Attendance from
the gallery to your list of managed SaaS apps.
5. In the Add from the gallery section, type Academy Attendance in the search box.
6. Select Academy Attendance from results panel and then add the app. Wait a few seconds while the app is
added to your tenant.
Configure and test Azure AD single sign-on for Academy Attendance

Configure and test Azure AD SSO with Academy Attendance using a test user called B.Simon. For SSO to work,
you need to establish a link relationship between an Azure AD user and the related user in Academy Attendance.
To configure and test Azure AD SSO with Academy Attendance, complete the following building blocks:
2. Configure Academy Attendance SSO - to configure the single sign-on settings on application side.
a. Create Academy Attendance test user - to have a counterpart of B.Simon in Academy Attendance
that is linked to the Azure AD representation of user.

1. In the Azure portal, on the Academy Attendance application integration page, find the Manage section
and select single sign-on.
edit the settings.
https://<SUBDOMAIN>.aattendance.com/sso/saml2/login?idp=<IDP_NAME>
https://<SUBDOMAIN>.aattendance.com/sso/saml2/metadata?idp=<IDP_NAME>
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Academy
Attendance Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
Configuration section in the Azure portal.
5. Your Academy Attendance application expects the SAML assertions in a specific format, which requires you
to add custom attribute mappings to your SAML token attributes configuration. The following screenshot
shows the list of default attributes.
NOTE
Academy Attendance supports two roles for users: Lecturer and Student. Set up these roles in Azure AD so that
users can be assigned the appropriate roles. Please refer to this doc which explains how to create custom roles in
Azure AD.
6. In addition to above, Academy Attendance application expects few more attributes to be passed back in
SAML response which are shown below. These attributes are also pre populated but you can review them as
per your requirement.
role user.assignedroles
computer.
8. On the Set up Academy Attendance section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Academy Attendance.
2. In the applications list, select Academy Attendance.
Configure Academy Attendance SSO

To configure single sign-on on Academy Attendance side, you need to send the downloaded Federation
Metadata XML and appropriate copied URLs from Azure portal to Academy Attendance support team. They set
this setting to have the SAML SSO connection set properly on both sides.
Create Academy Attendance test user
In this section, a user called Britta Simon is created in Academy Attendance. Academy Attendance supports just-in-
time user provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't
already exist in Academy Attendance, a new one is created after authentication.
Test SSO
When you click the Academy Attendance tile in the Access Panel, you should be automatically signed in to the
Academy Attendance for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
Try Academy Attendance with Azure AD
Acadia
In this tutorial, you learn how to integrate Acadia with Azure Active Directory (Azure AD ). Integrating Acadia with
You can control in Azure AD who has access to Acadia.
You can enable your users to be automatically signed-in to Acadia (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Acadia, you need the following items:
Acadia single sign-on enabled subscription
Acadia supports SP and IDP initiated SSO
Acadia supports Just In Time user provisioning
Adding Acadia from the gallery

To configure the integration of Acadia into Azure AD, you need to add Acadia from the gallery to your list of
managed SaaS apps.
To add Acadia from the gallery, perform the following steps:
4. In the search box, type Acadia, select Acadia from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Acadia based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Acadia
To configure and test Azure AD single sign-on with Acadia, you need to complete the following building blocks:
2. Configure Acadia Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Acadia test user - to have a counterpart of Britta Simon in Acadia that is linked to the Azure AD
To configure Azure AD single sign-on with Acadia, perform the following steps:
1. In the Azure portal, on the Acadia application integration page, select Single sign-on.
dialog.
https://<CUSTOMER>.acadia.sysalli.com/shibboleth
https://<CUSTOMER>.acadia.sysalli.com/Shibboleth.sso/SAML2/POST
initiated mode:
https://<CUSTOMER>.acadia.sysalli.com/Shibboleth.sso/Login
NOTE
The values for steps 4 and 5 will be provided in a metadata file by the Acadia team which can be imported by clicking
Upload metadata file on the Basic SAML Configuration section. Update these values with the actual Identifier,
Reply URL and Sign-on URL. You can also refer to the patterns shown in the Basic SAML Configuration section in
the Azure portal to confirm that the metadata values are correct. Contact Acadia Client support team if the provided
values are incorrect.
7. On the Set up Acadia section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Acadia Single Sign-On
To configure single sign-on on the Acadia side, you need to send the downloaded Metadata XML, the App
Federation Metadata URL, and appropriate copied URLs from Azure portal to Acadia support team. They
configure this setting to have the SAML SSO connection set properly on both sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Acadia.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Acadia.
2. In the applications list, select Acadia.

Create Acadia test user
In this section, a user called Britta Simon is created in Acadia. Acadia supports just-in-time user provisioning, which
is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Acadia, a new
one is created after authentication.
Test single sign-on
When you click the Acadia tile in the Access Panel, you should be automatically signed in to the Acadia for which
Accredible
In this tutorial, you learn how to integrate Accredible with Azure Active Directory (Azure AD ). Integrating
Accredible with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Accredible.
You can enable your users to be automatically signed-in to Accredible (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Accredible, you need the following items:
Accredible single sign-on enabled subscription
Accredible supports IDP initiated SSO
Adding Accredible from the gallery

To configure the integration of Accredible into Azure AD, you need to add Accredible from the gallery to your list
To add Accredible from the gallery, do the following steps:
4. In the search box, type Accredible, select Accredible from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Accredible based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Accredible
To configure and test Azure AD single sign-on with Accredible, you need to complete the following building blocks:
2. Configure Accredible Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Accredible test user - to have a counterpart of Britta Simon in Accredible that is linked to the Azure
To configure Azure AD single sign-on with Accredible, perform the following steps:
1. In the Azure portal, on the Accredible application integration page, select Single sign-on.
dialog.
4. On the Set up Single Sign-On with SAML page, perform the following steps:
https://api.accredible.com/sp/admin/accredible
https://api.accredible.com/sp/user/accredible
https://api.accredible.com/v1/saml/admin/<Unique id>/consume
NOTE
The Reply URL value is not real. According to the role of user, use the identifier value respectively. Each customer has a
unique Reply URL depending on their ID. Contact Accredible support team to get these values.
5. On the Set-up Single Sign-On with SAML page, in the SAML Signing Certificate section, click
6. On the Set up Accredible section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Accredible Single Sign-On
To configure single sign-on on Accredible side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to Accredible support team. They set this setting to have the

b. In the User name field, type brittasimon@yourcompanydomain.extension
d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Accredible.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Accredible.
2. In the applications list, select Accredible.

Create Accredible test user
In this section, you create a user called Britta Simon in Accredible. You need to send the user's email id
to Accredible support team, then they verify the email and send you the invite mail so that you can add user in
accredible platform.
Test single sign-on
When you click the Accredible tile in the Access Panel, you should be automatically signed in to the Accredible for
integration with Achieve3000
In this tutorial, you'll learn how to integrate Achieve3000 with Azure Active Directory (Azure AD ). When you
integrate Achieve3000 with Azure AD, you can:
Control in Azure AD who has access to Achieve3000.
Enable your users to be automatically signed-in to Achieve3000 with their Azure AD accounts.
Prerequisites
Achieve3000 single sign-on (SSO ) enabled subscription.
Achieve3000 supports SP initiated SSO
NOTE
Identifier of this application is a fixed string value so only one instance can be configured in one tenant.
Adding Achieve3000 from the gallery

To configure the integration of Achieve3000 into Azure AD, you need to add Achieve3000 from the gallery to your
5. In the Add from the gallery section, type Achieve3000 in the search box.
6. Select Achieve3000 from results panel and then add the app. Wait a few seconds while the app is added to
your tenant.
Configure and test Azure AD single sign-on for Achieve3000

Configure and test Azure AD SSO with Achieve3000 using a test user called B.Simon. For SSO to work, you need
to establish a link relationship between an Azure AD user and the related user in Achieve3000.
To configure and test Azure AD SSO with Achieve3000, complete the following building blocks:
2. Configure Achieve3000 SSO - to configure the single sign-on settings on application side.
a. Create Achieve3000 test user - to have a counterpart of B.Simon in Achieve3000 that is linked to the

1. In the Azure portal, on the Achieve3000 application integration page, find the Manage section and select
single sign-on.
edit the settings.
https://saml.achieve3000.com/district/<District Identifier>
b. In the Identifier (Entity ID ) text box, type a value: achieve3000-saml
NOTE
The Sign-On URL value is not real. Update the value with the actual Sign-On URL. Contact Achieve3000 Client
support team to get the value. You can also refer to the patterns shown in the Basic SAML Configuration section in
the Azure portal.
5. Achieve3000 application expects the SAML assertions in a specific format, which requires you to add
custom attribute mappings to your SAML token attributes configuration. The following screenshot shows
the list of default attributes..
6. In addition to above, Achieve3000 application expects few more attributes to be passed back in SAML
response which are shown below. These attributes are also pre populated but you can review them as per
your requirement.
studentID user.mail
computer.
8. On the Set up Achieve3000 section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Achieve3000.
2. In the applications list, select Achieve3000.
Configure Achieve3000 SSO

To configure single sign-on on Achieve3000 side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to Achieve3000 support team. They set this setting to have the
Create Achieve3000 test user
In this section, you create a user called B.Simon in Achieve3000. Work with Achieve3000 support team to add the
users in the Achieve3000 platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the Achieve3000 tile in the Access Panel, you should be automatically signed in to the Achieve3000
Try Achieve3000 with Azure AD
Tutorial: Azure Active Directory integration with ACLP
In this tutorial, you learn how to integrate ACLP with Azure Active Directory (Azure AD ). Integrating ACLP with
You can control in Azure AD who has access to ACLP.
You can enable your users to be automatically signed-in to ACLP (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with ACLP, you need the following items:
ACLP single sign-on enabled subscription
ACLP supports SP initiated SSO
Adding ACLP from the gallery

To configure the integration of ACLP into Azure AD, you need to add ACLP from the gallery to your list of
managed SaaS apps.
To add ACLP from the gallery, perform the following steps:
4. In the search box, type ACLP, select ACLP from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with ACLP based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in ACLP
To configure and test Azure AD single sign-on with ACLP, you need to complete the following building blocks:
2. Configure ACLP Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create ACLP test user - to have a counterpart of Britta Simon in ACLP that is linked to the Azure AD
To configure Azure AD single sign-on with ACLP, perform the following steps:
1. In the Azure portal, on the ACLP application integration page, select Single sign-on.
dialog.

https://access.sans.org/go/<COMPANYNAME>
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact ACLP Client support team to get the
value. You can also refer to the patterns shown in the Basic SAML Configuration section in the Azure portal.
Configure ACLP Single Sign-On

To configure single sign-on on ACLP side, you need to send the App Federation Metadata Url to ACLP support
team. They set this setting to have the SAML SSO connection set properly on both sides.

b. In the User name field type brittasimon@yourcompanydomain.extension . For example,
d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to ACLP.
1. In the Azure portal, select Enterprise Applications, select All applications, then select ACLP.
2. In the applications list, select ACLP.

Create ACLP test user
In this section, you create a user called Britta Simon in ACLP. Work with ACLP support team to add the users in the
ACLP platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the ACLP tile in the Access Panel, you should be automatically signed in to the ACLP for which you
integration with AcquireIO
In this tutorial, you'll learn how to integrate AcquireIO with Azure Active Directory (Azure AD ). When you
integrate AcquireIO with Azure AD, you can:
Control in Azure AD who has access to AcquireIO.
Enable your users to be automatically signed-in to AcquireIO with their Azure AD accounts.
Prerequisites
AcquireIO single sign-on (SSO ) enabled subscription.
AcquireIO supports IDP initiated SSO
Adding AcquireIO from the gallery

To configure the integration of AcquireIO into Azure AD, you need to add AcquireIO from the gallery to your list
5. In the Add from the gallery section, type AcquireIO in the search box.
6. Select AcquireIO from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for AcquireIO

Configure and test Azure AD SSO with AcquireIO using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in AcquireIO.
To configure and test Azure AD SSO with AcquireIO, complete the following building blocks:
2. Configure AcquireIO SSO - to configure the single sign-on settings on application side.
Create AcquireIO test user - to have a counterpart of B.Simon in AcquireIO that is linked to the Azure

1. In the Azure portal, on the AcquireIO application integration page, find the Manage section and select
single sign-on.
edit the settings.
In the Reply URL text box, type a URL using the following pattern:
https://app.acquire.io/ad/<acquire_account_uid>
NOTE
The value is not real. You will get the actual Reply URL which is explained later in the Configure AcquireIO section of
the tutorial. You can also refer to the patterns shown in the Basic SAML Configuration section in the Azure portal.
6. On the Set up AcquireIO section, copy the appropriate URL (s) based on your requirement.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to AcquireIO.
2. In the applications list, select AcquireIO.
Configure AcquireIO SSO

1. To automate the configuration within AcquireIO, you need to install My Apps Secure Sign-in browser
extension by clicking Install the extension.
2. After adding the extension to the browser, click Set up AcquireIO, which directs you to the AcquireIO
application. From there, provide the admin credentials to sign in to AcquireIO. The browser extension will
automatically configure the application for you and automate steps 3-6.
3. If you want to set up AcquireIO manually, in a different web browser window, sign in to AcquireIO as an
Administrator.
4. From the left side of menu, click on App Store.
5. Scroll down upto Active Directory and click on Install.
6. On the Active Directory pop-up, perform the following steps:
a. Click Copy to copy the Reply URL for your instance and paste it in Reply URL textbox in Basic SAML
Configuration section on Azure portal.
b. In the Login URL textbox, paste the value of Login URL, which you have copied from Azure portal.
c. Open the Base64 encoded certificate in Notepad, copy its content and paste it in the X.509 Certificate
text box.
d. Click Connect Now.
Create AcquireIO test user
To enable Azure AD users to sign in to AcquireIO, they must be provisioned into AcquireIO. In AcquireIO,
To provision a user account, perform the following steps:
1. In a different web browser window, sign in to AcquireIO as an Administrator.
2. From the left side of menu, click Profiles and navigate to Add Profile.
3. On the Add customer pop-up, perform the following steps:
a. In Name text box, enter the name of user like B.simon.

b. In Email text box, enter the email of user like **B.simon@contoso.com**.
c. Click Submit.
Test SSO
When you click the AcquireIO tile in the Access Panel, you should be automatically signed in to the AcquireIO for
Try AcquireIO with Azure AD
Tutorial: Integrate Adaptive Insights with Azure Active
Directory
In this tutorial, you'll learn how to integrate Adaptive Insights with Azure Active Directory (Azure AD ). When you
integrate Adaptive Insights with Azure AD, you can:
Control in Azure AD who has access to Adaptive Insights.
Enable your users to be automatically signed-in to Adaptive Insights with their Azure AD accounts.
Prerequisites
Adaptive Insights single sign-on (SSO ) enabled subscription.
Adaptive Insights supports IDP initiated SSO
Adding Adaptive Insights from the gallery

To configure the integration of Adaptive Insights into Azure AD, you need to add Adaptive Insights from the
5. In the Add from the gallery section, type Adaptive Insights in the search box.
6. Select Adaptive Insights from results panel and then add the app. Wait a few seconds while the app is added
to your tenant.

Configure and test Azure AD SSO with Adaptive Insights using a test user called B.Simon. For SSO to work, you
need to establish a link relationship between an Azure AD user and the related user in Adaptive Insights.
To configure and test Azure AD SSO with Adaptive Insights, complete the following building blocks:
2. Configure Adaptive Insights SSO - to configure the Single Sign-On settings on application side.
5. Create Adaptive Insights test user - to have a counterpart of B.Simon in Adaptive Insights that is linked to
1. In the Azure portal, on the Adaptive Insights application integration page, find the Manage section and
select Single sign-on.

https://login.adaptiveinsights.com:443/samlsso/<unique-id>
https://login.adaptiveinsights.com:443/samlsso/<unique-id>
NOTE
You can get Identifier(Entity ID) and Reply URL values from the Adaptive Insights’s SAML SSO Settings page.
6. On the Set up Adaptive Insights section, copy the appropriate URL (s) based on your requirement.
Configure Adaptive Insights SSO
1. In a different web browser window, sign in to your Adaptive Insights company site as an administrator.
2. Go to Administration.
3. In the Users and Roles section, click SAML SSO Settings.

4. On the SAML SSO Settings page, perform the following steps:
a. In the Identity provider name textbox, type a name for your configuration.
b. Paste the Azure AD Identifier value copied from Azure portal into the Identity provider Entity ID
textbox.
c. Paste the Login URL value copied from Azure portal into the Identity provider SSO URL textbox.
d. Paste the Logout URL value copied from Azure portal into the Custom logout URL textbox.
e. To upload your downloaded certificate, click Choose file.
f. Select the following, for:
SAML user id, select User’s Adaptive Insights user name.
SAML user id location, select User id in NameID of Subject.
SAML NameID format, select Email address.
Enable SAML, select Allow SAML SSO and direct Adaptive Insights login.
g. Copy Adaptive Insights SSO URL and paste into the Identifier(Entity ID ) and Reply URL textboxes
in the Basic SAML Configuration section in the Azure portal.
h. Click Save.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Adaptive Insights.
2. In the applications list, select Adaptive Insights.
Create Adaptive Insights test user
To enable Azure AD users to sign in to Adaptive Insights, they must be provisioned into Adaptive Insights. In the
case of Adaptive Insights, provisioning is a manual task.
1. Sign in to your Adaptive Insights company site as an administrator.
3. In the Users and Roles section, click Users.

4. In the New User section, perform the following steps:
a. Type the Name, Username, Email, Password of a valid Azure Active Directory user you want to
provision into the related textboxes.
b. Select a Role.
c. Click Submit.
NOTE
You can use any other Adaptive Insights user account creation tools or APIs provided by Adaptive Insights to provision Azure
AD user accounts.
Test SSO
When you click the Adaptive Insights tile in the Access Panel, you should be automatically signed in to the Adaptive
Insights for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Adobe Captivate Prime
In this tutorial, you learn how to integrate Adobe Captivate Prime with Azure Active Directory (Azure AD ).
Integrating Adobe Captivate Prime with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Adobe Captivate Prime.
You can enable your users to be automatically signed-in to Adobe Captivate Prime (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Adobe Captivate Prime, you need the following items:
Adobe Captivate Prime single sign-on enabled subscription
Adobe Captivate Prime supports IDP initiated SSO
Adding Adobe Captivate Prime from the gallery

To configure the integration of Adobe Captivate Prime into Azure AD, you need to add Adobe Captivate Prime
from the gallery to your list of managed SaaS apps.
To add Adobe Captivate Prime from the gallery, perform the following steps:
4. In the search box, type Adobe Captivate Prime, select Adobe Captivate Prime from result panel then
click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Adobe Captivate Prime based on a test user
called Britta Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user
in Adobe Captivate Prime needs to be established.
To configure and test Azure AD single sign-on with Adobe Captivate Prime, you need to complete the following
building blocks:
2. Configure Adobe Captivate Prime Single Sign-On - to configure the Single Sign-On settings on
application side.
5. Create Adobe Captivate Prime test user - to have a counterpart of Britta Simon in Adobe Captivate Prime
To configure Azure AD single sign-on with Adobe Captivate Prime, perform the following steps:
1. In the Azure portal, on the Adobe Captivate Prime application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type a URL: https://captivateprime.adobe.com
b. In the Reply URL text box, type a URL: https://captivateprime.adobe.com/saml/SSO
6. On the Set up Adobe Captivate Prime section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
7. Go to Properties tab, copy the User access URL and paste it in Notepad.
Configure Adobe Captivate Prime Single Sign-On
To configure single sign-on on Adobe Captivate Prime side, you need to send the downloaded Federation
Metadata XML, copied User access URL and appropriate copied URLs from Azure portal to Adobe Captivate
Prime support team. They set this setting to have the SAML SSO connection set properly on both sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Adobe Captivate Prime.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Adobe Captivate
Prime.
2. In the applications list, select Adobe Captivate Prime.

Create Adobe Captivate Prime test user
In this section, you create a user called Britta Simon in Adobe Captivate Prime. Work with Adobe Captivate Prime
support team to add the users in the Adobe Captivate Prime platform. Users must be created and activated before
you use single sign-on.
Test single sign-on
When you click the Adobe Captivate Prime tile in the Access Panel, you should be automatically signed in to the
Adobe Captivate Prime for which you set up SSO. For more information about the Access Panel, see Introduction
to the Access Panel.
integration with Adobe Creative Cloud
In this tutorial, you'll learn how to integrate Adobe Creative Cloud with Azure Active Directory (Azure AD ). When
you integrate Adobe Creative Cloud with Azure AD, you can:
Control in Azure AD who has access to Adobe Creative Cloud.
Enable your users to be automatically signed-in to Adobe Creative Cloud with their Azure AD accounts.
Prerequisites
Adobe Creative Cloud single sign-on (SSO ) enabled subscription.
Adobe Creative Cloud supports SP initiated SSO
Adding Adobe Creative Cloud from the gallery

To configure the integration of Adobe Creative Cloud into Azure AD, you need to add Adobe Creative Cloud from
5. In the Add from the gallery section, type Adobe Creative Cloud in the search box.
6. Select Adobe Creative Cloud from results panel and then add the app. Wait a few seconds while the app is
Configure and test Azure AD single sign-on for Adobe Creative Cloud
Configure and test Azure AD SSO with Adobe Creative Cloud using a test user called B.Simon. For SSO to work,
you need to establish a link relationship between an Azure AD user and the related user in Adobe Creative Cloud.
To configure and test Azure AD SSO with Adobe Creative Cloud, complete the following building blocks:
2. Configure Adobe Creative Cloud SSO - to configure the single sign-on settings on application side.
a. Create Adobe Creative Cloud test user - to have a counterpart of B.Simon in Adobe Creative Cloud

1. In the Azure portal, on the Adobe Creative Cloud application integration page, find the Manage section
edit the settings.
a. In the Sign on URL text box, type a URL: https://adobe.com
https://www.okta.com/saml2/service-provider/<token>
NOTE
The Identifier value is not real. Update this value with the actual Identifier. Contact Adobe Creative Cloud Client
support team to get this value. You can also refer to the patterns shown in the Basic SAML Configuration section in
the Azure portal.
5. Adobe Creative Cloud application expects the SAML assertions in a specific format, which requires you to
add custom attribute mappings to your SAML token attributes configuration. The following screenshot
6. In addition to above, Adobe Creative Cloud application expects few more attributes to be passed back in
FirstName user.givenname
LastName user.surname
Email user.mail
NOTE
Users need to have a valid Office 365 ExO license for email claim value to be populated in the SAML response.
8. On the Set up Adobe Creative Cloud section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Adobe Creative Cloud.
2. In the applications list, select Adobe Creative Cloud.
Configure Adobe Creative Cloud SSO

1. In a different web browser window, sign-in to Adobe Admin Console as an administrator.
2. Go to Settings on the top navigation bar and then choose Identity. The list of domains opens. Click
Configure link against your domain. Then perform the following steps on Single Sign On Configuration
Required section. For more information, see Setup a domain
a. Click Browse to upload the downloaded certificate from Azure AD to IDP Certificate.
b. In the IDP issuer textbox, paste the value of Azure AD Identifier which you copied from Azure portal.
c. In the IDP Login URL textbox, paste the value of Login URL which you copied from Azure portal.
d. Select HTTP - Redirect as IDP Binding.
e. Select Email Address as User Login Setting.
f. Click Save button.
3. The dashboard will now present the XML "Download Metadata" file. It contains Adobe’s EntityDescriptor
URL and AssertionConsumerService URL. Please open the file and configure them in the Azure AD
application.
a. Use the EntityDescriptor value Adobe provided you for Identifier on the Configure App Settings
dialog.
b. Use the AssertionConsumerService value Adobe provided you for Reply URL on the Configure App
Settings dialog.
Create Adobe Creative Cloud test user
In order to enable Azure AD users to sign into Adobe Creative Cloud, they must be provisioned into Adobe
Creative Cloud. In the case of Adobe Creative Cloud, provisioning is a manual task.
To provision a user accounts, perform the following steps:
1. Sign in to Adobe Admin Console site as an administrator.
2. Add the user within Adobe’s console as Federated ID and assign them to a Product Profile. For detailed
information on adding users, see Add users in Adobe Admin Console
3. At this point, type your email address/upn into the Adobe sign in form, press tab, and you should be
federated back to Azure AD:
Web access: www.adobe.com > sign-in
Within the desktop app utility > sign-in
Within the application > help > sign-in
Test SSO
When you click the Adobe Creative Cloud tile in the Access Panel, you should be automatically signed in to the
Adobe Creative Cloud for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
Try Adobe Creative Cloud with Azure AD
Set up a domain (adobe.com)
Configure Azure for use with Adobe SSO (adobe.com)
Adobe Experience Manager
In this tutorial, you learn how to integrate Adobe Experience Manager with Azure Active Directory (Azure AD ).
Integrating Adobe Experience Manager with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Adobe Experience Manager.
You can enable your users to be automatically signed-in to Adobe Experience Manager (Single Sign-On) with
their Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Adobe Experience Manager, you need the following items:
Adobe Experience Manager single sign-on enabled subscription
Adobe Experience Manager supports SP and IDP initiated SSO
Adobe Experience Manager supports Just In Time user provisioning
Adding Adobe Experience Manager from the gallery

To configure the integration of Adobe Experience Manager into Azure AD, you need to add Adobe Experience
Manager from the gallery to your list of managed SaaS apps.
To add Adobe Experience Manager from the gallery, perform the following steps:
4. In the search box, type Adobe Experience Manager, select Adobe Experience Manager from result
panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with [Application name] based on a test user called
[Application name] needs to be established.
To configure and test Azure AD single sign-on with [Application name], you need to complete the following
building blocks:
2. Configure Adobe Experience Manager Single Sign-On - to configure the Single Sign-On settings on
application side.
5. Create Adobe Experience Manager test user - to have a counterpart of Britta Simon in Adobe Experience
Manager that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with [Application name], perform the following steps:
1. In the Azure portal, on the Adobe Experience Manager application integration page, select Single sign-
on.
dialog.
a. In the Identifier text box, type a unique value that you define on your AEM server as well.
b. In the Reply URL text box, type a URL using the following pattern: https://<AEM Server Url>/saml_login
NOTE
The Reply URL value is not real. Update Reply URL value with the actual reply URL. To get this value, contact the
Adobe Experience Manager Client support team to get this value. You can also refer to the patterns shown in the
Basic SAML Configuration section in the Azure portal.
initiated mode:
In the Sign-on URL text box, type your Adobe Experience Manager server URL.
Download to download the Certificate (Base64) from the given options as per your requirement and save
it on your computer.
7. On the Set up Adobe Experience Manager section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Adobe Experience Manager Single Sign-On
1. In another browser window, open the Adobe Experience Manager admin portal.
2. Select Settings > Security > Users.
3. Select Administrator or any other relevant user.
4. Select Account settings > Manage TrustStore.

5. Under Add Certificate from CER file, click Select Certificate File. Browse to and select the certificate file,
which you already downloaded from the Azure portal.
6. The certificate is added to the TrustStore. Note the alias of the certificate.
7. On the Users page, select authentication-service.
8. Select Account settings > Create/Manage KeyStore. Create KeyStore by supplying a password.
9. Go back to the admin screen. Then select Settings > Operations > Web Console.
This opens the configuration page.
10. Find Adobe Granite SAML 2.0 Authentication Handler. Then select the Add icon.
11. Take the following actions on this page.
a. In the Path box, enter /.

b. In the IDP URL box, enter the Login URL value that you copied from the Azure portal.
c. In the IDP Certificate Alias box, enter the Certificate Alias value that you added in TrustStore.
d. In the Security Provided Entity ID box, enter the unique Azure Ad Identifier value that you
configured in the Azure portal.
e. In the Assertion Consumer Service URL box, enter the Reply URL value that you configured in the
Azure portal.
f. In the Password of Key Store box, enter the Password that you set in KeyStore.
g. In the User Attribute ID box, enter the Name ID or another user ID that's relevant in your case.
h. Select Autocreate CRX Users.
i. In the Logout URL box, enter the unique Logout URL value that you got from the Azure portal.
j. Select Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Adobe Experience
Manager.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Adobe
Experience Manager.
2. In the applications list, select Adobe Experience Manager.
Create Adobe Experience Manager test user
In this section, you create a user called Britta Simon in Adobe Experience Manager. If you selected the Autocreate
CRX Users option, users are created automatically after successful authentication.
If you want to create users manually, work with the Adobe Experience Manager support team to add the users in
the Adobe Experience Manager platform.
Test single sign-on
When you click the Adobe Experience Manager tile in the Access Panel, you should be automatically signed in to
the Adobe Experience Manager for which you set up SSO. For more information about the Access Panel, see
Introduction to the Access Panel.
integration with Adobe Identity Management
In this tutorial, you'll learn how to integrate Adobe Identity Management with Azure Active Directory (Azure AD ).
When you integrate Adobe Identity Management with Azure AD, you can:
Control in Azure AD who has access to Adobe Identity Management.
Enable your users to be automatically signed-in to Adobe Identity Management with their Azure AD accounts.
Prerequisites
Adobe Identity Management single sign-on (SSO ) enabled subscription.
Adobe Identity Management supports SP initiated SSO
Adding Adobe Identity Management from the gallery

To configure the integration of Adobe Identity Management into Azure AD, you need to add Adobe Identity
Management from the gallery to your list of managed SaaS apps.
5. In the Add from the gallery section, type Adobe Identity Management in the search box.
6. Select Adobe Identity Management from results panel and then add the app. Wait a few seconds while the
app is added to your tenant.
Configure and test Azure AD single sign-on for Adobe Identity

Management
Configure and test Azure AD SSO with Adobe Identity Management using a test user called B.Simon. For SSO to
work, you need to establish a link relationship between an Azure AD user and the related user in Adobe Identity
Management.
To configure and test Azure AD SSO with Adobe Identity Management, complete the following building blocks:
2. Configure Adobe Identity Management SSO - to configure the single sign-on settings on application side.
a. Create Adobe Identity Management test user - to have a counterpart of B.Simon in Adobe Identity
Management that is linked to the Azure AD representation of user.

1. In the Azure portal, on the Adobe Identity Management application integration page, find the Manage
section and select single sign-on.
edit the settings.
a. In the Sign on URL text box, type a URL: https://adobe.com
https://federatedid-na1.services.adobe.com/federated/saml/metadata/alias/<CUSTOM_ID>
NOTE
The Identifier value is not real. Update the value with the actual Identifier. Contact Adobe Identity Management Client
the Azure portal.
computer.
6. On the Set up Adobe Identity Management section, copy the appropriate URL (s) based on your
requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Adobe Identity
Management.
2. In the applications list, select Adobe Identity Management.
Configure Adobe Identity Management SSO

To configure single sign-on on Adobe Identity Management side, you need to send the downloaded
Federation Metadata XML and appropriate copied URLs from Azure portal to Adobe Identity Management
support team. They set this setting to have the SAML SSO connection set properly on both sides.
Create Adobe Identity Management test user
In this section, you create a user called B.Simon in Adobe Identity Management. Work with Adobe Identity
Management support team to add the users in the Adobe Identity Management platform. Users must be created
and activated before you use single sign-on.
Test SSO
When you click the Adobe Identity Management tile in the Access Panel, you should be automatically signed in to
the Adobe Identity Management for which you set up SSO. For more information about the Access Panel, see
Try Adobe Identity Management with Azure AD
Adobe Sign
In this tutorial, you learn how to integrate Adobe Sign with Azure Active Directory (Azure AD ). Integrating Adobe
Sign with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Adobe Sign.
You can enable your users to be automatically signed-in to Adobe Sign (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Adobe Sign, you need the following items:
Adobe Sign single sign-on enabled subscription
Adobe Sign supports SP initiated SSO
Adding Adobe Sign from the gallery

To configure the integration of Adobe Sign into Azure AD, you need to add Adobe Sign from the gallery to your
To add Adobe Sign from the gallery, perform the following steps:
4. In the search box, type Adobe Sign, select Adobe Sign from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Adobe Sign based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Adobe
Sign needs to be established.
To configure and test Azure AD single sign-on with Adobe Sign, you need to complete the following building
blocks:
2. Configure Adobe Sign Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Adobe Sign test user - to have a counterpart of Britta Simon in Adobe Sign that is linked to the Azure
To configure Azure AD single sign-on with Adobe Sign, perform the following steps:
1. In the Azure portal, on the Adobe Sign application integration page, select Single sign-on.
dialog.

https://<companyname>.echosign.com/
https://<companyname>.echosign.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Adobe Sign Client
6. On the Set up Adobe Sign section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Adobe Sign Single Sign-On
1. Before configuration, contact the Adobe Sign Client support team to add your domain in the Adobe Sign
allow list. Here's how to add the domain:
a. The Adobe Sign Client support team sends you a randomly generated token. For your domain, the token
will be like the following: adobe-sign-verification= xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
b. Publish the verification token in a DNS text record, and notify the Adobe Sign Client support team.
NOTE
This can take a few days, or longer. Note that DNS propagation delays mean that a value published in DNS might not
be visible for an hour or more. Your IT administrator should be knowledgeable about how to publish this token in a
DNS text record.
c. When you notify the Adobe Sign Client support team through the support ticket, after the token is
published, they validate the domain and add it to your account.
d. Generally, here's how to publish the token on a DNS record:
Sign in to your domain account
Find the page for updating the DNS record. This page might be called DNS Management, Name Server
Management, or Advanced Settings.
Find the TXT records for your domain.
Add a TXT record with the full token value supplied by Adobe.
Save your changes.
2. In a different web browser window, sign in to your Adobe Sign company site as an administrator.
3. In the SAML menu, select Account Settings > SAML Settings.
4. In the SAML Settings section, perform the following steps:
a. Under SAML Mode, select SAML Mandatory.

b. Select Allow Echosign Account Administrators to log in using their Echosign Credentials.
c. Under User Creation, select Automatically add users authenticated through SAML.
d. Paste Azure Ad Identifier, which you have copied from the Azure portal into the Idp Entity ID text box.
e. Paste Login URL, which you have copied from Azure portal into the Idp Login URL text box.
f. Paste Logout URL, which you have copied from the Azure portal into the Idp Logout URL text box.
g. Open your downloaded Certificate(Base64) file in Notepad. Copy the content of it into your clipboard,
and then paste it to the IdP Certificate text box.
h. Select Save Changes.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Adobe Sign.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Adobe Sign.
2. In the applications list, type and select Adobe Sign.
Create Adobe Sign test user
To enable Azure AD users to sign in to Adobe Sign, they must be provisioned into Adobe Sign. This is a manual
task.
NOTE
You can use any other Adobe Sign user account creation tools or APIs provided by Adobe Sign to provision Azure AD user
accounts.
1. Sign in to your Adobe Sign company site as an administrator.

2. In the menu on the top, select Account. Then, in the left pane, select Users & Groups > Create a new
user.
3. In the Create New User section, perform the following steps:
a. Type the Email Address, First Name, and Last Name of a valid Azure AD account you want to provision
into the related text boxes.
b. Select Create User.
NOTE
The Azure Active Directory account holder receives an email that includes a link to confirm the account, before it becomes
active.
Test single sign-on
When you click the Adobe Sign tile in the Access Panel, you should be automatically signed in to the Adobe Sign
Adoddle cSaas Platform
In this tutorial, you learn how to integrate Adoddle cSaas Platform with Azure Active Directory (Azure AD ).
Integrating Adoddle cSaas Platform with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Adoddle cSaas Platform.
You can enable your users to be automatically signed-in to Adoddle cSaas Platform (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Adoddle cSaas Platform, you need the following items:
Adoddle cSaas Platform single sign-on enabled subscription
Adoddle cSaas Platform supports IDP initiated SSO
Adoddle cSaas Platform supports Just In Time user provisioning
Adding Adoddle cSaas Platform from the gallery

To configure the integration of Adoddle cSaas Platform into Azure AD, you need to add Adoddle cSaas Platform
To add Adoddle cSaas Platform from the gallery, perform the following steps:
4. In the search box, type Adoddle cSaas Platform, select Adoddle cSaas Platform from result panel then

In this section, you configure and test Azure AD single sign-on with Adoddle cSaas Platform based on a test user
in Adoddle cSaas Platform needs to be established.
To configure and test Azure AD single sign-on with Adoddle cSaas Platform, you need to complete the following
building blocks:
2. Configure Adoddle cSaas Platform Single Sign-On - to configure the Single Sign-On settings on
application side.
5. Create Adoddle cSaas Platform test user - to have a counterpart of Britta Simon in Adoddle cSaas Platform
To configure Azure AD single sign-on with Adoddle cSaas Platform, perform the following steps:
1. In the Azure portal, on the Adoddle cSaas Platform application integration page, select Single sign-on.
dialog.
4. On the Basic SAML Configuration section, the user does not have to perform any step as the app is
already pre-integrated with Azure.
6. On the Set up Adoddle cSaas Platform section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Adoddle cSaas Platform Single Sign-On
To configure single sign-on on Adoddle cSaas Platform side, you need to send the downloaded Federation
Metadata XML and appropriate copied URLs from Azure portal to Adoddle cSaas Platform support team. They
set this setting to have the SAML SSO connection set properly on both sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Adoddle cSaas Platform.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Adoddle cSaas
Platform.
2. In the applications list, select Adoddle cSaas Platform.

Create Adoddle cSaas Platform test user
In this section, a user called Britta Simon is created in Adoddle cSaas Platform. Adoddle cSaas Platform supports
just-in-time provisioning, which is enabled by default. There is no action item for you in this section. If a user
doesn't already exist in Adoddle cSaas Platform, a new one is created when you attempt to access Adoddle cSaas
Platform.
Test single sign-on
When you click the Adoddle cSaas Platform tile in the Access Panel, you should be automatically signed in to the
Adoddle cSaas Platform for which you set up SSO. For more information about the Access Panel, see Introduction
integration with ADP
In this tutorial, you'll learn how to integrate ADP with Azure Active Directory (Azure AD ). When you integrate ADP
Control in Azure AD who has access to ADP.
Enable your users to be automatically signed-in to ADP with their Azure AD accounts.
Prerequisites
ADP single sign-on (SSO ) enabled subscription.
ADP supports IDP initiated SSO
NOTE
Adding ADP from the gallery

To configure the integration of ADP into Azure AD, you need to add ADP from the gallery to your list of managed
SaaS apps.
5. In the Add from the gallery section, type ADP in the search box.
6. Select ADP from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
Configure and test Azure AD single sign-on for ADP

Configure and test Azure AD SSO with ADP using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in ADP.
To configure and test Azure AD SSO with ADP, complete the following building blocks:
2. Configure ADP SSO - to configure the Single Sign-On settings on application side.
a. Create ADP test user - to have a counterpart of B.Simon in ADP that is linked to the Azure AD

1. In the Azure portal, on the ADP application integration page, click on Properties tab and perform the
following steps:
a. Set the Enabled for users to sign-in field value to Yes.

b. Copy the User access URL and you have to paste it in Configure Sign-on URL section, which is
explained later in the tutorial.
c. Set the User assignment required field value to Yes.
d. Set the Visible to users field value to No.
2. In the Azure portal, on the ADP application integration page, find the Manage section and select Single
sign-on.
In the Identifier (Entity ID ) text box, type a URL: https://fed.adp.com
computer.
7. On the Set up ADP section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to ADP.
2. In the applications list, select ADP.
Configure ADP SSO

To configure single sign-on on ADP side, you need to upload the downloaded Metadata XML on the ADP
website.
NOTE
This process may take a few days.
Configure your ADP service (s) for federated access
IMPORTANT
Your employees who require federated access to your ADP services must be assigned to the ADP service app and
subsequently, users must be reassigned to the specific ADP service. Upon receipt of confirmation from your ADP
representative, configure your ADP service(s) and assign/manage users to control user access to the specific ADP service.
5. In the Add from the gallery section, type ADP in the search box.
6. Select ADP from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
7. In the Azure portal, on your ADP application integration page, click on Properties tab and perform the
following steps:
a. Set the Enabled for users to sign-in field value to Yes.

b. Set the User assignment required field value to Yes.
c. Set the Visible to users field value to Yes.
8. In the Azure portal, on the ADP application integration page, find the Manage section and select Single
sign-on.
9. On the Select a Single sign-on method dialog, select Mode as Linked. to link your application to ADP.
10. Navigate to the Configure Sign-on URL section, perform the following steps:
a. Paste the User access URL, which you have copied from above properties tab (from the main ADP app).
b. Following are the 5 apps that support different Relay State URLs. You have to append the appropriate
Relay State URL value for particular application manually to the User access URL.
ADP Workforce Now
<User access URL>&relaystate=https://fed.adp.com/saml/fedlanding.html?WFN
ADP Workforce Now Enhanced Time

<User access URL>&relaystate=https://fed.adp.com/saml/fedlanding.html?EETDC2
ADP Vantage HCM

<User access URL>&relaystate=https://fed.adp.com/saml/fedlanding.html?ADPVANTAGE
ADP Enterprise HR
<User access URL>&relaystate=https://fed.adp.com/saml/fedlanding.html?PORTAL
MyADP
<User access URL>&relaystate=https://fed.adp.com/saml/fedlanding.html?REDBOX
11. Save your changes.

12. Upon receipt of confirmation from your ADP representative, begin test with one or two users.
a. Assign few users to the ADP service App to test federated access.
b. Test is successful when users access the ADP service app on the gallery and can access their ADP service.
13. On confirmation of a successful test, assign the federated ADP service to individual users or user groups,
which is explained later in the tutorial and roll it out to your employees.
Create ADP test user
The objective of this section is to create a user called B.Simon in ADP. Work with ADP support team to add the
users in the ADP account.
Test SSO
When you click the ADP tile in the Access Panel, you should be automatically signed in to the ADP for which you
Try ADP with Azure AD
integration with ADP Globalview
In this tutorial, you'll learn how to integrate ADP Globalview with Azure Active Directory (Azure AD ). When you
integrate ADP Globalview with Azure AD, you can:
Control in Azure AD who has access to ADP Globalview.
Enable your users to be automatically signed-in to ADP Globalview with their Azure AD accounts.
Prerequisites
ADP Globalview single sign-on (SSO ) enabled subscription.
ADP Globalview supports IDP initiated SSO
Adding ADP Globalview from the gallery

To configure the integration of ADP Globalview into Azure AD, you need to add ADP Globalview from the gallery
5. In the Add from the gallery section, type ADP Globalview in the search box.
6. Select ADP Globalview from results panel and then add the app. Wait a few seconds while the app is added to
your tenant.
Configure and test Azure AD single sign-on for ADP Globalview

Configure and test Azure AD SSO with ADP Globalview using a test user called B.Simon. For SSO to work, you
need to establish a link relationship between an Azure AD user and the related user in ADP Globalview.
To configure and test Azure AD SSO with ADP Globalview, complete the following building blocks:
2. Configure ADP Globalview SSO - to configure the single sign-on settings on application side.
a. Create ADP Globalview test user - to have a counterpart of B.Simon in ADP Globalview that is linked

1. In the Azure portal, on the ADP Globalview application integration page, find the Manage section and
select single sign-on.
edit the settings.
In the Identifier text box, type a URL using the following pattern:
https://<subdomain>.globalview.adp.com/federate
https://<subdomain>.globalview.adp.com/federate2
NOTE
This value is not real. Update the value with the actual Identifier. Contact ADP Globalview Client support team to get
6. On the Set up ADP Globalview section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to ADP Globalview.
2. In the applications list, select ADP Globalview.
Configure ADP Globalview SSO

To configure single sign-on on ADP Globalview side, you need to send the downloaded Certificate (Base64)
and appropriate copied URLs from Azure portal to ADP Globalview support team. They set this setting to have the
Create ADP Globalview test user
In this section, you create a user called B.Simon in ADP Globalview. Work with ADP Globalview support team to
add the users in the ADP Globalview platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the ADP Globalview tile in the Access Panel, you should be automatically signed in to the ADP
Globalview for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Try ADP Globalview with Azure AD
Agiloft
In this tutorial, you learn how to integrate Agiloft with Azure Active Directory (Azure AD ). Integrating Agiloft with
You can control in Azure AD who has access to Agiloft.
You can enable your users to be automatically signed-in to Agiloft (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Agiloft, you need the following items:
Agiloft single sign-on enabled subscription
Agiloft supports SP and IDP initiated SSO
Agiloft supports Just In Time user provisioning
Adding Agiloft from the gallery

To configure the integration of Agiloft into Azure AD, you need to add Agiloft from the gallery to your list of
managed SaaS apps.
To add Agiloft from the gallery, perform the following steps:
4. In the search box, type Agiloft, select Agiloft from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Agiloft based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Agiloft
To configure and test Azure AD single sign-on with Agiloft, you need to complete the following building blocks:
2. Configure Agiloft Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Agiloft test user - to have a counterpart of Britta Simon in Agiloft that is linked to the Azure AD
To configure Azure AD single sign-on with Agiloft, perform the following steps:
1. In the Azure portal, on the Agiloft application integration page, select Single sign-on.
dialog.
https://<subdomain>.saas.enterprisewizard.com/project/<KB_NAME>
https://<subdomain>.agiloft.com/project/<KB_NAME>
https://<subdomain>.saas.enterprisewizard.com:443/gui2/spsamlsso?project=<KB_NAME>
https://<subdomain>.agiloft.com:443/gui2/spsamlsso?project=<KB_NAME>
initiated mode:
https://<subdomain>.saas.enterprisewizard.com/gui2/samlssologin.jsp?project=<KB_NAME>
https://<subdomain>.agiloft.com/gui2/samlssologin.jsp?project=<KB_NAME>
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact Agiloft
Client support team to get these values. You can also refer to the patterns shown in the Basic SAML Configuration
7. On the Set up Agiloft section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Agiloft Single Sign-On
1. In a different web browser window, log in to your Agiloft company site as an administrator.
2. Click on Setup (on the Left Pane) and then select Access.
3. Click on the button Configure SAML 2.0 Single Sign-On.
4. A wizard dialog appears. On the dialog, click on the Identity Provider Details and fill in the following
fields:
a. In IdP Entity Id / Issuer textbox, paste the value of Azure Ad Identifier, which you have copied from
Azure portal.
b. In IdP Login URL textbox, paste the value of Login URL, which you have copied from Azure portal.
c. In IdP Logout URL textbox, paste the value of Logout URL, which you have copied from Azure portal.
d. Open your base-64 encoded certificate in notepad downloaded from Azure portal, copy the content of
it into your clipboard, and then paste it to the IdP Provided X.509 certificate contents textbox.
e. Click Finish.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Agiloft.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Agiloft.
2. In the applications list, select Agiloft.

Create Agiloft test user
In this section, a user called Britta Simon is created in Agiloft. Agiloft supports just-in-time user provisioning, which
is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Agiloft, a new
Test single sign-on
When you click the Agiloft tile in the Access Panel, you should be automatically signed in to the Agiloft for which
Tutorial: Integrate Aha! with Azure Active Directory
In this tutorial, you'll learn how to integrate Aha! with Azure Active Directory (Azure AD ). When you integrate Aha!
Control in Azure AD who has access to Aha!.
Enable your users to be automatically signed-in to Aha! with their Azure AD accounts.
Prerequisites
Aha! single sign-on (SSO ) enabled subscription.
Aha! supports SP initiated SSO
Aha! supports Just In Time user provisioning
Adding Aha! from the gallery

To configure the integration of Aha! into Azure AD, you need to add Aha! from the gallery to your list of managed
SaaS apps.
5. In the Add from the gallery section, type Aha! in the search box.
6. Select Aha! from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
Configure and test Azure AD single sign-on for Aha!

Configure and test Azure AD SSO with Aha! using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Aha!.
To configure and test Azure AD SSO with Aha!, complete the following building blocks:
2. Configure Aha! SSO - to configure the Single Sign-On settings on application side.
a. Create Aha! test user - to have a counterpart of B.Simon in Aha! that is linked to the Azure AD

1. In the Azure portal, on the Aha! application integration page, find the Manage section and select Single
sign-on.

https://<companyname>.aha.io/session/new
https://<companyname>.aha.io
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Aha! Client
computer.
6. On the Set up Aha! section, copy the appropriate URL (s) based on your requirement.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Aha!.
2. In the applications list, select Aha!.
Configure Aha! SSO

1. To automate the configuration within Aha!, you need to install My Apps Secure Sign-in browser
2. After adding extension to the browser, click on Setup Aha! will direct you to the Aha! application. From
there, provide the admin credentials to sign into Aha!. The browser extension will automatically configure
the application for you and automate steps 3-8.
3. If you want to setup Aha! manually, open a new web browser window and sign into your Aha! company site
as an administrator and perform the following steps:
4. In the menu on the top, click Settings.
5. Click Account.
6. Click Security and single sign-on.
7. In Single Sign-On section, as Identity Provider, select SAML2.0.

8. On the Single Sign-On configuration page, perform the following steps:
a. In the Name textbox, type a name for your configuration.

b. For Configure using, select Metadata File.
c. To upload your downloaded metadata file, click Browse.
d. Click Update.
Create Aha! test user
In this section, a user called B.Simon is created in Aha!. Aha! supports just-in-time user provisioning, which is
enabled by default. There is no action item for you in this section. If a user doesn't already exist in Aha!, a new one
Test SSO
When you click the Aha! tile in the Access Panel, you should be automatically signed in to the Aha! for which you
Tutorial: Integrate Airstack with Azure Active
Directory
In this tutorial, you'll learn how to integrate Airstack with Azure Active Directory (Azure AD ). When you integrate
Airstack with Azure AD, you can:
Control in Azure AD who has access to Airstack.
Enable your users to be automatically signed-in to Airstack with their Azure AD accounts.
Prerequisites
An Azure AD subscription. If you don't have a subscription, you can get one-month free trial here.
Airstack single sign-on (SSO ) enabled subscription.
Airstack supports SP and IDP initiated SSO
Adding Airstack from the gallery

To configure the integration of Airstack into Azure AD, you need to add Airstack from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Airstack in the search box.
6. Select Airstack from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.

Configure and test Azure AD SSO with Airstack using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Airstack.
To configure and test Azure AD SSO with Airstack, complete the following building blocks:
2. Configure Airstack SSO - to configure the Single Sign-On settings on application side.
5. Create Airstack test user - to have a counterpart of B.Simon in Airstack that is linked to the Azure AD
1. In the Azure portal, on the Airstack application integration page, find the Manage section and select
Single sign-on.
initiated mode:
In the Sign-on URL text box, type a URL: https://airstack.lenovosoftware.com
NOTE
The value is not real. Update the value with the actual Sign-on URL. Contact Airstack Client support team to get the
6. Click Save.
Configure Airstack SSO
To configure single sign-on on Airstack side, you need to send the App Federation Metadata Url to Airstack
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Airstack.
2. In the applications list, select Airstack.
Create Airstack test user
In this section, you create a user called B.Simon in Airstack. Work with Airstack support team to add the users in
the Airstack platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the Airstack tile in the Access Panel, you should be automatically signed in to the Airstack for which
integration with Airtable
In this tutorial, you'll learn how to integrate Airtable with Azure Active Directory (Azure AD ). When you integrate
Airtable with Azure AD, you can:
Control in Azure AD who has access to Airtable.
Enable your users to be automatically signed-in to Airtable with their Azure AD accounts.
Prerequisites
Airtable single sign-on (SSO ) enabled subscription.
Airtable supports SP and IDP initiated SSO
Airtable supports Just In Time user provisioning
NOTE
Adding Airtable from the gallery

To configure the integration of Airtable into Azure AD, you need to add Airtable from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Airtable in the search box.
6. Select Airtable from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Airtable

Configure and test Azure AD SSO with Airtable using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Airtable.
To configure and test Azure AD SSO with Airtable, complete the following building blocks:
2. Configure Airtable SSO - to configure the single sign-on settings on application side.
Create Airtable test user - to have a counterpart of B.Simon in Airtable that is linked to the Azure AD

1. In the Azure portal, on the Airtable application integration page, find the Manage section and select single
sign-on.
edit the settings.
initiated mode:
In the Sign-on URL text box, type a URL: https://airtable.com/sso/login
6. Click Save.
8. On the Set up Airtable section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Airtable.
2. In the applications list, select Airtable.
Configure Airtable SSO

To configure single sign-on on Airtable side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to Airtable support team. They set this setting to have the SAML SSO
Create Airtable test user
In this section, a user called B.Simon is created in Airtable. Airtable supports just-in-time user provisioning, which
is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Airtable, a new
Test SSO
When you click the Airtable tile in the Access Panel, you should be automatically signed in to the Airtable for which
Try Airtable with Azure AD
Tutorial: Integrate AirWatch with Azure Active
Directory
In this tutorial, you'll learn how to integrate AirWatch with Azure Active Directory (Azure AD ). When you integrate
AirWatch with Azure AD, you can:
Control in Azure AD who has access to AirWatch.
Enable your users to be automatically signed-in to AirWatch with their Azure AD accounts.
Prerequisites
AirWatch single sign-on (SSO ) enabled subscription.
In this tutorial, you configure and test Azure AD SSO in a test environment. AirWatch supports SP initiated SSO.
Adding AirWatch from the gallery

To configure the integration of AirWatch into Azure AD, you need to add AirWatch from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type AirWatch in the search box.
6. Select AirWatch from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.

Configure and test Azure AD SSO with AirWatch using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in AirWatch.
To configure and test Azure AD SSO with AirWatch, complete the following building blocks:
2. Configure AirWatch SSO - to configure the Single Sign-On settings on application side.
4. Create AirWatch test user - to have a counterpart of Britta Simon in AirWatch that is linked to the Azure AD
1. In the Azure portal, on the AirWatch application integration page, find the Manage section and select
Single sign-on.
4. On the Basic SAML Configuration page, enter the values for the following fields:
https://<subdomain>.awmdm.com/AirWatch/Login?gid=companycode
b. In the Identifier (Entity ID ) text box, type the value as: AirWatch
NOTE
This value is not the real. Update this value with the actual Sign-on URL. Contact AirWatch Client support team to get
5. AirWatch application expects the SAML assertions in a specific format. Configure the following claims for
this application. You can manage the values of these attributes from the User Attributes section on
application integration page. On the Set up Single Sign-On with SAML page, click Edit button to open
User Attributes dialog.
6. In the User Claims section on the User Attributes dialog, edit the claims by using Edit icon or add the
claims by using Add new claim to configure SAML token attribute as shown in the image above and
UID user.userprincipalname
a. Click Add new claim to open the Manage user claims dialog.
b. In the Name textbox, type the attribute name shown for that row.
c. Leave the Namespace blank.
d. Select Source as Attribute.
e. From the Source attribute list, type the attribute value shown for that row.
f. Click Ok
g. Click Save.
Federation Metadata XML and select Download to download the Metadata XML and save it on your
computer.
8. On the Set up AirWatch section, copy the appropriate URL (s) based on your requirement.
Configure AirWatch SSO

1. In a different web browser window, sign in to your AirWatch company site as an administrator.
2. On the settings page. Select Settings > Enterprise Integration > Directory Services.
3. Click the User tab, in the Base DN textbox, type your domain name, and then click Save.
4. Click the Server tab.
5. Perform the following steps on the LDAP section:

a. As Directory Type, select None.
b. Select Use SAML For Authentication.
6. On the SAML 2.0 section, to upload the downloaded certificate, click Upload.
7. In the Request section, perform the following steps:
a. As Request Binding Type, select POST.

b. In the Azure portal, on the Configure single sign-on at AirWatch dialog page, copy the Login URL
value, and then paste it into the Identity Provider Single Sign On URL textbox.
c. As NameID Format, select Email Address.
d. As Authentication Request Security, select None.
e. Click Save.
8. Click the User tab again.
9. In the Attribute section, perform the following steps:
a. In the Object Identifier textbox, type http://schemas.microsoft.com/identity/claims/objectidentifier .

b. In the Username textbox, type http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress .
c. In the Display Name textbox, type http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname .
d. In the First Name textbox, type http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname .
e. In the Last Name textbox, type http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname .
f. In the Email textbox, type http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress .
g. Click Save.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to AirWatch.
2. In the applications list, select AirWatch.
Create AirWatch test user
To enable Azure AD users to sign in to AirWatch, they must be provisioned in to AirWatch. In the case of AirWatch,
1. Sign in to your AirWatch company site as administrator.
2. In the navigation pane on the left side, click Accounts, and then click Users.
3. In the Users menu, click List View, and then click Add > Add User.
4. On the Add / Edit User dialog, perform the following steps:
a. Type the Username, Password, Confirm Password, First Name, Last Name, Email Address of a valid
Azure Active Directory account you want to provision into the related textboxes.
b. Click Save.
NOTE
You can use any other AirWatch user account creation tools or APIs provided by AirWatch to provision Azure AD user
accounts.
Test SSO
When you select the AirWatch tile in the Access Panel, you should be automatically signed in to the AirWatch for
Alcumus Info Exchange
In this tutorial, you learn how to integrate Alcumus Info Exchange with Azure Active Directory (Azure AD ).
Integrating Alcumus Info Exchange with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Alcumus Info Exchange.
You can enable your users to be automatically signed-in to Alcumus Info Exchange (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Alcumus Info Exchange, you need the following items:
Alcumus Info Exchange single sign-on enabled subscription
Alcumus Info Exchange supports IDP initiated SSO
Adding Alcumus Info Exchange from the gallery

To configure the integration of Alcumus Info Exchange into Azure AD, you need to add Alcumus Info Exchange
To add Alcumus Info Exchange from the gallery, perform the following steps:
4. In the search box, type Alcumus Info Exchange, select Alcumus Info Exchange from result panel then

In this section, you configure and test Azure AD single sign-on with Alcumus Info Exchange based on a test user
in Alcumus Info Exchange needs to be established.
To configure and test Azure AD single sign-on with Alcumus Info Exchange, you need to complete the following
building blocks:
2. Configure Alcumus Info Exchange Single Sign-On - to configure the Single Sign-On settings on
application side.
5. Create Alcumus Info Exchange test user - to have a counterpart of Britta Simon in Alcumus Info Exchange
To configure Azure AD single sign-on with Alcumus Info Exchange, perform the following steps:
1. In the Azure portal, on the Alcumus Info Exchange application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type a URL using the following pattern: https://<subdomain>.info-exchange.com
https://<subdomain>.info-exchange.com/Auth/
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact Alcumus Info
Exchange Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
6. On the Set up Alcumus Info Exchange section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Alcumus Info Exchange Single Sign-On
To configure single sign-on on Alcumus Info Exchange side, you need to send the downloaded Federation
Metadata XML and appropriate copied URLs from Azure portal to Alcumus Info Exchange support team. They

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Alcumus Info Exchange.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Alcumus Info
Exchange.
2. In the applications list, select Alcumus Info Exchange.
Create Alcumus Info Exchange test user
In this section, you create a user called Britta Simon in Alcumus Info Exchange. Work with Alcumus Info Exchange
support team to add the users in the Alcumus Info Exchange platform. Users must be created and activated before
Test single sign-on
When you click the Alcumus Info Exchange tile in the Access Panel, you should be automatically signed in to the
Alcumus Info Exchange for which you set up SSO. For more information about the Access Panel, see Introduction
Tutorial: Integrate AlertOps with Azure Active
Directory
In this tutorial, you'll learn how to integrate AlertOps with Azure Active Directory (Azure AD ). When you integrate
AlertOps with Azure AD, you can:
Control in Azure AD who has access to AlertOps.
Enable your users to be automatically signed-in to AlertOps with their Azure AD accounts.
Prerequisites
AlertOps single sign-on (SSO ) enabled subscription.
In this tutorial, you configure and test Azure AD SSO in a test environment. AlertOps supports SP and IDP
initiated SSO.
Adding AlertOps from the gallery

To configure the integration of AlertOps into Azure AD, you need to add AlertOps from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type AlertOps in the search box.
6. Select AlertOps from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.

Configure and test Azure AD SSO with AlertOps using a test user called Britta Simon. For SSO to work, you
need to establish a link relationship between an Azure AD user and the related user in AlertOps.
To configure and test Azure AD SSO with AlertOps, complete the following building blocks:
1. Configure Azure AD SSO to enable your users to use this feature.
2. Configure AlertOps to configure the SSO settings on application side.
3. Create an Azure AD test user to test Azure AD single sign-on with Britta Simon.
4. Assign the Azure AD test user to enable Britta Simon to use Azure AD single sign-on.
5. Create AlertOps test user to have a counterpart of Britta Simon in AlertOps that is linked to the Azure AD
6. Test SSO to verify whether the configuration works.
1. In the Azure portal, on the AlertOps application integration page, find the Manage section and select
Single sign-on.
4. On the Basic SAML Configuration section, if you wish to configure the application in IDP initiated mode,
a. In the Identifier text box, type a URL using the following pattern: https://<SUBDOMAIN>.alertops.com
https://<SUBDOMAIN>.alertops.com/login.aspx
initiated mode:
https://<SUBDOMAIN>.alertops.com/login.aspx
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact
AlertOps Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
7. On the Set up AlertOps section, copy the appropriate URL (s) based on your requirement.
Configure AlertOps
1. To automate the configuration within AlertOps, you need to install My Apps Secure Sign-in browser
2. After adding extension to the browser, click on Setup AlertOps will direct you to the AlertOps application.
From there, provide the admin credentials to sign into AlertOps. The browser extension will automatically
configure the application for you and automate steps 3-5.
3. If you want to setup AlertOps manually, open a new web browser window and sign into your AlertOps
company site as an administrator and perform the following steps:
4. Click on the Account settings from the left navigation panel.
5. On the Subscription Settings page select SSO and perform the following steps:
a. Select Use Single Sign-On(SSO ) checkbox.

b. Select Azure Active Directory as an SSO Provider from the dropdown.
c. In the Issuer URL textbox, use the identifier value, which you have used in the Basic SAML
d. In the SAML endpoint URL textbox, paste the Login URL value, which you have copied from the Azure
portal.
e. In the SLO endpoint URL textbox, paste the Login URL value, which you have copied from the Azure
portal.
f. Select SHA256 as a SAML Signature Algorithm from the dropdown.
g. Open your downloaded Certificate(Base64) file in Notepad. Copy the content of it into your clipboard,
and then paste it to the X.509 Certificate text box.
In this section, you'll create a test user in the Azure portal called Britta Simon.
a. In the Name field, enter Britta Simon .
BrittaSimon@contoso.com .
box.
d. Click Create.
In this section, you'll enable Britta Simon to use Azure single sign-on by granting access to AlertOps.
2. In the applications list, select AlertOps.
5. In the Users and groups dialog, select Britta Simon from the Users list, then click the Select button at the
Create AlertOps test user
1. In a different browser window, sign in to your AlertOps company site as administrator.
2. Click on the Users from the left navigation panel.
3. Select Add User.
4. On the Add User dialog, perform the following steps:
a. In the Login User Name textbox, enter the user name of the user like Brittasimon.
b. In the Official Email textbox, enter the email address of the user like Brittasimon@contoso.com.
c. In the First Name textbox, enter the first name of user like Britta.
d. In the Last Name textbox, enter the first name of user like Simon.
e. Select the Type value from the dropdown as per your organization.
f. Select the Role of the user from the dropdown as per your organization.
g. Select Add.
Test SSO
When you select the AlertOps tile in the Access Panel, you should be automatically signed in to the AlertOps for
integration with Alibaba Cloud Service (Role-based
SSO)
In this tutorial, you'll learn how to integrate Alibaba Cloud Service (Role-based SSO ) with Azure Active Directory
(Azure AD ). When you integrate Alibaba Cloud Service (Role-based SSO ) with Azure AD, you can:
Control in Azure AD who has access to Alibaba Cloud Service (Role-based SSO ).
Enable your users to be automatically signed-in to Alibaba Cloud Service (Role-based SSO ) with their Azure
AD accounts.
Prerequisites
Alibaba Cloud Service (Role-based SSO ) single sign-on (SSO ) enabled subscription.
Alibaba Cloud Service (Role-based SSO ) supports IDP initiated SSO
Adding Alibaba Cloud Service (Role-based SSO) from the gallery

To configure the integration of Alibaba Cloud Service (Role-based SSO ) into Azure AD, you need to add Alibaba
Cloud Service (Role-based SSO ) from the gallery to your list of managed SaaS apps.
5. In the Add from the gallery section, type Alibaba Cloud Service (Role-based SSO ) in the search box.
6. Select Alibaba Cloud Service (Role-based SSO ) from results panel and then add the app. Wait a few
seconds while the app is added to your tenant.
7. On the Alibaba Cloud Service (Role-based SSO ) page, click Properties in the left-side navigation pane,
and copy the object ID and save it on your computer for subsequent use.
Configure and test Azure AD single sign-on for Alibaba Cloud Service
(Role-based SSO)
Configure and test Azure AD SSO with Alibaba Cloud Service (Role-based SSO ) using a test user called B.Simon.
For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in
Alibaba Cloud Service (Role-based SSO ).
To configure and test Azure AD SSO with Alibaba Cloud Service (Role-based SSO ), complete the following
building blocks:
a. Create an Azure AD test user - to test Azure AD single sign-on with Britta Simon.
b. Assign the Azure AD test user - to enable Britta Simon to use Azure AD single sign-on.
2. Configure Role-Based Single Sign-On in Alibaba Cloud Service - to enable your users to use this feature.
a. Configure Alibaba Cloud Service (Role-based SSO ) SSO - to configure the Single Sign-On settings
on application side.
b. Create Alibaba Cloud Service (Role-based SSO ) test user - to have a counterpart of Britta Simon in
Alibaba Cloud Service (Role-based SSO ) that is linked to the Azure AD representation of user.
3. Test single SSO - to verify whether the configuration works.

1. In the Azure portal, on the Alibaba Cloud Service (Role-based SSO ) application integration page, find
the Manage section and select single sign-on.
edit the settings.
4. On the Basic SAML Configuration section, if you have Service Provider metadata file, perform the
following steps:
NOTE
You will get the Service Provider metadata from this URL
a. Click Upload metadata file.

b. Click on folder logo to select the metadata file and click Upload.
c. Once the metadata file is successfully uploaded, the Identifier and Reply URL values get auto populated
in Alibaba Cloud Service (Role-based SSO ) section textbox:
NOTE
If the Identifier and Reply URL values do not get auto populated, then fill in the values manually according to your
requirement.
5. Alibaba Cloud Service (Role-based SSO ) require roles to be configured in Azure AD. The role claim is pre-
configured so you don't have to configure it but you still need to create them in Azure AD using this article.
computer.
7. On the Set up Alibaba Cloud Service (Role-based SSO ) section, copy the appropriate URL (s) based on
your requirement.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Alibaba Cloud Service
(Role-based SSO ).
2. In the applications list, select Alibaba Cloud Service (Role-based SSO ).
5. On the Users and groups tab, select u2 from the user list, and click Select. Then, click Assign.
6. View the assigned role and test Alibaba Cloud Service (Role-based SSO ).
NOTE
After you assign the user (u2), the created role is automatically attached to the user. If you have created multiple
roles, you need to attach the appropriate role to the user as needed. If you want to implement role-based SSO from
Azure AD to multiple Alibaba Cloud accounts, repeat the preceding steps.
Configure Role-Based Single Sign-On in Alibaba Cloud Service

1. Sign in to the Alibaba Cloud RAM console by using Account1.
2. In the left-side navigation pane, select SSO.
3. On the Role-based SSO tab, click Create IdP.
4. On the displayed page, enter AAD in the IdP Name field, enter a description in the Note field, click Upload
to upload the federation metadata file you downloaded before, and click OK.
5. After the IdP is successfully created, click Create RAM Role.
6. In the RAM Role Name field enter AADrole , select AAD from the Select IdP drop-down list and click OK.
NOTE
You can grant permission to the role as needed. After creating the IdP and the corresponding role, we recommend
that you save the ARNs of the IdP and the role for subsequent use. You can obtain the ARNs on the IdP information
page and the role information page.
7. Associate the Alibaba Cloud RAM role (AADrole) with the Azure AD user (u2): To associate the RAM role
with the Azure AD user, you must create a role in Azure AD by following these steps:
a. Sign on to the Azure AD Graph Explorer.
b. Click modify permissions to obtain required permissions for creating a role.
c. Select the following permissions from the list and click Modify Permissions, as shown in the following
figure.
NOTE
After permissions are granted, log on to the Graph Explorer again.
d. On the Graph Explorer page, select GET from the first drop-down list and beta from the second drop-
down list. Then enter https://graph.microsoft.com/beta/servicePrincipals in the field next to the drop-down
lists, and click Run Query.
NOTE
If you are using multiple directories, you can enter
https://graph.microsoft.com/beta/contoso.com/servicePrincipals in the field of the query.
e. In the Response Preview section, extract the appRoles property from the 'Service Principal' for
subsequent use.
NOTE
You can locate the appRoles property by entering
https://graph.microsoft.com/beta/servicePrincipals/<objectID> in the field of the query. Note that the
objectID is the object ID you have copied from the Azure AD Properties page.
f. Go back to the Graph Explorer, change the method from GET to PATCH, paste the following content into
the Request Body section, and click Run Query:
{
"appRoles": [
{
"allowedMemberTypes":[
"User"
],
"description": "msiam_access",
"displayName": "msiam_access",
"id": "41be2db8-48d9-4277-8e86-f6d22d35****",
"isEnabled": true,
"origin": "Application",
"value": null
},
{ "allowedMemberTypes": [
"User"
],
"description": "Admin,AzureADProd",
"displayName": "Admin,AzureADProd",
"id": "68adae10-8b6b-47e6-9142-6476078cdbce",
"isEnabled": true,
"origin": "ServicePrincipal",
"value": "acs:ram::187125022722****:role/aadrole,acs:ram::187125022722****:saml-provider/AAD"
}
]
}
NOTE
The value is the ARNs of the IdP and the role you created in the RAM console. Here, you can add multiple roles as
needed. Azure AD will send the value of these roles as the claim value in SAML response. However, you can only add
new roles after the msiam_access part for the patch operation. To smooth the creation process, we recommend
that you use an ID generator, such as GUID Generator, to generate IDs in real time.
g. After the 'Service Principal' is patched with the required role, attach the role with the Azure AD user (u2)
by following the steps of Assign the Azure AD test user section of the tutorial.
Configure Alibaba Cloud Service (Role -based SSO ) SSO
To configure single sign-on on Alibaba Cloud Service (Role-based SSO ) side, you need to send the
downloaded Federation Metadata XML and appropriate copied URLs from Azure portal to Alibaba Cloud
Service (Role-based SSO ) support team. They set this setting to have the SAML SSO connection set properly on
both sides.
Create Alibaba Cloud Service (Role -based SSO ) test user
In this section, you create a user called Britta Simon in Alibaba Cloud Service (Role-based SSO ). Work with
Alibaba Cloud Service (Role-based SSO ) support team to add the users in the Alibaba Cloud Service (Role-based
SSO ) platform. Users must be created and activated before you use single sign-on.
Test SSO
After the preceding configurations are completed, test Alibaba Cloud Service (Role-based SSO ) by following these
steps:
1. In the Azure portal, go to the Alibaba Cloud Service (Role-based SSO ) page, select Single sign-on, and
click Test.
2. Click Sign in as current user.
3. On the account selection page, select u2.
4. The following page is displayed, indicating that role-based SSO is successful.
Try Alibaba Cloud Service (Role-based SSO ) with Azure AD
Allbound SSO
In this tutorial, you learn how to integrate Allbound SSO with Azure Active Directory (Azure AD ). Integrating
Allbound SSO with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Allbound SSO.
You can enable your users to be automatically signed-in to Allbound SSO (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Allbound SSO, you need the following items:
Allbound SSO single sign-on enabled subscription
Allbound SSO supports SP and IDP initiated SSO
Allbound SSO supports Just In Time user provisioning
Adding Allbound SSO from the gallery

To configure the integration of Allbound SSO into Azure AD, you need to add Allbound SSO from the gallery to
To add Allbound SSO from the gallery, perform the following steps:
4. In the search box, type Allbound SSO, select Allbound SSO from result panel then click Add button to
add the application.

In this section, you configure and test Azure AD single sign-on with Allbound SSO based on a test user called
Allbound SSO needs to be established.
To configure and test Azure AD single sign-on with Allbound SSO, you need to complete the following building
blocks:
2. Configure Allbound SSO Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Allbound SSO test user - to have a counterpart of Britta Simon in Allbound SSO that is linked to the
To configure Azure AD single sign-on with Allbound SSO, perform the following steps:
1. In the Azure portal, on the Allbound SSO application integration page, select Single sign-on.
3. On the Set-up Single Sign-On with SAML page, click Edit icon to open Basic SAML Configuration
dialog.
a. In the Identifier text box, type a URL using the following pattern: https://<SUBDOMAIN>.allbound.com/
b. In the Reply URL text box, type a URL using the following pattern: https://<SUBDOMAIN>.allbound.com/acs
initiated mode:
In the Sign-on URL text box, type a URL using the following pattern: https://<SUBDOMAIN>.allbound.com/
NOTE
Allbound SSO Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
7. On the Set up Allbound SSO section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Allbound SSO Single Sign-On
To configure single sign-on on Allbound SSO side, you need to send the downloaded Federation Metadata
XML and appropriate copied URLs from Azure portal to Allbound SSO support team. They set this setting to have
the SAML SSO connection set properly on both sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Allbound SSO.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Allbound SSO.
2. In the applications list, select Allbound SSO.

Create Allbound SSO test user
In this section, a user called Britta Simon is created in Allbound SSO. Allbound SSO supports just-in-time user
exist in Allbound SSO, a new one is created after authentication.
NOTE
If you need to create a user manually, contact Allbound SSO support team.
Test single sign-on
When you click the Allbound SSO tile in the Access Panel, you should be automatically signed in to the Allbound
SSO for which you set up SSO. For more information about the Access Panel, see Introduction to the Access Panel.
Allocadia
In this tutorial, you learn how to integrate Allocadia with Azure Active Directory (Azure AD ). Integrating Allocadia
with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Allocadia.
You can enable your users to be automatically signed-in to Allocadia (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Allocadia, you need the following items:
Allocadia single sign-on enabled subscription
Allocadia supports IDP initiated SSO
Allocadia supports Just In Time user provisioning
Adding Allocadia from the gallery

To configure the integration of Allocadia into Azure AD, you need to add Allocadia from the gallery to your list of
managed SaaS apps.
To add Allocadia from the gallery, perform the following steps:
4. In the search box, type Allocadia, select Allocadia from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Allocadia based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Allocadia
To configure and test Azure AD single sign-on with Allocadia, you need to complete the following building blocks:
2. Configure Allocadia Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Allocadia test user - to have a counterpart of Britta Simon in Allocadia that is linked to the Azure AD
To configure Azure AD single sign-on with Allocadia, perform the following steps:
1. In the Azure portal, on the Allocadia application integration page, select Single sign-on.
dialog.
For test environment - https://na2standby.allocadia.com
For production environment - https://na2.allocadia.com
For test environment - https://na2standby.allocadia.com/allocadia/saml/SSO
For production environment - https://na2.allocadia.com/allocadia/saml/SSO
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact Allocadia Client
5. Allocadia application expects the SAML assertions in a specific format. Configure the following claims for
firstname user.givenname
lastname user.surname
email user.mail
f. Click Ok
g. Click Save.
8. On the Set up Allocadia section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Allocadia Single Sign-On
To configure single sign-on on Allocadia side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to Allocadia support team. They set this setting to have the SAML

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Allocadia.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Allocadia.
2. In the applications list, select Allocadia.

Create Allocadia test user
In this section, a user called Britta Simon is created in Allocadia. Allocadia supports just-in-time user provisioning,
which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in
Allocadia, a new one is created after authentication.
Test single sign-on
When you click the Allocadia tile in the Access Panel, you should be automatically signed in to the Allocadia for
Tutorial: Integrate Amazon Business with Azure Active
Directory
In this tutorial, you'll learn how to integrate Amazon Business with Azure Active Directory (Azure AD ). When you
integrate Amazon Business with Azure AD, you can:
Control in Azure AD who has access to Amazon Business.
Enable your users to be automatically signed-in to Amazon Business with their Azure AD accounts.
Prerequisites
An Amazon Business single sign-on (SSO ) enabled subscription. Go to the Amazon Business page to create an
Amazon Business account.
In this tutorial, you configure and test Azure AD SSO in an existing Amazon Business account.
Amazon Business supports SP and IDP initiated SSO
Amazon Business supports Just In Time user provisioning
Adding Amazon Business from the gallery

To configure the integration of Amazon Business into Azure AD, you need to add Amazon Business from the
5. In the Add from the gallery section, type Amazon Business in the search box.
6. Select Amazon Business from results panel and then add the app. Wait a few seconds while the app is added
to your tenant.

Configure and test Azure AD SSO with Amazon Business using a test user called B.Simon.
To configure and test Azure AD SSO with Amazon Business, complete the following building steps:
2. Configure Amazon Business SSO - to configure the Single Sign-On settings on application side.
5. Create Amazon Business test user - to have a counterpart of B.Simon in Amazon Business that is linked to
1. In the Azure portal, on the Amazon Business application integration page, find the Manage section and
4. On the Basic SAML Configuration section, if you wish to configure in IDP initiated mode, perform the
following steps:
a. In the Identifier (Entity ID ) text box, type a URL using one of the following patterns:
https://www.amazon.com
https://www.amazon.co.jp
https://www.amazon.de
b. In the Reply URL text box, type a URL using one of the following patterns:
https://www.amazon.com/bb/feature/sso/action/3p_redirect?
idpid={idpid}
https://www.amazon.co.jp/bb/feature/sso/action/3p_redirect?
idpid={idpid}
https://www.amazon.de/bb/feature/sso/action/3p_redirect?
idpid={idpid}
NOTE
The Reply URL value is not real. Update this value with the actual Reply URL. You will get the <idpid> value
from the Amazon Business SSO configuration section, which is explained later in the tutorial. You can also refer
to the patterns shown in the Basic SAML Configuration section in the Azure portal.
initiated mode:
In the Sign-on URL text box, type a URL: https://www.amazon.com/
6. The following screenshot shows the list of default attributes. Edit the attributes by clicking on the Edit icon
in the User Attributes & Claims section.
7. Edit Attributes and copy Namespace value of these attributes into the Notepad.
8. In addition to above, Amazon Business application expects few more attributes to be passed back in SAML
response. In the User Attributes & Claims section on the Group Claims dialog, perform the following
steps:
a. Click the pen next to Groups returned in claim.
b. Select All Groups from the radio list.
c. Select Group ID as Source attribute.
d. Check Customize the name of the group claim checkbox and enter the group name according to your
Organization requirement.
e. Click Save.
Metadata XML and select Download to download the certificate and save it on your computer.
10. On the Set up Amazon Business section, copy the appropriate URL (s) based on your requirement.
Configure Amazon Business SSO
1. In a different web browser window, sign in to your Amazon Business company site as an administrator.
2. Click on the User Profile and select Business Settings.
3. On the System integrations wizard, select Single Sign-On (SSO ).
4. On the Set up SSO wizard, select the provider according to your Organizational requirements and click
Next.
5. On the New user account defaults wizard, select the Default Group and then select Default Buying
Role according to user role in your Organization and click Next.
6. On the Upload your metadata file wizard, click Browse to upload the Metadata XML file, which you
have downloaded from the Azure portal and click Upload.
7. After uploading the downloaded metadata file, the fields in the Connection data section will populate
automatically. After that click Next.
8. On the Upload your Attribute statement wizard, click Skip.
9. On the Attribute mapping wizard, add the requirement fields by clicking the + Add a field option. Add
the attribute values including the namespace, which you have copied from the User Attributes & Claims
section of Azure portal into the SAML AttributeName field, and click Next.
10. On the Amazon connection data wizard, click Next.
11. Please check the Status of the steps which have been configured and click Start testing.
12. On the Test SSO Connection wizard, click Test.
13. On the IDP initiated URL wizard, before you click Activate, copy the value which is assigned to idpid and
paste into the idpid parameter in the Reply URL in the Basic SAML Configuration section in the Azure
portal.
14. On the Are you ready to switch to active SSO? wizard, check I have fully tested SSO and am ready to
go live checkbox and click on Switch to active.
15. Finally in the SSO Connection details section the Status is shown as Active.

NOTE
Adminstrators need to create the test users in their tenant if needed. Following steps show how to create a test user.
box.
d. Click Create.
Create an Azure AD Security Group in the Azure portal
1. Click on Azure Active Directory > All Groups.
2. Click New group:
3. Fill in Group type, Group name, Group description, Membership type. Click on the arrow to select
members, then search for or click on the member you will like to add to the group. Click on Select to add
the selected members, then click on Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Amazon Business.
2. In the applications list, select Amazon Business.
NOTE
If you do not assign the users in the Azure AD, you get the following error.
Assign the Azure AD Security Group in the Azure portal

1. In the Azure portal, select Enterprise Applications, select All applications, then select Amazon
Business.
2. In the applications list, type and select Amazon Business.

4. Click the Add user.
5. Search for the Security Group you want to use, then click on the group to add it to the Select members
section. Click Select, then click Assign.
NOTE
Check the notifications in the menu bar to be notified that the Group was successfully assigned to the Enterprise
application in the Azure portal.
Create Amazon Business test user

In this section, a user called B.Simon is created in Amazon Business. Amazon Business supports just-in-time user
exist in Amazon Business, a new one is created after authentication.
Test SSO
When you click the Amazon Business tile in the Access Panel, you should be automatically signed in to the Amazon
Business for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
integration with Amazon Web Services (AWS)
In this tutorial, you'll learn how to integrate Amazon Web Services (AWS ) with Azure Active Directory (Azure AD ).
When you integrate Amazon Web Services (AWS ) with Azure AD, you can:
Control in Azure AD who has access to Amazon Web Services (AWS ).
Enable your users to be automatically signed-in to Amazon Web Services (AWS ) with their Azure AD accounts.
You can configure multiple identifiers for multiple instances. For example:
https://signin.aws.amazon.com/saml#1
With these values, Azure AD removes the value of #, and sends the correct value
https://signin.aws.amazon.com/saml as the audience URL in the SAML token.
We recommend this approach for the following reasons:

Each application provides you with a unique X509 certificate. Each instance of an AWS app instance can then
have a different certificate expiry date, which can be managed on an individual AWS account basis. Overall
certificate rollover is easier in this case.
You can enable user provisioning with an AWS app in Azure AD, and then our service fetches all the roles
from that AWS account. You don’t have to manually add or update the AWS roles on the app.
You can assign the app owner individually for the app. This person can manage the app directly in Azure AD.
NOTE
Make sure you use a gallery application only.
Prerequisites
An AWS single sign-on (SSO ) enabled subscription.
Amazon Web Services (AWS ) supports SP and IDP initiated SSO
NOTE
Adding Amazon Web Services (AWS) from the gallery

To configure the integration of Amazon Web Services (AWS ) into Azure AD, you need to add Amazon Web
Services (AWS ) from the gallery to your list of managed SaaS apps.
5. In the Add from the gallery section, type Amazon Web Services (AWS ) in the search box.
6. Select Amazon Web Services (AWS ) from results panel and then add the app. Wait a few seconds while the
Configure and test Azure AD single sign-on for Amazon Web Services
(AWS)
Configure and test Azure AD SSO with Amazon Web Services (AWS ) using a test user called B.Simon. For SSO to
work, you need to establish a link relationship between an Azure AD user and the related user in Amazon Web
Services (AWS ).
To configure and test Azure AD SSO with Amazon Web Services (AWS ), complete the following building blocks:
2. Configure Amazon Web Services (AWS ) SSO - to configure the single sign-on settings on application side.
a. Create Amazon Web Services (AWS ) test user - to have a counterpart of B.Simon in Amazon Web
Services (AWS ) that is linked to the Azure AD representation of user.
b. How to configure role provisioning in Amazon Web Services (AWS )
1. In the Azure portal, on the Amazon Web Services (AWS ) application integration page, find the Manage
edit the settings.
4. On the Basic SAML Configuration section, the application is pre-configured, and the necessary URLs are
already pre-populated with Azure. The user needs to save the configuration by selecting Save.
5. When you are configuring more than one instance, provide an identifier value. From second instance
onwards, use the following format, including a # sign to specify a unique SPN value.
computer.
7. On the Set up Amazon Web Services (AWS ) section, copy the appropriate URL (s) based on your
requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Amazon Web Services
(AWS ).
2. In the applications list, select Amazon Web Services (AWS ).
Configure Amazon Web Services (AWS) SSO

1. In a different browser window, sign-on to your AWS company site as an administrator.
2. Select AWS Home.
3. Select Identity and Access Management.
4. Select Identity Providers > Create Provider.

5. On the Configure Provider page, perform the following steps:
a. For Provider Type, select SAML.

b. For Provider Name, type a provider name (for example: WAAD).
c. To upload your downloaded metadata file from the Azure portal, select Choose File.
d. Select Next Step.
6. On the Verify Provider Information page, select Create.
7. Select Roles > Create role.
8. On the Create role page, perform the following steps:

a. Under Select type of trusted entity, select SAML 2.0 federation.
b. Under Choose a SAML 2.0 Provider, select the SAML provider you created previously (for example:
WAAD).
c. Select Allow programmatic and AWS Management Console access.
d. Select Next: Permissions.
9. On the Attach permissions policies dialog box, attach the appropriate policy, per your organization. Then
select Next: Review.
10. On the Review dialog box, perform the following steps:
a. In Role name, enter your role name.

b. In Role description, enter the description.
c. Select Create role.
d. Create as many roles as needed, and map them to the identity provider.
11. Use AWS service account credentials for fetching the roles from the AWS account in Azure AD user
provisioning. For this, open the AWS console home.
12. Select Services. Under Security, Identity & Compliance, select IAM.
13. In the IAM section, select Policies.
14. Create a new policy by selecting Create policy for fetching the roles from the AWS account in Azure AD
user provisioning.
15. Create your own policy to fetch all the roles from AWS accounts.
a. In Create policy, select the JSON tab.

b. In the policy document, add the following JSON:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iam:ListRoles"
],
"Resource": "*"
}
]
}
c. Select Review policy to validate the policy.

16. Define the new policy.
a. For Name, enter AzureAD_SSOUserRole_Policy.

b. For Description, enter This policy will allow to fetch the roles from AWS accounts.
c. Select Create policy.
17. Create a new user account in the AWS IAM service.
a. In the AWS IAM console, select Users.
b. To create a new user, select Add user.
c. In the Add user section:
Enter the user name as AzureADRoleManager.

For the access type, select Programmatic access. This way, the user can invoke the APIs and fetch
the roles from the AWS account.
Select Next Permissions.
18. Create a new policy for this user.
a. Select Attach existing policies directly.
b. Search for the newly created policy in the filter section AzureAD_SSOUserRole_Policy.
c. Select the policy, and then select Next: Review.
19. Review the policy to the attached user.
a. Review the user name, access type, and policy mapped to the user.
b. Select Create user.
20. Download the user credentials of a user.
a. Copy the user Access key ID and Secret access key.

b. Enter these credentials into the Azure AD user provisioning section to fetch the roles from the AWS
console.
c. Select Close.
How to configure role provisioning in Amazon Web Services (AWS )
1. In the Azure AD management portal, in the AWS app, go to Provisioning.
2. Enter the access key and secret in the clientsecret and Secret Token fields, respectively.
a. Enter the AWS user access key in the clientsecret field.

b. Enter the AWS user secret in the Secret Token field.
c. Select Test Connection.
d. Save the setting by selecting Save.
3. In the Settings section, for Provisioning Status, select On. Then select Save.
NOTE
Provisioning service will only import roles from AWS to Azure AD. This service will not provision users and groups from Azure
AD back to AWS.
Create Amazon Web Services (AWS ) test user

The objective of this section is to create a user called B.Simon in Amazon Web Services (AWS ). Amazon Web
Services (AWS ) doesn't need a user to be created in their system for SSO, so you don't need to perform any action
here.
Test SSO
When you click the Amazon Web Services (AWS ) tile in the Access Panel, you should be automatically signed in to
the Amazon Web Services (AWS ) for which you set up SSO. For more information about the Access Panel, see
Known issues
In the Provisioning section, the Mappings subsection shows a "Loading..." message, and never displays the
attribute mappings. The only provisioning workflow supported today is the import of roles from AWS into
Azure AD for selection during a user or group assignment. The attribute mappings for this are
predetermined, and aren't configurable.
The Provisioning section only supports entering one set of credentials for one AWS tenant at a time. All
imported roles are written to the appRoles property of the Azure AD servicePrincipal object for the AWS
tenant.
Multiple AWS tenants (represented by servicePrincipals ) can be added to Azure AD from the gallery for
provisioning. There's a known issue, however, with not being able to automatically write all of the imported
roles from the multiple AWS servicePrincipals used for provisioning into the single servicePrincipal used
for SSO.
As a workaround, you can use the Microsoft Graph API to extract all of the appRoles imported into each
AWS servicePrincipal where provisioning is configured. You can subsequently add these role strings to the
AWS servicePrincipal where SSO is configured.
Roles must meet the following requirements to be eligible to be imported from AWS into Azure AD:
Roles must have exactly one saml-provider defined in AWS
The combined length of the role ARN and the saml-provider ARN for a role being imported must be
119 characters or less
Try Amazon Web Services (AWS ) with Azure AD
multiple Amazon Web Services (AWS) accounts
In this tutorial, you learn how to integrate Azure Active Directory (Azure AD ) with multiple accounts of Amazon
Web Services (AWS ).
Integrating Amazon Web Services (AWS ) with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Amazon Web Services (AWS ).
You can enable your users to automatically get signed-on to Amazon Web Services (AWS ) (Single Sign-On)
with their Azure AD accounts.
If you want to know more details about SaaS app integration with Azure AD, see what is application access and
single sign-on with Azure Active Directory.
NOTE
Please note connecting one AWS app to all your AWS accounts is not our recommended approach. Instead we recommend
you to use this approach to configure multiple instances of AWS account to Multiple instances of AWS apps in Azure AD.
Please note that we do not recommend to use this approach for following reasons:
You have to use the Graph Explorer approach to patch all the roles to the app. We don’t recommend using
the manifest file approach.
We have seen customers reporting that after adding ~1200 app roles for a single AWS app, any operation
on the app started throwing the errors related to size. There is a hard limit of size on the application object.
You have to manually update the role as the roles get added in any of the accounts, which is a Replace
approach and not Append unfortunately. Also if your accounts are growing then this becomes n x n
relationship with accounts and roles.
All the AWS accounts will be using the same Federation Metadata XML file and at the time of certificate
rollover you have to drive this massive exercise to update the Certificate on all the AWS accounts at the
same time
Prerequisites
To configure Azure AD integration with Amazon Web Services (AWS ), you need the following items:
Amazon Web Services (AWS ) single sign-on enabled subscription
NOTE
To test the steps in this tutorial, we do not recommend using a production environment.
To test the steps in this tutorial, you should follow these recommendations:
Do not use your production environment, unless it is necessary.
If you don't have an Azure AD trial environment, you can get a one-month trial.
Amazon Web Services (AWS ) supports SP and IDP initiated SSO
Adding Amazon Web Services (AWS) from the gallery

To configure the integration of Amazon Web Services (AWS ) into Azure AD, you need to add Amazon Web
Services (AWS ) from the gallery to your list of managed SaaS apps.
To add Amazon Web Services (AWS ) from the gallery, perform the following steps:
4. In the search box, type Amazon Web Services (AWS ), select Amazon Web Services (AWS ) from result
5. Once the application is added, go to Properties page and copy the Object ID.

In this section, you configure and test Azure AD single sign-on with Amazon Web Services (AWS ) based on a test
user called "Britta Simon".
For single sign-on to work, Azure AD needs to know what the counterpart user in Amazon Web Services (AWS ) is
to a user in Azure AD. In other words, a link relationship between an Azure AD user and the related user in
Amazon Web Services (AWS ) needs to be established.
In Amazon Web Services (AWS ), assign the value of the user name in Azure AD as the value of the Username to
establish the link relationship.
To configure and test Azure AD single sign-on with Amazon Web Services (AWS ), you need to complete the
following building blocks:
2. Configure Amazon Web Services (AWS ) Single Sign-On - to configure the Single Sign-On settings on
application side.
In this section, you enable Azure AD single sign-on in the Azure portal and configure single sign-on in your
Amazon Web Services (AWS ) application.
To configure Azure AD single sign-on with Amazon Web Services (AWS ), perform the following steps:
1. In the Azure portal, on the Amazon Web Services (AWS ) application integration page, select Single sign-
on.
dialog.
5. Amazon Web Services (AWS ) application expects the SAML assertions in a specific format. Configure the
following claims for this application. You can manage the values of these attributes from the User
Attributes & Claims section on application integration page. On the Set up Single Sign-On with SAML
page, click Edit button to open User Attributes & Claims dialog.
6. In the User Claims section on the User Attributes dialog, configure SAML token attribute as shown in the
image above and perform the following steps:
NAME SOURCE ATTRIBUTE NAMESPACE
RoleSessionName user.userprincipalname https://aws.amazon.com/SAML/Attrib

utes
Role user.assignedroles https://aws.amazon.com/SAML/Attrib

utes
SessionDuration "provide a value between 900 https://aws.amazon.com/SAML/Attrib

seconds (15 minutes) to 43200 utes
seconds (12 hours)"
c. In the Namespace textbox, type the Namespace value shown for that row.
f. Click Ok
g. Click Save.
Download to download the Federation Metadata XML and save it on your computer.
Configure Amazon Web Services (AWS ) Single Sign-On

1. In a different browser window, sign-on to your Amazon Web Services (AWS ) company site as administrator.
2. Click AWS Home.
3. Click Identity and Access Management.

4. Click Identity Providers, and then click Create Provider.
5. On the Configure Provider dialog page, perform the following steps:
a. As Provider Type, select SAML.

b. In the Provider Name textbox, type a provider name (for example: WAAD).
c. To upload your downloaded metadata file from Azure portal, click Choose File.
d. Click Next Step.
6. On the Verify Provider Information dialog page, click Create.
7. Click Roles, and then click Create role.

8. On the Create role page, perform the following steps:
a. Select SAML 2.0 federation under Select type of trusted entity.

b. Under Choose a SAML 2.0 Provider section, select the SAML provider you have created previously
(for example: WAAD)
c. Select Allow programmatic and AWS Management Console access.
d. Click Next: Permissions.
9. On the Attach Permissions Policies dialog, please attach appropriate policy as per your organization. Click
Next: Review.
10. On the Review dialog, perform the following steps:
a. In the Role name textbox, enter your Role name.

b. In the Role description textbox, enter the description.
c. Click Create Role.
d. Create as many roles as needed and map them to the Identity Provider.
11. Sign out from current AWS account and login with other account where you want to configure single sign
on with Azure AD.
12. Perform step-2 to step-10 to create multiple roles that you want to setup for this account. If you have more
than two accounts, please perform the same steps for all the accounts to create roles for them.
13. Once all the roles are created in the accounts, they show up in the Roles list for those accounts.
14. We need to capture all the Role ARN and Trusted Entities for all the roles across all the accounts, which we
need to map manually with Azure AD application.
15. Click on the roles to copy Role ARN and Trusted Entities values. You need these values for all the roles
that you need to create in Azure AD.
16. Perform the above step for all the roles in all the accounts and store all of them in format Role
ARN,Trusted entities in a notepad.
17. Open Azure AD Graph Explorer in another window.
a. Sign in to the Graph Explorer site using the Global Admin/Co-admin credentials for your tenant.
b. You need to have sufficient permissions to create the roles. Click on modify permissions to get the
required permissions.
c. Select following permissions from the list (if you don't have these already) and click "Modify Permissions"
d. This will ask you to login again and accept the consent. After accepting the consent, you are logged into
the Graph Explorer again.
e. Change the version dropdown to beta. To fetch all the Service Principals from your tenant, use the
following query:
https://graph.microsoft.com/beta/servicePrincipals
If you are using multiple directories, then you can use following pattern, which has your primary domain in
it https://graph.microsoft.com/beta/contoso.com/servicePrincipals
f. From the list of Service Principals fetched, get the one you need to modify. You can also use the Ctrl+F to
search the application from all the listed ServicePrincipals. You can use following query by using the Object
id which you have copied from Azure AD Properties page to get to the respective Service Principal.
https://graph.microsoft.com/beta/servicePrincipals/<objectID> .
g. Extract the appRoles property from the service principal object.
h. You now need to generate new roles for your application.

i. Below JSON is an example of appRoles object. Create a similar object to add the roles you want for your
application.
{
"appRoles": [
{
"allowedMemberTypes": [
"User"
],
"description": "msiam_access",
"displayName": "msiam_access",
"id": "7dfd756e-8c27-4472-b2b7-38c17fc5de5e",
"isEnabled": true,
"origin": "Application",
"value": null
},
{
"User"
],
"description": "Admin,WAAD",
"displayName": "Admin,WAAD",
"id": "4aacf5a4-f38b-4861-b909-bae023e88dde",
"isEnabled": true,
"value": "arn:aws:iam::12345:role/Admin,arn:aws:iam::12345:saml-provider/WAAD"
},
{
"User"
],
"description": "Auditors,WAAD",
"displayName": "Auditors,WAAD",
"id": "bcad6926-67ec-445a-80f8-578032504c09",
"isEnabled": true,
"value": "arn:aws:iam::12345:role/Auditors,arn:aws:iam::12345:saml-provider/WAAD"
} ]
}
NOTE
You can only add new roles after the msiam_access for the patch operation. Also, you can add as many roles as you
want per your Organization need. Azure AD will send the value of these roles as the claim value in SAML response.
j. Go back to your Graph Explorer and change the method from GET to PATCH. Patch the Service Principal
object to have desired roles by updating appRoles property similar to the one shown above in the example.
Click Run Query to execute the patch operation. A success message confirms the creation of the role for
your Amazon Web Services application.
18. After the Service Principal is patched with more roles, you can assign Users/Groups to the respective roles.
This can be done by going to portal and navigating to the Amazon Web Services application. Click on the
Users and Groups tab on the top.
19. We recommend you to create new groups for every AWS role so that you can assign that particular role in
that group. Note that this is one to one mapping for one group to one role. You can then add the members
who belong to that group.
20. Once the Groups are created, select the group and assign to the application.
NOTE
Nested groups are not supported when assigning groups.
21. To assign the role to the group, select the role and click on Assign button in the bottom of the page.
NOTE
Please note that you need to refresh your session in Azure portal to see new roles.
Test single sign-on

When you click the Amazon Web Services (AWS ) tile in the Access Panel, you should get Amazon Web Services
(AWS ) application page with option to select the role.
You can also verify the SAML response to see the roles being passed as claims.
For more information about the Access Panel, see Introduction to the Access Panel.
How to configure provisioning using MS Graph APIs
AMMS
In this tutorial, you learn how to integrate AMMS with Azure Active Directory (Azure AD ). Integrating AMMS with
You can control in Azure AD who has access to AMMS.
You can enable your users to be automatically signed-in to AMMS (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with AMMS, you need the following items:
AMMS single sign-on enabled subscription
AMMS supports SP initiated SSO
Adding AMMS from the gallery

To configure the integration of AMMS into Azure AD, you need to add AMMS from the gallery to your list of
managed SaaS apps.
To add AMMS from the gallery, perform the following steps:
4. In the search box, type AMMS, select AMMS from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with AMMS based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in AMMS
To configure and test Azure AD single sign-on with AMMS, you need to complete the following building blocks:
2. Configure AMMS Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create AMMS test user - to have a counterpart of Britta Simon in AMMS that is linked to the Azure AD
To configure Azure AD single sign-on with AMMS, perform the following steps:
1. In the Azure portal, on the AMMS application integration page, select Single sign-on.
dialog.

https://<SUBDOMAIN>.microwestcloud.com/amms/pages/login.aspx
<SUBDOMAIN>.microwestcloud.com/amms
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact AMMS Client
Configure AMMS Single Sign-On

To configure single sign-on on AMMS side, you need to send the App Federation Metadata Url to AMMS

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to AMMS.
1. In the Azure portal, select Enterprise Applications, select All applications, then select AMMS.
2. In the applications list, select AMMS.
Create AMMS test user
In this section, you create a user called Britta Simon in AMMS. Work with AMMS support team to add the users in
the AMMS platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the AMMS tile in the Access Panel, you should be automatically signed in to the AMMS for which
integration with Amplitude
In this tutorial, you'll learn how to integrate Amplitude with Azure Active Directory (Azure AD ). When you
integrate Amplitude with Azure AD, you can:
Control in Azure AD who has access to Amplitude.
Enable your users to be automatically signed-in to Amplitude with their Azure AD accounts.
Prerequisites
Amplitude single sign-on (SSO ) enabled subscription.
Amplitude supports SP and IDP initiated SSO
Amplitude supports Just In Time user provisioning
Adding Amplitude from the gallery

To configure the integration of Amplitude into Azure AD, you need to add Amplitude from the gallery to your list
5. In the Add from the gallery section, type Amplitude in the search box.
6. Select Amplitude from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Amplitude

Configure and test Azure AD SSO with Amplitude using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Amplitude.
To configure and test Azure AD SSO with Amplitude, complete the following building blocks:
2. Configure Amplitude SSO - to configure the single sign-on settings on application side.
Create Amplitude test user - to have a counterpart of B.Simon in Amplitude that is linked to the Azure

1. In the Azure portal, on the Amplitude application integration page, find the Manage section and select
single sign-on.
edit the settings.
enter the values for the following fields:
a. In the Identifier text box, type a URL: https://amplitude.com/saml/sso/metadata
https://analytics.amplitude.com/saml/sso/<uniqueid>
NOTE
The Reply URL value is not real. You will get the Reply URL value later in this tutorial.
initiated mode:
In the Sign-on URL text box, type a URL: https://analytics.amplitude.com/sso
computer.
7. On the Set up Amplitude section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Amplitude.
2. In the applications list, select Amplitude.
Configure Amplitude SSO

1. To automate the configuration within Amplitude, you need to install My Apps Secure Sign-in browser
2. After adding extension to the browser, click on Set up Amplitude will direct you to the Amplitude
application. From there, provide the admin credentials to sign into Amplitude. The browser extension will
3. If you want to setup Amplitude manually, open a new web browser window and sign into your Amplitude
4. Click on the Plan Admin from the left navigation bar.
5. Select Microsoft Azure Active Directory Metadata from the SSO Integration.
6. On the Set Up Single Sign-On section, perform the following steps:

a. Open the downloaded Metadata Xml from Azure portal in notepad, paste the content into the
Microsoft Azure Active Directory Metadata textbox.
b. Copy the Reply URL (ACS ) value and paste it into the Reply URL textbox of Basic SAML
Configuration in the Azure portal.
c. Click Save
Create Amplitude test user
In this section, a user called B.Simon is created in Amplitude. Amplitude supports just-in-time user provisioning,
Amplitude, a new one is created after authentication.
NOTE
If you need to create a user manually, contact Amplitude support team.
Test SSO
When you click the Amplitude tile in the Access Panel, you should be automatically signed in to the Amplitude for
Try Amplitude with Azure AD
Anaplan
In this tutorial, you learn how to integrate Anaplan with Azure Active Directory (Azure AD ). Integrating Anaplan
You can control in Azure AD who has access to Anaplan.
You can enable your users to be automatically signed-in to Anaplan (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Anaplan, you need the following items:
Anaplan single sign-on enabled subscription
Anaplan supports SP initiated SSO
Adding Anaplan from the gallery

To configure the integration of Anaplan into Azure AD, you need to add Anaplan from the gallery to your list of
managed SaaS apps.
To add Anaplan from the gallery, perform the following steps:
4. In the search box, type Anaplan, select Anaplan from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Anaplan based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Anaplan
To configure and test Azure AD single sign-on with Anaplan, you need to complete the following building blocks:
2. Configure Anaplan Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Anaplan test user - to have a counterpart of Britta Simon in Anaplan that is linked to the Azure AD
To configure Azure AD single sign-on with Anaplan, perform the following steps:
1. In the Azure portal, on the Anaplan application integration page, select Single sign-on.
dialog.

https://sdp.anaplan.com/frontdoor/saml/<tenant name>
https://<subdomain>.anaplan.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Anaplan Client
6. On the Set up Anaplan section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Anaplan Single Sign-On
To configure single sign-on on Anaplan side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to Anaplan support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Anaplan.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Anaplan.
2. In the applications list, select Anaplan.
Create Anaplan test user
In this section, you create a user called Britta Simon in Anaplan. Work with Anaplan support team to add the users
in the Anaplan platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Anaplan tile in the Access Panel, you should be automatically signed in to the Anaplan for
Tutorial: Integrate ANAQUA with Azure Active
Directory
In this tutorial, you'll learn how to integrate ANAQUA with Azure Active Directory (Azure AD ). When you integrate
ANAQUA with Azure AD, you can:
Control in Azure AD who has access to ANAQUA.
Enable your users to be automatically signed-in to ANAQUA with their Azure AD accounts.
Prerequisites
ANAQUA single sign-on (SSO ) enabled subscription.
In this tutorial, you configure and test Azure AD SSO in a test environment. ANAQUA supports SP and IDP
initiated SSO and supports Just In Time user provisioning.
Adding ANAQUA from the gallery

To configure the integration of ANAQUA into Azure AD, you need to add ANAQUA from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type ANAQUA in the search box.
6. Select ANAQUA from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.

Configure and test Azure AD SSO with ANAQUA using a test user called B. Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in ANAQUA.
To configure and test Azure AD SSO with ANAQUA, complete the following building blocks:
2. Configure ANAQUA to configure the SSO settings on application side.
3. Create an Azure AD test user to test Azure AD single sign-on with B. Simon.
4. Assign the Azure AD test user to enable B. Simon to use Azure AD single sign-on.
5. Create ANAQUA test user to have a counterpart of B. Simon in ANAQUA that is linked to the Azure AD
1. In the Azure portal, on the ANAQUA application integration page, find the Manage section and select
Single sign-on.
a. In the Identifier text box, type a URL using the following pattern: https://<SUBDOMAIN>.anaqua.com
https://<SUBDOMAIN>.anaqua.com/anaqua/Public/login.aspx
initiated mode:
https://<SUBDOMAIN>.anaqua.com/anaqua/Public/login.aspx
NOTE
ANAQUA Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
Federation Metadata XML and select Download to download the metadata file and save it on your
computer.
7. On the Set up ANAQUA section, copy the appropriate URL (s) based on your requirement.
Configure ANAQUA
To configure single sign-on on ANAQUA side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to ANAQUA support team. They set this setting to have the
In this section, you'll create a test user in the Azure portal called B. Simon.
a. In the Name field, enter B. Simon .
box.
d. Click Create.
In this section, you'll enable B. Simon to use Azure single sign-on by granting access to ANAQUA.
2. In the applications list, select ANAQUA.
5. In the Users and groups dialog, select B. Simon from the Users list, then click the Select button at the
Create ANAQUA test user
In this section, a user called Britta Simon is created in ANAQUA. ANAQUA supports just-in-time user
exist in ANAQUA, a new one is created after authentication.
Test SSO
When you select the ANAQUA tile in the Access Panel, you should be automatically signed in to the ANAQUA for
&frankly
In this tutorial, you learn how to integrate &frankly with Azure Active Directory (Azure AD ). Integrating &frankly
You can control in Azure AD who has access to &frankly.
You can enable your users to be automatically signed-in to &frankly (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with &frankly, you need the following items:
&frankly single sign-on enabled subscription
&frankly supports SP and IDP initiated SSO
Adding &frankly from the gallery

To configure the integration of &frankly into Azure AD, you need to add &frankly from the gallery to your list of
managed SaaS apps.
To add &frankly from the gallery, perform the following steps:
4. In the search box, type &frankly, select &frankly from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with &frankly based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in &frankly
To configure and test Azure AD single sign-on with &frankly, you need to complete the following building blocks:
2. Configure &frankly Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create &frankly test user - to have a counterpart of Britta Simon in &frankly that is linked to the Azure AD
To configure Azure AD single sign-on with &frankly, perform the following steps:
1. In the Azure portal, on the &frankly application integration page, select Single sign-on.
dialog.
https://andfrankly.com/saml/simplesaml/www/module.php/saml/sp/metadata.php/<tenant id>
https://andfrankly.com/saml/simplesaml/www/module.php/saml/sp/saml2-acs.php/<tenant id>
initiated mode:
https://andfrankly.com/saml/okta/?saml_sso=<tenant id>
NOTE
&frankly Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
7. On the Set up &frankly section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure &frankly Single Sign-On
To configure single sign-on on &frankly side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to &frankly support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to &frankly.
1. In the Azure portal, select Enterprise Applications, select All applications, then select &frankly.
2. In the applications list, select &frankly.

Create &frankly test user
In this section, you create a user called Britta Simon in &frankly. Work with &frankly support team to add the users
in the &frankly platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the &frankly tile in the Access Panel, you should be automatically signed in to the &frankly for
Andromeda
In this tutorial, you learn how to integrate Andromeda with Azure Active Directory (Azure AD ). Integrating
Andromeda with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Andromeda.
You can enable your users to be automatically signed-in to Andromeda (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Andromeda, you need the following items:
Andromeda single sign-on enabled subscription
Andromeda supports SP and IDP initiated SSO
Andromeda supports Just In Time user provisioning
Adding Andromeda from the gallery

To configure the integration of Andromeda into Azure AD, you need to add Andromeda from the gallery to your
To add Andromeda from the gallery, perform the following steps:
4. In the search box, type Andromeda, select Andromeda from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Andromeda based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in
Andromeda needs to be established.
To configure and test Azure AD single sign-on with Andromeda, you need to complete the following building
blocks:
2. Configure Andromeda Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Andromeda test user - to have a counterpart of Britta Simon in Andromeda that is linked to the Azure
To configure Azure AD single sign-on with Andromeda, perform the following steps:
1. In the Azure portal, on the Andromeda application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type a URL using the following pattern: https://<tenantURL>.ngcxpress.com/
https://<tenantURL>.ngcxpress.com/SAMLConsumer.aspx
initiated mode:
https://<tenantURL>.ngcxpress.com/SAMLLogon.aspx
NOTE
These values are not real. You will update the value with the actual Identifier, Reply URL, and Sign-On URL which is
6. Andromeda application expects the SAML assertions in a specific format. Configure the following claims for
IMPORTANT
Clear out the NameSpace definitions while setting these up.
role App specific role
type App Type
company CompanyName
NOTE
There are not real values. These values are only for demo purpose, please use your organization roles.
f. Click Ok
g. Click Save.
9. On the Set up Andromeda section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Andromeda Single Sign-On
1. Sign-on to your Andromeda company site as administrator.
2. On the top of the menubar click Admin and navigate to Administration.
3. On the left side of tool bar under Interfaces section, click SAML Configuration.
4. On the SAML Configuration section page, perform the following steps:

a. Check Enable SSO with SAML.
b. Under Andromeda Information section, copy the SP Identity value and paste it into the Identifier
textbox of Basic SAML Configuration section.
c. Copy the Consumer URL value and paste it into the Reply URL textbox of Basic SAML Configuration
section.
d. Copy the Logon URL value and paste it into the Sign-on URL textbox of Basic SAML Configuration
section.
e. Under SAML Identity Provider section, type your IDP Name.
f. In the Single Sign On End Point textbox, paste the value of Login URL which, you have copied from the
Azure portal.
g. Open the downloaded Base64 encoded certificate from Azure portal in notepad, paste it into the X 509
Certificate textbox.
h. Map the following attributes with the respective value to facilitate SSO login from Azure AD. The User ID
attribute is required for logging in. For provisioning, Email, Company, UserType, and Role are required. In
this section, we define attributes mapping (name and values) which correlate to those defined within Azure
portal
i. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Andromeda.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Andromeda.
2. In the applications list, select Andromeda.

Create Andromeda test user
In this section, a user called Britta Simon is created in Andromeda. Andromeda supports just-in-time user
exist in Andromeda, a new one is created after authentication. If you need to create a user manually, contact
Andromeda Client support team.
Test single sign-on
When you click the Andromeda tile in the Access Panel, you should be automatically signed in to the Andromeda
AnswerHub
In this tutorial, you learn how to integrate AnswerHub with Azure Active Directory (Azure AD ). Integrating
AnswerHub with Azure AD provides these benefits:
You can use Azure AD to control who has access to AnswerHub.
You can let your users automatically sign in to AnswerHub with their Azure AD accounts (single sign-on).
You can manage your accounts from a central location: the Azure portal.
To learn more about SaaS app integration with Azure AD, see Single sign-on to applications in Azure Active
Directory. If you don't have an Azure subscription, create a free account before you begin.
Prerequisites
To configure Azure AD integration with AnswerHub, you need the following:
An Azure AD subscription. If you don't have an Azure AD environment, you can begin a one-month trial.
An AnswerHub subscription that has single sign-on enabled.
AnswerHub supports SP -initiated SSO.
Add AnswerHub from the gallery

To set up the integration of AnswerHub into Azure AD, you need to add AnswerHub from the gallery to your
managed SaaS apps.
To add AnswerHub from the gallery:
1. In the Azure portal, in the left pane, select Azure Active Directory.
2. Go to Enterprise Applications, and then select All Applications.

3. To add an application, select New application at the top of the window.
4. In the search box, enter AnswerHub. Select AnswerHub in the results list, and then select Add.
Set up and test Azure AD single sign-on

In this section, you configure and test Azure AD single sign-on with AnswerHub by using a test user named Britta
Simon. For single sign-on, you need to establish a link between an Azure AD user and the corresponding user in
AnswerHub.
To configure and test Azure AD single sign-on with AnswerHub, you need to complete these tasks:
1. Configure Azure AD single sign-on to enable your users to use the feature.
2. Configure AnswerHub single sign-on to set up the single sign-on settings on the application side.
3. Create an Azure AD test user named Britta Simon.
5. Create an AnswerHub test user that corresponds to and is linked to the Azure AD test user.
6. Test single sign-on to verify that the configuration works.
In this section, you set up Azure AD single sign-on in the Azure portal.
To configure Azure AD single sign-on with AnswerHub:
1. In the Azure portal, on the AnswerHub application integration page, select Single sign-on.
2. In the Select a Single sign-on method dialog box, select SAML/WS -Fed mode to enable single sign-on.
3. On the Set up Single Sign-On with SAML page, select the edit icon to open the Basic SAML
Configuration dialog box.
4. In the Basic SAML Configuration section, complete the following steps:

a. In the Sign on URL box, enter a URL that has this pattern: https://<company>.answerhub.com
b. In the Identifier (Entity ID ) box, enter a URL that has this pattern: https://<company>.answerhub.com
NOTE
These values aren't real. Update these values with the actual sign-on URL and identifier. Contact the AnswerHub
support team to get the values. You can also refer to the patterns shown in the Basic SAML Configuration section
in the Azure portal.
5. On the Set up Single Sign-On with SAML page, in the SAML Signing Certificate section, select the
Download link next to Certificate (Base64), per your requirements, and save the certificate on your
computer.
6. In the Set up AnswerHub section, copy the appropriate URL or URLs, based on your requirements.
You can copy these URLs:

Login URL
Azure AD Identifier
Logout URL
Configure AnswerHub single sign-on
In this section, you set up single sign-on for AnswerHub.
To configure AnswerHub single sign-on:
1. In a different web browser window, sign in to your AnswerHub company site as an admin.
NOTE
If you need help configuring AnswerHub, contact the AnswerHub support team.
3. On the User and Groups tab, in the left pane, in the Social Settings section, select SAML Setup.
4. On the IDP Config tab, complete these steps:
a. In the IDP Login URL box, paste the Login URL that you copied from the Azure portal.
b. In the IDP Logout URL box, paste the Logout URL that you copied from the Azure portal.
c. In the IDP Name Identifier Format box, enter the Identifier value selected in the User Attributes
section on the Azure portal.
d. Select Keys and Certificates.
5. In the Keys and Certificates section, complete these steps:
a. Open the Base64-encoded certificate that you downloaded from the Azure portal in Notepad, copy its
contents, and then paste the contents into the IDP Public Key (x509 Format) box.
b. Select Save.
6. On the IDP Config tab, select Save again.
In this section, you create a test user named Britta Simon in the Azure portal.
To create an Azure AD test user:
3. In the user properties, complete these steps.

a. In the Name box, enter BrittaSimon.
b. In the User name box, enter brittasimon@<yourcompanydomain.extension>.
For example, BrittaSimon@contoso.com.
box.
d. Select Create.
In this section, you set up the user Britta Simon to use Azure AD single sign-on by granting the user access to
AnswerHub.
To assign the Azure AD test user:
1. In the Azure portal, select Enterprise applications, select All applications, and then select AnswerHub.
2. In the list of applications, select AnswerHub.

4. Select Add user, and then select Users and groups in the Add Assignment dialog box.
5. In the Users and groups dialog box, select Britta Simon in the Users list, and then select the Select button
at the bottom of the screen.
6. If you're expecting a role value in the SAML assertion, in the Select Role dialog box, select the appropriate
role for the user from the list.
7. Select the Select button at the bottom of the screen.
8. In the Add Assignment dialog box, select Assign.
Create an AnswerHub test user
To enable Azure AD users to sign in to AnswerHub, you need to add them in AnswerHub. In AnswerHub, this task
is done manually.
To set up a user account:
1. Sign in to your AnswerHub company site as an admin.
3. Select the Users & Groups tab.
4. In the left pane, in the Manage Users section, select Create or import users, and then select Users &
Groups.
5. In the appropriate boxes, enter the Email address, Username, and Password of a valid Azure AD account
that you want to add, and then select Save.
NOTE
You can use any other user account creation tool or API provided by AnswerHub to set up Azure AD user accounts.
Test single sign-on

In this section, you test your Azure AD single sign-on configuration by using the access panel.
When you select the AnswerHub tile in the access panel, you should be automatically signed in to the AnswerHub
for which you set up SSO. For more information about the access panel, see Introduction to the access panel.
Tutorials for integrating SaaS apps with Azure Active Directory
Tutorial: Azure Active Directory integration with Apex
Portal
In this tutorial, you learn how to integrate Apex Portal with Azure Active Directory (Azure AD ). Integrating Apex
Portal with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Apex Portal.
You can enable your users to be automatically signed-in to Apex Portal (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Apex Portal, you need the following items:
Apex Portal single sign-on enabled subscription
Apex Portal supports IDP initiated SSO
Apex Portal supports Just In Time user provisioning
Adding Apex Portal from the gallery

To configure the integration of Apex Portal into Azure AD, you need to add Apex Portal from the gallery to your list
To add Apex Portal from the gallery, perform the following steps:
4. In the search box, type Apex Portal, select Apex Portal from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Apex Portal based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Apex
Portal needs to be established.
To configure and test Azure AD single sign-on with Apex Portal, you need to complete the following building
blocks:
2. Configure Apex Portal Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Apex Portal test user - to have a counterpart of Britta Simon in Apex Portal that is linked to the Azure
To configure Azure AD single sign-on with Apex Portal, perform the following steps:
1. In the Azure portal, on the Apex Portal application integration page, select Single sign-on.
dialog.
https://<customer name>.apexportal.net/saml/sso.aspx
https://<customer name>.apexportal.net/saml/sso.aspx
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact Apex Portal Client
5. Apex Portal application expects the SAML assertions in a specific format. Configure the following claims for
FIRSTNAME user.givenname
LASTNAME user.surname
MAIL user.mail
f. Click Ok
g. Click Save.
8. On the Set up Apex Portal section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Apex Portal Single Sign-On
To configure single sign-on on Apex Portal side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to Apex Portal support team. They set this setting to have the

b. In the User name field type brittasimon\@yourcompanydomain.extension . For example,
BrittaSimon@contoso.com.
d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Apex Portal.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Apex Portal.
2. In the applications list, select Apex Portal.

Create Apex Portal test user
In this section, a user called Britta Simon is created in Apex Portal. Apex Portal supports just-in-time user
exist in Apex Portal, a new one is created after authentication.
NOTE
If you need to create a user manually, you need to contact the Apex Portal support team.
Test single sign-on
When you click the Apex Portal tile in the Access Panel, you should be automatically signed in to the Apex Portal
AppBlade
In this tutorial, you learn how to integrate AppBlade with Azure Active Directory (Azure AD ). Integrating AppBlade
You can control in Azure AD who has access to AppBlade.
You can enable your users to be automatically signed-in to AppBlade (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with AppBlade, you need the following items:
AppBlade single sign-on enabled subscription
AppBlade supports SP initiated SSO
AppBlade supports Just In Time user provisioning
Adding AppBlade from the gallery

To configure the integration of AppBlade into Azure AD, you need to add AppBlade from the gallery to your list of
managed SaaS apps.
To add AppBlade from the gallery, perform the following steps:
4. In the search box, type AppBlade, select AppBlade from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with AppBlade based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in AppBlade
To configure and test Azure AD single sign-on with AppBlade, you need to complete the following building blocks:
2. Configure AppBlade Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create AppBlade test user - to have a counterpart of Britta Simon in AppBlade that is linked to the Azure AD
To configure Azure AD single sign-on with AppBlade, perform the following steps:
1. In the Azure portal, on the AppBlade application integration page, select Single sign-on.
dialog.

https://<companyname>.appblade.com/saml/<tenantid>
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact AppBlade Client support team to get
6. On the Set up AppBlade section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure AppBlade Single Sign-On
To configure single sign-on on AppBlade side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to AppBlade support team. Also, please ask them to configure the
SSO Issuer URL as https://appblade.com/saml . This setting is required for single sign-on to work.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to AppBlade.
1. In the Azure portal, select Enterprise Applications, select All applications, then select AppBlade.
2. In the applications list, select AppBlade.
Create AppBlade test user
The objective of this section is to create a user called Britta Simon in AppBlade. AppBlade supports just-in-time
provisioning, which is by default enabled. Make sure that your domain name is configured with AppBlade
for user provisioning. After that only the just-in-time user provisioning works.
If the user has an email address ending with the domain configured by AppBlade for your account, then the user
will automatically join the account as a member with the permission level you specify, which is one of "Basic" (a
basic user who can only install applications), "Team Member" (a user who can upload new app versions and
manage projects), or "Administrator" (full admin privileges to the account). Normally one would choose Basic and
then promote users manually via an Admin login (AppBlade needs to configure either an email-based admin login
in advance or promote a user on behalf of the customer after login).
There is no action item for you in this section. A new user is created during an attempt to access AppBlade if it
doesn't exist yet.
NOTE
If you need to create a user manually, you need to contact the AppBlade support team.
Test single sign-on

When you click the AppBlade tile in the Access Panel, you should be automatically signed in to the AppBlade for
AppDynamics
In this tutorial, you learn how to integrate AppDynamics with Azure Active Directory (Azure AD ). Integrating
AppDynamics with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to AppDynamics.
You can enable your users to be automatically signed-in to AppDynamics (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with AppDynamics, you need the following items:
AppDynamics single sign-on enabled subscription
AppDynamics supports SP initiated SSO
AppDynamics supports Just In Time user provisioning
Adding AppDynamics from the gallery

To configure the integration of AppDynamics into Azure AD, you need to add AppDynamics from the gallery to
To add AppDynamics from the gallery, perform the following steps:
4. In the search box, type AppDynamics, select AppDynamics from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with AppDynamics based on a test user called
AppDynamics needs to be established.
To configure and test Azure AD single sign-on with AppDynamics, you need to complete the following building
blocks:
2. Configure AppDynamics Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create AppDynamics test user - to have a counterpart of Britta Simon in AppDynamics that is linked to the
To configure Azure AD single sign-on with AppDynamics, perform the following steps:
1. In the Azure portal, on the AppDynamics application integration page, select Single sign-on.
dialog.

https://<companyname>.saas.appdynamics.com?accountName=<companyname>
https://<companyname>.saas.appdynamics.com/controller
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact AppDynamics
6. On the Set up AppDynamics section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure AppDynamics Single Sign-On
1. In a different web browser window, log in to your AppDynamics company site as an administrator.
2. In the toolbar on the top, click Settings, and then click Administration.
3. Click the Authentication Provider tab.
4. In the Authentication Provider section, perform the following steps:
a. As Authentication Provider, select SAML.

b. In the Login URL textbox, paste the value of Login URL which you have copied from Azure portal.
c. In the Logout URL textbox, paste the value of Logout URL which you have copied from Azure portal.
d. Open your base-64 encoded certificate in notepad, copy the content of it into your clipboard, and then
paste it to the Certificate textbox
e. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to AppDynamics.
1. In the Azure portal, select Enterprise Applications, select All applications, then select AppDynamics.
2. In the applications list, type and select AppDynamics.
Create AppDynamics test user
The objective of this section is to create a user called Britta Simon in AppDynamics. AppDynamics supports just-in-
time provisioning, which is by default enabled. There is no action item for you in this section. A new user is created
during an attempt to access AppDynamics if it doesn't exist yet.
NOTE
If you need to create a user manually, contact AppDynamics Client support team.
Test single sign-on

When you click the AppDynamics tile in the Access Panel, you should be automatically signed in to the
AppDynamics for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Appinux
In this tutorial, you learn how to integrate Appinux with Azure Active Directory (Azure AD ). Integrating Appinux
You can control in Azure AD who has access to Appinux.
You can enable your users to be automatically signed-in to Appinux (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Appinux, you need the following items:
Appinux single sign-on enabled subscription
Appinux supports SP initiated SSO
Appinux supports Just In Time user provisioning
Adding Appinux from the gallery

To configure the integration of Appinux into Azure AD, you need to add Appinux from the gallery to your list of
managed SaaS apps.
To add Appinux from the gallery, perform the following steps:
4. In the search box, type Appinux, select Appinux from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Appinux based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Appinux
To configure and test Azure AD single sign-on with Appinux, you need to complete the following building blocks:
2. Configure Appinux Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Appinux test user - to have a counterpart of Britta Simon in Appinux that is linked to the Azure AD
To configure Azure AD single sign-on with Appinux, perform the following steps:
1. In the Azure portal, on the Appinux application integration page, select Single sign-on.
dialog.

https://<Appinux_SUBDOMAIN>.appinux.com
https://<Appinux_SUBDOMAIN>.appinux.com/simplesaml/module.php/saml/sp/metadata.php/default-sp
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Appinux Client
5. Appinux application expects the SAML assertions in a specific format. Configure the following claims for
NAME NAMESPACE SOURCE ATTRIBUTE
givenname http://schemas.xmlsoap.org/ws/2005/05/identity/claims
user.givenname
surname http://schemas.xmlsoap.org/ws/2005/05/identity/claims
user.surname
emailaddress http://schemas.xmlsoap.org/ws/2005/05/identity/claims
user.mail
name http://schemas.xmlsoap.org/ws/2005/05/identity/claims
user.userprincipalname
UserType http://bcv.appinux.com/claims Provide the value as per your

organization
Tag http://appinux.com/Tag Provide the value as per your

organization
Role http://schemas.microsoft.com/ws/2008/06/identity/claims/role
user.assignedroles
email http://schemas.xmlsoap.org/ws/2005/05/identity/claims/email
user.mail
wanshort http://appinux.com/windowsaccountname2
e xtractmailprefix([userprincipalname])
nameidentifier http://schemas.xmlsoap.org/ws/2005/05/identity/claims
user.employeeid
c. In the Namespace textbox, type the namespace value shown for that row.
f. Click Ok
g. Click Save.
8. On the Set up Appinux section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Appinux Single Sign-On
To configure single sign-on on Appinux side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to Appinux support team. They set this setting to have the SAML SSO


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Appinux.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Appinux.
2. In the applications list, select Appinux.

Create Appinux test user
In this section, a user called Britta Simon is created in Appinux. Appinux supports just-in-time user provisioning,
which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Appinux,
a new one is created after authentication.
NOTE
If you need to create a user manually, contact Appinux support team.
Test single sign-on
When you click the Appinux tile in the Access Panel, you should be automatically signed in to the Appinux for
AppNeta Performance Monitor
In this tutorial, you learn how to integrate AppNeta Performance Monitor with Azure Active Directory (Azure AD ).
Integrating AppNeta Performance Monitor with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to AppNeta Performance Monitor.
You can enable your users to be automatically signed-in to AppNeta Performance Monitor (Single Sign-On)
you begin.
Prerequisites
To configure Azure AD integration with AppNeta Performance Monitor, you need the following items:
AppNeta Performance Monitor single sign-on enabled subscription
AppNeta Performance Monitor supports SP initiated SSO
AppNeta Performance Monitor supports Just In Time user provisioning
Adding AppNeta Performance Monitor from the gallery

To configure the integration of AppNeta Performance Monitor into Azure AD, you need to add AppNeta
Performance Monitor from the gallery to your list of managed SaaS apps.
To add AppNeta Performance Monitor from the gallery, perform the following steps:
4. In the search box, type AppNeta Performance Monitor, select AppNeta Performance Monitor from
result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with AppNeta Performance Monitor based on a test
user called Britta Simon. For single sign-on to work, a link relationship between an Azure AD user and the related
user in AppNeta Performance Monitor needs to be established.
To configure and test Azure AD single sign-on with AppNeta Performance Monitor, you need to complete the
2. Configure AppNeta Performance Monitor Single Sign-On - to configure the Single Sign-On settings on
application side.
5. Create AppNeta Performance Monitor test user - to have a counterpart of Britta Simon in AppNeta
Performance Monitor that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with AppNeta Performance Monitor, perform the following steps:
1. In the Azure portal, on the AppNeta Performance Monitor application integration page, select Single
sign-on.
dialog.

a. In the Sign on URL text box, type a URL using the following pattern: https://<subdomain>.pm.appneta.com
b. In the Identifier (Entity ID ) text box, type the value: PingConnect
NOTE
The Sign-on URL value is not real. Update this value with the actual Sign-On URL. Contact AppNeta Performance
Monitor Client support team to get this value. You can also refer to the patterns shown in the Basic SAML
5. AppNeta Performance Monitor application expects the SAML assertions in a specific format. Configure the
Attributes section on application integration page. On the Set up Single Sign-On with SAML page, click
Edit button to open User Attributes dialog.
firstName user.givenname
lastName user.surname
email user.userprincipalname
name user.userprincipalname
groups user.assignedroles
phone user.telephonenumber
title user.jobtitle
NOTE
groups refers to the security group in Appneta which is mapped to a Role in Azure AD. Please refer to this doc which
explains how to create custom roles in Azure AD.
f. Click Ok
g. Click Save.
8. On the Set up AppNeta Performance Monitor section, copy the appropriate URL (s) as per your
requirement.
a. Login URL
c. Logout URL
Configure AppNeta Performance Monitor Single Sign-On
To configure single sign-on on AppNeta Performance Monitor side, you need to send the downloaded
Federation Metadata XML and appropriate copied URLs from Azure portal to AppNeta Performance Monitor


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to AppNeta Performance
Monitor.
1. In the Azure portal, select Enterprise Applications, select All applications, then select AppNeta
Performance Monitor.
2. In the applications list, select AppNeta Performance Monitor.

Create AppNeta Performance Monitor test user
In this section, a user called Britta Simon is created in AppNeta Performance Monitor. AppNeta Performance
Monitor supports just-in-time user provisioning, which is enabled by default. There is no action item for you in this
section. If a user doesn't already exist in AppNeta Performance Monitor, a new one is created after authentication.
NOTE
If you need to create a user manually, contact AppNeta Performance Monitor support team.
Test single sign-on
When you click the AppNeta Performance Monitor tile in the Access Panel, you should be automatically signed in
to the AppNeta Performance Monitor for which you set up SSO. For more information about the Access Panel, see
Tutorial: Integrate Appraisd with Azure Active
Directory
In this tutorial, you'll learn how to integrate Appraisd with Azure Active Directory (Azure AD ). When you integrate
Appraisd with Azure AD, you can:
Control in Azure AD who has access to Appraisd.
Enable your users to be automatically signed-in to Appraisd with their Azure AD accounts.
Prerequisites
Appraisd single sign-on (SSO ) enabled subscription.
In this tutorial, you configure and test Azure AD SSO in a test environment. Appraisd supports SP and IDP
initiated SSO.
Adding Appraisd from the gallery

To configure the integration of Appraisd into Azure AD, you need to add Appraisd from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Appraisd in the search box.
6. Select Appraisd from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.

Configure and test Azure AD SSO with Appraisd using a test user called B. Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Appraisd.
To configure and test Azure AD SSO with Appraisd, complete the following building blocks:
2. Configure Appraisd to configure the SSO settings on application side.
5. Create Appraisd test user to have a counterpart of B. Simon in Appraisd that is linked to the Azure AD
1. In the Azure portal, on the Appraisd application integration page, find the Manage section and select
Single sign-on.
4. On the Basic SAML Configuration section, the application is pre-configured and the necessary URLs are
already pre-populated with Azure. The user needs to save the configuration by clicking the Save button and
a. Click Set additional URLs.
b. In the Relay State text box, type a URL: <TENANTCODE>
c. If you wish to configure the application in SP initiated mode, in the Sign-on URL text box, type a URL
using the following pattern: https://app.appraisd.com/saml/<TENANTCODE>
NOTE
You get the actual Sign-on URL and Relay State value on the Appraisd SSO Configuration page which is explained
later in the tutorial.
5. Appraisd application expects the SAML assertions in a specific format, which requires you to add custom
default attributes, where as nameidentifier is mapped with user.userprincipalname. Appraisd application
expects nameidentifier to be mapped with user.mail, so you need to edit the attribute mapping by clicking
on Edit icon and change the attribute mapping.
7. On the Set up Appraisd section, copy the appropriate URL (s) based on your requirement.
Configure Appraisd
1. To automate the configuration within Appraisd, you need to install My Apps Secure Sign-in browser
2. After adding extension to the browser, click on Setup Appraisd will direct you to the Appraisd application.
From there, provide the admin credentials to sign into Appraisd. The browser extension will automatically
3. If you want to setup Appraisd manually, open a new web browser window and sign into your Appraisd
4. On the top right of the page, click on Settings icon, then navigate to Configuration.
5. From the Left side of menu, click on SAML single sign-on.
6. On the SAML 2.0 Single Sign-On configuration page, perform the following steps:
a. Copy the Default Relay State value and paste it in Relay State textbox in Basic SAML Configuration
on Azure portal.
b. Copy the Service-initiated login URL value and paste it in Sign-on URL textbox in Basic SAML
Configuration on Azure portal.
7. Scroll down the same page under Identifying users, perform the following steps:
a. In the Identity Provider Single Sign-On URL textbox, paste the value of Login URL, which you have
copied from the Azure portal and click Save.
b. In the Identity Provider Issuer URL textbox, paste the value of Azure AD Identifier, which you have
copied from the Azure portal and click Save.
c. In Notepad, open the base-64 encoded certificate that you downloaded from the Azure portal, copy its
content, and then paste it into the X.509 Certificate box and click Save.
B. Simon@contoso.com .
box.
d. Click Create.
In this section, you'll enable B. Simon to use Azure single sign-on by granting access to Appraisd.
2. In the applications list, select Appraisd.
Create Appraisd test user
To enable Azure AD users sign in to Appraisd, they must be provisioned into Appraisd. In Appraisd, provisioning is
a manual task.
1. Sign in to Appraisd as a Security Administrator.
2. On the top right of the page, click on Settings icon, then navigate to Administration centre.
3. In the toolbar at the top of the page, click People, then navigate to Add a new user.
4. On the Add a new user page, perform the following steps:
a. In First name text box, enter the first name of user like Britta.
b. In Last name text box, enter the last name of user like simon.
c. In Email text box, enter the email of user like B. Simon@contoso.com .
d. Click Add user.
Test SSO
When you select the Appraisd tile in the Access Panel, you should be automatically signed in to the Appraisd for
integration with Apptio
In this tutorial, you'll learn how to integrate Apptio with Azure Active Directory (Azure AD ). When you integrate
Apptio with Azure AD, you can:
Control in Azure AD who has access to Apptio.
Enable your users to be automatically signed-in to Apptio with their Azure AD accounts.
Prerequisites
Apptio single sign-on (SSO ) enabled subscription.
Apptio supports IDP initiated SSO
NOTE
Adding Apptio from the gallery

To configure the integration of Apptio into Azure AD, you need to add Apptio from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Apptio in the search box.
6. Select Apptio from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Apptio

Configure and test Azure AD SSO with Apptio using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Apptio.
To configure and test Azure AD SSO with Apptio, complete the following building blocks:
2. Configure Apptio SSO - to configure the single sign-on settings on application side.
a. Create Apptio test user - to have a counterpart of B.Simon in Apptio that is linked to the Azure AD

1. In the Azure portal, on the Apptio application integration page, find the Manage section and select single
sign-on.
edit the settings.
In the Identifier text box, type a URL: urn:federation:apptio
5. The role claim is pre-configured so you don't have to configure it but you still need to create them in Azure
AD using this article.
computer.
7. On the Set up Apptio section, copy the appropriate URL (s) based on your requirement.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Apptio.
2. In the applications list, select Apptio.
Configure Apptio SSO

To configure single sign-on on Apptio side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to Apptio support team. They set this setting to have the SAML SSO
Create Apptio test user
In this section, you create a user called B.Simon in Apptio. Work with Apptio support team to add the users in the
Apptio platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the Apptio tile in the Access Panel, you should be automatically signed in to the Apptio for which
Try Apptio with Azure AD
Aravo
In this tutorial, you learn how to integrate Aravo with Azure Active Directory (Azure AD ). Integrating Aravo with
You can control in Azure AD who has access to Aravo.
You can enable your users to be automatically signed-in to Aravo (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Aravo, you need the following items:
Aravo single sign-on enabled subscription
Aravo supports IDP initiated SSO
Adding Aravo from the gallery

To configure the integration of Aravo into Azure AD, you need to add Aravo from the gallery to your list of
managed SaaS apps.
To add Aravo from the gallery, perform the following steps:
4. In the search box, type Aravo, select Aravo from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Aravo based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Aravo
To configure and test Azure AD single sign-on with Aravo, you need to complete the following building blocks:
2. Configure Aravo Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Aravo test user - to have a counterpart of Britta Simon in Aravo that is linked to the Azure AD
To configure Azure AD single sign-on with Aravo, perform the following steps:
1. In the Azure portal, on the Aravo application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type a URL using the following pattern: https://<companyname>.aravo.com
https://<companyname>.aravo.com/aems/login.do
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact Aravo Client support
Azure portal.
6. On the Set up Aravo section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Aravo Single Sign-On
To configure single sign-on on Aravo side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to Aravo support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Aravo.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Aravo.
2. In the applications list, select Aravo.
Create Aravo test user
In this section, you create a user called Britta Simon in Aravo. Work with Aravo support team to add the users in
the Aravo platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Aravo tile in the Access Panel, you should be automatically signed in to the Aravo for which you
integration with ARC Facilities
In this tutorial, you'll learn how to integrate ARC Facilities with Azure Active Directory (Azure AD ). When you
integrate ARC Facilities with Azure AD, you can:
Control in Azure AD who has access to ARC Facilities.
Enable your users to be automatically signed-in to ARC Facilities with their Azure AD accounts.
Prerequisites
ARC Facilities single sign-on (SSO ) enabled subscription.
ARC Facilities supports IDP initiated SSO
ARC Facilities supports Just In Time user provisioning
NOTE
Adding ARC Facilities from the gallery

To configure the integration of ARC Facilities into Azure AD, you need to add ARC Facilities from the gallery to
5. In the Add from the gallery section, type ARC Facilities in the search box.
6. Select ARC Facilities from results panel and then add the app. Wait a few seconds while the app is added to
your tenant.
Configure and test Azure AD single sign-on for ARC Facilities

Configure and test Azure AD SSO with ARC Facilities using a test user called B.Simon. For SSO to work, you
need to establish a link relationship between an Azure AD user and the related user in ARC Facilities.
To configure and test Azure AD SSO with ARC Facilities, complete the following building blocks:
2. Configure ARC Facilities SSO - to configure the single sign-on settings on application side.
a. Create ARC Facilities test user - to have a counterpart of B.Simon in ARC Facilities that is linked to the

1. In the Azure portal, on the ARC Facilities application integration page, find the Manage section and select
single sign-on.
edit the settings.
already pre-populated with Azure. The user needs to save the configuration by clicking the Save button.
5. ARC Facilities application expects the SAML assertions in a specific format, which requires you to add
the list of default attributes. Click Edit icon to open User Attributes dialog.
6. In addition to above, ARC Facilities application expects few more attributes to be passed back in SAML
response. In the User Attributes & Claims section on the Group Claims (Preview) dialog, perform the
following steps:
c. Select Source Attribute of Group ID.
d. Click Save.
8. On the Set up ARC Facilities section, copy the appropriate URL (s) based on your requirement.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to ARC Facilities.
2. In the applications list, select ARC Facilities.
Configure ARC Facilities SSO

To configure single sign-on on ARC Facilities side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to ARC Facilities support team. They set this setting to have the SAML
Create ARC Facilities test user
In this section, a user called Britta Simon is created in ARC Facilities. ARC Facilities supports just-in-time user
exist in ARC Facilities, a new one is created after authentication.
Test SSO
When you click the ARC Facilities tile in the Access Panel, you should be automatically signed in to the ARC
Facilities for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Try ARC Facilities with Azure AD
Tutorial: Azure Active Directory integration with Arc
Publishing - SSO
In this tutorial, you learn how to integrate Arc Publishing - SSO with Azure Active Directory (Azure AD ).
Integrating Arc Publishing - SSO with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Arc Publishing - SSO.
You can enable your users to be automatically signed-in to Arc Publishing - SSO (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Arc Publishing - SSO, you need the following items:
Arc Publishing - SSO single sign-on enabled subscription
Arc Publishing - SSO supports SP and IDP initiated SSO
Arc Publishing - SSO supports Just In Time user provisioning
Adding Arc Publishing - SSO from the gallery

To configure the integration of Arc Publishing - SSO into Azure AD, you need to add Arc Publishing - SSO from
To add Arc Publishing - SSO from the gallery, perform the following steps:
4. In the search box, type Arc Publishing - SSO, select Arc Publishing - SSO from result panel then click
Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Arc Publishing - SSO based on a test user
in Arc Publishing - SSO needs to be established.
To configure and test Azure AD single sign-on with Arc Publishing - SSO, you need to complete the following
building blocks:
2. Configure Arc Publishing - SSO Single Sign-On - to configure the Single Sign-On settings on application
side.
5. Create Arc Publishing - SSO test user - to have a counterpart of Britta Simon in Arc Publishing - SSO that is
linked to the Azure AD representation of user.
To configure Azure AD single sign-on with Arc Publishing - SSO, perform the following steps:
1. In the Azure portal, on the Arc Publishing - SSO application integration page, select Single sign-on.
dialog.
https://www.okta.com/saml2/service-provider/<Unique ID>
https://arcpublishing-<Customer>.okta.com/sso/saml2/<Unique ID>
initiated mode:
https://arcpublishing-<Customer>.okta.com/sso/saml2/<Unique ID>
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact Arc
Publishing - SSO Client support team to get these values. You can also refer to the patterns shown in the Basic
SAML Configuration section in the Azure portal.
6. Arc Publishing - SSO application expects the SAML assertions in a specific format. Configure the following
claims for this application. You can manage the values of these attributes from the User Attributes section
on application integration page. On the Set up Single Sign-On with SAML page, click Edit button to
open User Attributes dialog.
email user.mail
groups user.assignedroles
f. Click Ok
g. Click Save.
NOTE
Here the groups attribute is mapped with user.assignedroles. These are custom roles created in Azure AD to map
the group names back in application. You can find more guidance here on how to create custom roles in Azure AD.
9. On the Set up Arc Publishing - SSO section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Arc Publishing - SSO Single Sign-On
To configure single sign-on on Arc Publishing - SSO side, you need to send the downloaded Certificate
(Base64) and appropriate copied URLs from Azure portal to Arc Publishing - SSO support team. They set this
setting to have the SAML SSO connection set properly on both sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Arc Publishing - SSO.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Arc Publishing -
SSO.
2. In the applications list, select Arc Publishing - SSO.

Create Arc Publishing - SSO test user
In this section, a user called Britta Simon is created in Arc Publishing - SSO. Arc Publishing - SSO supports just-in-
already exist in Arc Publishing - SSO, a new one is created after authentication.
NOTE
If you need to create a user manually, contact Arc Publishing - SSO support team.
Test single sign-on
When you click the Arc Publishing - SSO tile in the Access Panel, you should be automatically signed in to the Arc
Publishing - SSO for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
ArcGIS Enterprise
In this tutorial, you learn how to integrate ArcGIS Enterprise with Azure Active Directory (Azure AD ). Integrating
ArcGIS Enterprise with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to ArcGIS Enterprise.
You can enable your users to be automatically signed-in to ArcGIS Enterprise (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with ArcGIS Enterprise, you need the following items:
ArcGIS Enterprise single sign-on enabled subscription
ArcGIS Enterprise supports SP and IDP initiated SSO
ArcGIS Enterprise supports Just In Time user provisioning
Adding ArcGIS Enterprise from the gallery

To configure the integration of ArcGIS Enterprise into Azure AD, you need to add ArcGIS Enterprise from the
To add ArcGIS Enterprise from the gallery, perform the following steps:
4. In the search box, type ArcGIS Enterprise, select ArcGIS Enterprise from result panel then click Add

building blocks:
2. Configure ArcGIS Enterprise Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create ArcGIS Enterprise test user - to have a counterpart of Britta Simon in ArcGIS Enterprise that is linked
1. In the Azure portal, on the ArcGIS Enterprise application integration page, select Single sign-on.
dialog.
4. On the Basic SAML Configuration section, perform the following steps, if you wish to configure the
application in IDP Initiated mode:
a. In the Identifier text box, type a URL using the following pattern: <EXTERNAL_DNS_NAME>.portal
https://<EXTERNAL_DNS_NAME>/portal/sharing/rest/oauth2/saml/signin2
c. Click Set additional URLs and perform the following step if you wish to configure the application in SP
initiated mode:
https://<EXTERNAL_DNS_NAME>/portal/sharing/rest/oauth2/saml/signin
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact ArcGIS
Enterprise Client support team to get these values. You will get the Identifier value from Set Identity Provider
section, which is explained later in this tutorial.
Configure ArcGIS Enterprise Single Sign-On

1. In a different web browser window, log in to your ArcGIS Enterprise company site as an administrator.
2. Select Organization >EDIT SETTINGS.
3. Select Security tab.
4. Scroll down to the Enterprise Logins via SAML section and select SET ENTERPRISE LOGIN.
5. On the Set Identity Provider section, perform the following steps:

a. Please provide a name like Azure Active Directory Test in the Name textbox.
b. In the URL textbox, paste the App Federation Metadata Url value which you have copied from the
Azure portal.
c. Click Show advanced settings and copy the Entity ID value and paste it into the Identifier textbox in
the ArcGIS Enterprise Domain and URLs section in Azure portal.
d. Click UPDATE IDENTITY PROVIDER.


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to ArcGIS Enterprise.
1. In the Azure portal, select Enterprise Applications, select All applications, then select ArcGIS
Enterprise.
2. In the applications list, type and select ArcGIS Enterprise.
Create ArcGIS Enterprise test user
In this section, a user called Britta Simon is created in ArcGIS Enterprise. ArcGIS Enterprise supports just-in-time
already exist in ArcGIS Enterprise, a new one is created after authentication.
NOTE
If you need to create a user manually, contact ArcGIS Enterprise support team.
Test single sign-on

When you click the ArcGIS Enterprise tile in the Access Panel, you should be automatically signed in to the ArcGIS
Enterprise for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
ArcGIS Online
In this tutorial, you learn how to integrate ArcGIS Online with Azure Active Directory (Azure AD ). Integrating
ArcGIS Online with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to ArcGIS Online.
You can enable your users to be automatically signed-in to ArcGIS Online (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with ArcGIS Online, you need the following items:
ArcGIS Online single sign-on enabled subscription
ArcGIS Online supports SP initiated SSO
Adding ArcGIS Online from the gallery

To configure the integration of ArcGIS Online into Azure AD, you need to add ArcGIS Online from the gallery to
To add ArcGIS Online from the gallery, perform the following steps:
4. In the search box, type ArcGIS Online, select ArcGIS Online from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with ArcGIS Online based on a test user called
ArcGIS Online needs to be established.
To configure and test Azure AD single sign-on with ArcGIS Online, you need to complete the following building
blocks:
2. Configure ArcGIS Online Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create ArcGIS Online test user - to have a counterpart of Britta Simon in ArcGIS Online that is linked to the
To configure Azure AD single sign-on with ArcGIS Online, perform the following steps:
1. In the Azure portal, on the ArcGIS Online application integration page, select Single sign-on.
dialog.

https://<companyname>.maps.arcgis.com
<companyname>.maps.arcgis.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact ArcGIS Online
6. To automate the configuration within ArcGIS Online, you need to install My Apps Secure Sign-in
browser extension by clicking Install the extension.
7. After adding extension to the browser, click on setup ArcGIS Online will direct you to the ArcGIS Online
application. From there, provide the admin credentials to sign into ArcGIS Online. The browser extension
will automatically configure the application for you and automate steps in section Configure ArcGIS
Online Single Sign-On.
Configure ArcGIS Online Single Sign-On
1. If you want to setup ArcGIS Online manually, open a new web browser window and log into your ArcGIS
2. Click EDIT SETTINGS.
3. Click Security.
4. Under Enterprise Logins, click SET IDENTITY PROVIDER.
5. On the Set Identity Provider configuration page, perform the following steps:
a. In the Name textbox, type your organization’s name.
b. For Metadata for the Enterprise Identity Provider will be supplied using, select A File.
c. To upload your downloaded metadata file, click Choose file.
d. Click SET IDENTITY PROVIDER.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to ArcGIS Online.
1. In the Azure portal, select Enterprise Applications, select All applications, then select ArcGIS Online.
2. In the applications list, type and select ArcGIS Online.

Create ArcGIS Online test user
In order to enable Azure AD users to log into ArcGIS Online, they must be provisioned into ArcGIS Online.
In the case of ArcGIS Online, provisioning is a manual task.
1. Log in to your ArcGIS tenant.
2. Click INVITE MEMBERS.
3. Select Add members automatically without sending an email, and then click NEXT.
4. On the Members dialog page, perform the following steps:
a. Enter the Email, First Name, and Last Name of a valid Azure AD account you want to provision.
b. Click ADD AND REVIEW.
5. Review the data you have entered, and then click ADD MEMBERS.
NOTE
The Azure Active Directory account holder will receive an email and follow a link to confirm their account before it
becomes active.
Test single sign-on

When you click the ArcGIS Online tile in the Access Panel, you should be automatically signed in to the ArcGIS
Online for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Tutorial: Azure Active Directory integration with ARES
for Enterprise
In this tutorial, you learn how to integrate ARES for Enterprise with Azure Active Directory (Azure AD ). Integrating
ARES for Enterprise with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to ARES for Enterprise.
You can enable your users to be automatically signed-in to ARES for Enterprise (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with ARES for Enterprise, you need the following items:
ARES for Enterprise single sign-on enabled subscription
ARES for Enterprise supports SP initiated SSO
ARES for Enterprise supports Just In Time user provisioning
Adding ARES for Enterprise from the gallery

To configure the integration of ARES for Enterprise into Azure AD, you need to add ARES for Enterprise from the
To add ARES for Enterprise from the gallery, perform the following steps:
4. In the search box, type ARES for Enterprise, select ARES for Enterprise from result panel then click Add

In this section, you configure and test Azure AD single sign-on with ARES for Enterprise based on a test user called
ARES for Enterprise needs to be established.
To configure and test Azure AD single sign-on with ARES for Enterprise, you need to complete the following
building blocks:
2. Configure ARES for Enterprise Single Sign-On - to configure the Single Sign-On settings on application
side.
5. Create ARES for Enterprise test user - to have a counterpart of Britta Simon in ARES for Enterprise that is
To configure Azure AD single sign-on with ARES for Enterprise, perform the following steps:
1. In the Azure portal, on the ARES for Enterprise application integration page, select Single sign-on.
dialog.
4. On the Basic SAML Configuration section, perform the following step:

In the Sign on URL text box, type a URL: https://login.graebert.com
Configure ARES for Enterprise Single Sign-On

To configure single sign-on on ARES for Enterprise side, you need to send the App Federation Metadata Url to
ARES for Enterprise support team. They set this setting to have the SAML SSO connection set properly on both
sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to ARES for Enterprise.
1. In the Azure portal, select Enterprise Applications, select All applications, then select ARES for
Enterprise.
2. In the applications list, select ARES for Enterprise.

Create ARES for Enterprise test user
In this section, a user called Britta Simon is created in ARES for Enterprise. ARES for Enterprise supports just-in-
time provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't
already exist in ARES for Enterprise, a new one is created when you attempt to access ARES for Enterprise.
Test single sign-on
When you click the ARES for Enterprise tile in the Access Panel, you should be automatically signed in to the ARES
for Enterprise for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Tutorial: Azure Active Directory integration with Ariba
In this tutorial, you learn how to integrate Ariba with Azure Active Directory (Azure AD ). Integrating Ariba with
You can control in Azure AD who has access to Ariba.
You can enable your users to be automatically signed-in to Ariba (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Ariba, you need the following items:
Ariba single sign-on enabled subscription
Ariba supports SP initiated SSO
Adding Ariba from the gallery

To configure the integration of Ariba into Azure AD, you need to add Ariba from the gallery to your list of managed
SaaS apps.
To add Ariba from the gallery, perform the following steps:
4. In the search box, type Ariba, select Ariba from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Ariba based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Ariba
To configure and test Azure AD single sign-on with Ariba, you need to complete the following building blocks:
2. Configure Ariba Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Ariba test user - to have a counterpart of Britta Simon in Ariba that is linked to the Azure AD
To configure Azure AD single sign-on with Ariba, perform the following steps:
1. In the Azure portal, on the Ariba application integration page, select Single sign-on.
dialog.

https://<subdomain>.sourcing.ariba.com
https://<subdomain>.supplier.ariba.com
http://<subdomain>.procurement-2.ariba.com
NOTE
These values are not real. Update these values with the actual Sign-On URL and Identifier. Here we suggest you to
use the unique value of string in the Identifier. Contact Ariba Client support team at 1-866-218-2155 to get these
values.. You can also refer to the patterns shown in the Basic SAML Configuration section in the Azure portal.
Configure Ariba Single Sign-On

To get SSO configured for your application, call Ariba support team on 1-866-218-2155 and they'll assist you
further on how to provide them the downloaded Certificate (Base64) file.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Ariba.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Ariba.
2. In the applications list, type and select Ariba.
Create Ariba test user
In this section, you create a user called Britta Simon in Ariba. Work with Ariba support team at 1-866-218-2155 to
add the users in the Ariba platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Ariba tile in the Access Panel, you should be automatically signed in to the Ariba for which you
Asana
In this tutorial, you learn how to integrate Asana with Azure Active Directory (Azure AD ). Integrating Asana with
You can control in Azure AD who has access to Asana.
You can enable your users to be automatically signed-in to Asana (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Asana, you need the following items:
Asana single sign-on enabled subscription
Asana supports SP initiated SSO
Asana supports Automated user provisioning
Adding Asana from the gallery

To configure the integration of Asana into Azure AD, you need to add Asana from the gallery to your list of
managed SaaS apps.
To add Asana from the gallery, perform the following steps:
4. In the search box, type Asana, select Asana from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Asana based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Asana
To configure and test Azure AD single sign-on with Asana, you need to complete the following building blocks:
2. Configure Asana Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Asana test user - to have a counterpart of Britta Simon in Asana that is linked to the Azure AD
To configure Azure AD single sign-on with Asana, perform the following steps:
1. In the Azure portal, on the Asana application integration page, select Single sign-on.
dialog.

a. In the Sign on URL text box, type URL: https://app.asana.com/
b. In the Identifier (Entity ID ) text box, type URL: https://app.asana.com/
Download to download the Certificate (Base64) from the given options as per your requirement and
save it on your computer.
6. On the Set up Asana section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Asana Single Sign-On
1. In a different browser window, sign-on to your Asana application. To configure SSO in Asana, access the
workspace settings by clicking the workspace name on the top right corner of the screen. Then, click on
<your workspace name> Settings.
2. On the Organization settings window, click Administration. Then, click Members must log in via
SAML to enable the SSO configuration. The perform the following steps:
a. In the Sign-in page URL textbox, paste the Login URL.

b. Right click the certificate downloaded from Azure portal, then open the certificate file using Notepad or
your preferred text editor. Copy the content between the begin and the end certificate title and paste it in the
X.509 Certificate textbox.
3. Click Save. Go to Asana guide for setting up SSO if you need further assistance.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Asana.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Asana.
2. In the applications list, select Asana.
Create Asana test user
The objective of this section is to create a user called Britta Simon in Asana. Asana supports automatic user
provisioning, which is by default enabled. You can find more details here on how to configure automatic user
provisioning.
If you need to create user manually, please perform following steps:
In this section, you create a user called Britta Simon in Asana.
1. On Asana, go to the Teams section on the left panel. Click the plus sign button.
2. Type the email of the user like britta.simon@contoso.com in the text box and then select Invite.
3. Click Send Invite. The new user will receive an email into their email account. user will need to create and
validate the account.
Test single sign-on
When you click the Asana tile in the Access Panel, you should be automatically signed in to the Asana for which
Configure User Provisioning
Tutorial: Azure Active Directory integration with ASC
Contracts
In this tutorial, you learn how to integrate ASC Contracts with Azure Active Directory (Azure AD ). Integrating ASC
Contracts with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to ASC Contracts.
You can enable your users to be automatically signed-in to ASC Contracts (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with ASC Contracts, you need the following items:
ASC Contracts single sign-on enabled subscription
ASC Contracts supports IDP initiated SSO
Adding ASC Contracts from the gallery

To configure the integration of ASC Contracts into Azure AD, you need to add ASC Contracts from the gallery to
To add ASC Contracts from the gallery, perform the following steps:
4. In the search box, type ASC Contracts, select ASC Contracts from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with ASC Contracts based on a test user called
ASC Contracts needs to be established.
To configure and test Azure AD single sign-on with ASC Contracts, you need to complete the following building
blocks:
2. Configure ASC Contracts Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create ASC Contracts test user - to have a counterpart of Britta Simon in ASC Contracts that is linked to the
To configure Azure AD single sign-on with ASC Contracts, perform the following steps:
1. In the Azure portal, on the ASC Contracts application integration page, select Single sign-on.
dialog.
https://<subdomain>.asccontracts.com/shibboleth
https://<subdomain>.asccontracts.com/shibboleth.sso/login
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact ASC Networks Inc.
(ASC) team at 613.599.6178 to get these values.
6. On the Set up ASC Contracts section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure ASC Contracts Single Sign-On
To configure single sign-on on ASC Contracts side, call ASC Networks Inc. (ASC ) support at 613.599.6178 and
provide them with the downloaded Federation Metadata XML. They set this application up to have the SAML

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to ASC Contracts.
1. In the Azure portal, select Enterprise Applications, select All applications, then select ASC Contracts.
2. In the applications list, select ASC Contracts.
Create ASC Contracts test user
Work with ASC Networks Inc. (ASC ) support team at 613.599.6178 to get the users added in the ASC Contracts
platform.
Test single sign-on
When you click the ASC Contracts tile in the Access Panel, you should be automatically signed in to the ASC
Contracts for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Tutorial: Integrate Ascentis with Azure Active
Directory
In this tutorial, you'll learn how to integrate Ascentis with Azure Active Directory (Azure AD ). When you integrate
Ascentis with Azure AD, you can:
Control in Azure AD who has access to Ascentis.
Enable your users to be automatically signed-in to Ascentis with their Azure AD accounts.
Prerequisites
Ascentis single sign-on (SSO ) enabled subscription.
Ascentis supports SP and IDP initiated SSO
Add Ascentis from the gallery

To configure the integration of Ascentis into Azure AD, you need to add Ascentis from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Ascentis in the search box.
6. Select Ascentis from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.

Configure and test Azure AD SSO with Ascentis using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Ascentis.
To configure and test Azure AD SSO with Ascentis, complete the following building blocks:
2. Configure Ascentis SSO - to configure the Single Sign-On settings on application side.
5. Create Ascentis test user - to have a counterpart of Britta Simon in Ascentis that is linked to the Azure AD
1. In the Azure portal, on the Ascentis application integration page, find the Manage section and select
Single sign-on.
https://services.ascentis.com/iam/samlsso?spEntityID=<clientname>.ascentis.com
initiated mode:
In the Sign-on URL text box, type a URL using any one of the following pattern:
https://selfservice.ascentis.com/<clientname>/STS/signin.aspx?SAMLResponse=true
https://selfservice2.ascentis.com/<clientname>/STS/signin.aspx?SAMLResponse=true
NOTE
These values are not real. Update these values with the actual Reply URL and Sign-On URL. Contact Ascentis Client
7. On the Set up Ascentis section, copy the appropriate URL (s) based on your requirement.
Configure Ascentis SSO

To configure single sign-on on Ascentis side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to Ascentis support team. They set this setting to have the SAML SSO
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Ascentis.
2. In the applications list, select Ascentis.
Create Ascentis test user
In this section, you create a user called Britta Simon in Ascentis. Work with Ascentis support team to add the users
in the Ascentis platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the Ascentis tile in the Access Panel, you should be automatically signed in to the Ascentis for
Tutorial: Azure Active Directory integration with Asset
Bank
In this tutorial, you learn how to integrate Asset Bank with Azure Active Directory (Azure AD ). Integrating Asset
Bank with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Asset Bank.
You can enable your users to be automatically signed-in to Asset Bank (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Asset Bank, you need the following items:
Asset Bank single sign-on enabled subscription
Asset Bank supports SP initiated SSO
Asset Bank supports Just In Time user provisioning
Adding Asset Bank from the gallery

To configure the integration of Asset Bank into Azure AD, you need to add Asset Bank from the gallery to your list
To add Asset Bank from the gallery, perform the following steps:
4. In the search box, type Asset Bank, select Asset Bank from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Asset Bank based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Asset
Bank needs to be established.
To configure and test Azure AD single sign-on with Asset Bank, you need to complete the following building
blocks:
2. Configure Asset Bank Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Asset Bank test user - to have a counterpart of Britta Simon in Asset Bank that is linked to the Azure
To configure Azure AD single sign-on with Asset Bank, perform the following steps:
1. In the Azure portal, on the Asset Bank application integration page, select Single sign-on.
dialog.

https://<companyname>.assetbank-server.com
https://<companyname>.assetbank-server.com/shibboleth
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Asset Bank Client
6. On the Set up Asset Bank section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Asset Bank Single Sign-On
To configure single sign-on on Asset Bank side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to Asset Bank support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Asset Bank.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Asset Bank.
2. In the applications list, select Asset Bank.
Create Asset Bank test user
In this section, a user called Britta Simon is created in Asset Bank. Asset Bank supports just-in-time user
exist in Asset Bank, a new one is created after authentication.
NOTE
If you need to create a user manually, you need to contact the Asset Bank support team.
Test single sign-on

When you click the Asset Bank tile in the Access Panel, you should be automatically signed in to the Asset Bank for
Tutorial: Integrate Atlassian Cloud with Azure Active
Directory
In this tutorial, you'll learn how to integrate Atlassian Cloud with Azure Active Directory (Azure AD ). When you
integrate Atlassian Cloud with Azure AD, you can:
Control in Azure AD who has access to Atlassian Cloud.
Enable your users to be automatically signed-in to Atlassian Cloud with their Azure AD accounts.
Prerequisites
Atlassian Cloud single sign-on (SSO ) enabled subscription.
To enable Security Assertion Markup Language (SAML ) single sign-on for Atlassian Cloud products, you need
to set up Atlassian Access. Learn more about Atlassian Access.
Atlassian Cloud supports SP and IDP initiated SSO
Adding Atlassian Cloud from the gallery

To configure the integration of Atlassian Cloud into Azure AD, you need to add Atlassian Cloud from the gallery to
5. In the Add from the gallery section, type Atlassian Cloud in the search box.
6. Select Atlassian Cloud from results panel and then add the app. Wait a few seconds while the app is added to
your tenant.

Configure and test Azure AD SSO with Atlassian Cloud using a test user called B.Simon. For SSO to work, you
need to establish a link relationship between an Azure AD user and the related user in Atlassian Cloud.
To configure and test Azure AD SSO with Atlassian Cloud, complete the following building blocks:
2. Configure Atlassian Cloud SSO - to configure the single sign-on settings on application side.
Create Atlassian Cloud test user - to have a counterpart of B.Simon in Atlassian Cloud that is linked
1. In the Azure portal, on the Atlassian Cloud application integration page, find the Manage section and
https://auth.atlassian.com/saml/<unique ID>
https://auth.atlassian.com/login/callback?connection=saml-<unique ID>
c. Click Set additional URLs.

d. In the Relay State text box, type a URL using the following pattern:
https://<instancename>.atlassian.net
NOTE
The preceding values are not real. Update these values with the actual identifier and reply URL. You will get these real
values from the Atlassian Cloud SAML Configuration screen which is explained later in the Configure Atlassian
Cloud Single Sign-On of tutorial.
initiated mode:
https://<instancename>.atlassian.net
NOTE
The Sign on URL value is not real. Paste the value from the instance which you use to signin to the Atlassian Cloud
admin portal.
6. Your Atlassian Cloud application expects the SAML assertions in a specific format, which requires you to
shows the list of default attributes, where as nameidentifier is mapped with user.userprincipalname.
Atlassian Cloud application expects nameidentifier to be mapped with user.mail, so you need to edit the
attribute mapping by clicking on Edit icon and change the attribute mapping.
8. On the Set up Atlassian Cloud section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Atlassian Cloud.
2. In the applications list, select Atlassian Cloud.
Configure Atlassian Cloud SSO
1. To automate the configuration within Atlassian Cloud, you need to install My Apps Secure Sign-in
2. After adding extension to the browser, click on Setup Atlassian Cloud will direct you to the Atlassian
Cloud application. From there, provide the admin credentials to sign into Atlassian Cloud. The browser
extension will automatically configure the application for you and automate steps 3-7.
3. If you want to setup Atlassian Cloud manually, open a new web browser window and sign into your
Atlassian Cloud company site as an administrator and perform the following steps:
4. You need to verify your domain before going to configure single sign-on. For more information, see
Atlassian domain verification document.
5. In the left pane, select Security > SAML single sign-on. If you haven't already done so, subscribe to
Atlassian Identity Manager.
6. In the Add SAML configuration window, do the following:

a. In the Identity provider Entity ID box, paste the Azure AD Identifier that you copied from the Azure
portal.
b. In the Identity provider SSO URL box, paste the Login URL that you copied from the Azure portal.
c. Open the downloaded certificate from the Azure portal in a .txt file, copy the value (without the Begin
Certificate and End Certificate lines), and then paste it in the Public X509 certificate box.
d. Click Save Configuration.
7. To ensure that you have set up the correct URLs, update the Azure AD settings by doing the following:
a. In the SAML window, copy the SP Identity ID and then, in the Azure portal, under Atlassian Cloud
Basic SAML Configuration, paste it in the Identifier box.
b. In the SAML window, copy the SP Assertion Consumer Service URL and then, in the Azure portal,
under Atlassian Cloud Basic SAML Configuration, paste it in the Reply URL box. The sign-on URL is the
tenant URL of your Atlassian Cloud.
NOTE
If you're an existing customer, after you update the SP Identity ID and SP Assertion Consumer Service URL
values in the Azure portal, select Yes, update configuration. If you're a new customer, you can skip this step.
Create Atlassian Cloud test user

To enable Azure AD users to sign in to Atlassian Cloud, provision the user accounts manually in Atlassian Cloud
by doing the following:
1. In the Administration pane, select Users.
2. To create a user in Atlassian Cloud, select Invite user.
3. In the Email address box, enter the user's email address, and then assign the application access.
4. To send an email invitation to the user, select Invite users. An email invitation is sent to the user and, after
accepting the invitation, the user is active in the system.
NOTE
You can also bulk-create users by selecting the Bulk Create button in the Users section.
Test SSO
When you select the Atlassian Cloud tile in the Access Panel, you should be automatically signed in to the
Atlassian Cloud for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Try Atlassian Cloud with Azure AD
Atlassian Jira and Confluence admin guide for Azure
Active Directory
Overview
The Azure Active Directory (Azure AD ) single sign-on (SSO ) plug-in enables Microsoft Azure AD customers to use
their work or school account for signing in to Atlassian Jira and Confluence Server-based products. It implements
SAML 2.0-based SSO.
How it works
When users want to sign in to the Atlassian Jira or Confluence application, they see the Login with Azure AD
button on the sign-in page. When they select it, they're required to sign in by using the Azure AD organization
sign-in page (that is, their work or school account).
After the users are authenticated, they should be able to sign in to the application. If they are already authenticated
with the ID and password for their work or school account, then they directly sign in to the application.
Sign-in works across Jira and Confluence. If users are signed in to the Jira application and Confluence is opened in
the same browser window, they don't have to provide the credentials for the other app.
Users can also get to the Atlassian product through My Apps under the work or school account. They should be
signed in without being asked for credentials.
NOTE
User provisioning is not done through the plug-in.
Audience
Jira and Confluence admins can use the plug-in to enable SSO by using Azure AD.
Assumptions
Jira and Confluence instances are HTTPS enabled.
Users are already created in Jira or Confluence.
Users have roles assigned in Jira or Confluence.
Admins have access to information required to configure the plug-in.
Jira or Confluence is available outside the company network as well.
The plug-in works with only the on-premises version of Jira and Confluence.
Prerequisites
Note the following information before you install the plug-in:
Jira and Confluence are installed on a Windows 64-bit version.
Jira and Confluence versions are HTTPS enabled.
Jira and Confluence are available on the internet.
Admin credentials are in place for Jira and Confluence.
Admin credentials are in place for Azure AD.
WebSudo is disabled in Jira and Confluence.
Supported versions of Jira and Confluence

The plug-in supports the following versions of Jira and Confluence:
Jira Core and Software: 6.0 to 7.12
Jira Service Desk: 3.0.0 to 3.5.0
JIRA also supports 5.2. For more details, click Microsoft Azure Active Directory single sign-on for JIRA 5.2
Confluence: 5.0 to 5.10
Confluence: 6.0.1
Confluence: 6.1.1
Confluence: 6.2.1
Confluence: 6.3.4
Confluence: 6.4.0
Confluence: 6.5.0
Confluence: 6.6.2
Confluence: 6.7.0
Confluence: 6.8.1
Confluence: 6.9.0
Confluence: 6.10.0
Confluence: 6.11.0
Confluence: 6.12.0
Installation
To install the plug-in, follow these steps:
1. Sign in to your Jira or Confluence instance as an admin.
2. Go to the Jira/Confluence administration console and select Add-ons.
3. From the Microsoft Download Center, download the Microsoft SAML SSO Plugin for Jira/ Microsoft SAML
SSO Plugin for Confluence.
The appropriate version of the plug-in appears in the search results.
4. Select the plug-in, and the Universal Plug-in Manager (UPM ) installs it.
After the plug-in is installed, it appears in the User Installed Add-ons section of Manage Add-ons.
Plug-in configuration
Before you start using the plug-in, you must configure it. Select the plug-in, select the Configure button, and
provide the configuration details.
The following image shows the configuration screen in both Jira and Confluence:
Metadata URL: The URL to get federation metadata from Azure AD.
Identifiers: The URL that Azure AD uses to validate the source of the request. It maps to the Identifier
element in Azure AD. The plug-in automatically derives this URL as https://<domain:port>/.
Reply URL: The reply URL in your identity provider (IdP ) that initiates the SAML sign-in. It maps to the
Reply URL element in Azure AD. The plug-in automatically derives this URL as
https://<domain:port>/plugins/servlet/saml/auth.
Sign On URL: The sign-on URL in your IdP that initiates the SAML sign-in. It maps to the Sign On
element in Azure AD. The plug-in automatically derives this URL as
https://<domain:port>/plugins/servlet/saml/auth.
IdP Entity ID: The entity ID that your IdP uses. This box is populated when the metadata URL is resolved.
Login URL: The sign-in URL from your IdP. This box is populated from Azure AD when the metadata URL
is resolved.
Logout URL: The logout URL from your IdP. This box is populated from Azure AD when the metadata URL
is resolved.
X.509 Certificate: Your IdP’s X.509 certificate. This box is populated from Azure AD when the metadata
URL is resolved.
Login Button Name: The name of the sign-in button that your organization wants users to see on the sign-
in page.
SAML User ID Locations: The location where the Jira or Confluence user ID is expected in the SAML
response. It can be in NameID or in a custom attribute name.
Attribute Name: The name of the attribute where the user ID is expected.
Enable Home Realm Discovery: The selection to make if the company is using Active Directory
Federation Services (AD FS )-based sign-in.
Domain Name: The domain name if sign-in is AD FS based.
Enable Single Signout: The selection to make if you want to sign out from Azure AD when a user signs
out from Jira or Confluence.
Troubleshooting
You're getting multiple certificate errors: Sign in to Azure AD and remove the multiple certificates that
are available against the app. Ensure that only one certificate is present.
A certificate is about to expire in Azure AD: Add-ons take care of automatic rollover of the certificate.
When a certificate is about to expire, a new certificate should be marked active and unused certificates
should be deleted. When a user tries to sign in to Jira in this scenario, the plug-in fetches and saves the new
certificate.
You want to disable WebSudo (disable the secure administrator session):
For Jira, secure administrator sessions (that is, password confirmation before accessing
administration functions) are enabled by default. If you want to remove this ability in your Jira
instance, specify the following line in your jira-config.properties file: ira.websudo.is.disabled = true
For Confluence, follow the steps on the Confluence support site.

Fields that are supposed to be populated by the metadata URL are not getting populated:
Check if the URL is correct. Check if you have mapped the correct tenant and app ID.
Enter the URL in a browser and see if you receive the federation metadata XML.
There's an internal server error: Review the logs in the log directory of the installation. If you're getting
the error when the user is trying to sign in by using Azure AD SSO, you can share the logs with the support
team.
There's a "User ID not found" error when the user tries to sign in: Create the user ID in Jira or
Confluence.
There's an "App not found" error in Azure AD: See if the appropriate URL is mapped to the app in
Azure AD.
You need support: Reach out to the Azure AD SSO Integration Team. The team responds in 24-48
business hours.
You can also raise a support ticket with Microsoft through the Azure portal channel.
Plug-in FAQ
Please refer below FAQs if you have any query regarding this plug-in.
What does the plug-in do?
The plug-in provides single sign-on (SSO ) capability for Atlassian Jira (including Jira Core, Jira Software, Jira
Service Desk) and Confluence on-premises software. The plug-in works with Azure Active Directory (Azure AD ) as
an identity provider (IdP ).
Which Atlassian products does the plug-in work with?
The plug-in works with on-premises versions of Jira and Confluence.
Does the plug-in work on cloud versions?
No. The plug-in supports only on-premises versions of Jira and Confluence.
Which versions of Jira and Confluence does the plug-in support?
The plug-in supports these versions:
Jira Core and Software: 6.0 to 7.12
Jira Service Desk: 3.0.0 to 3.5.0
Confluence: 6.0.1
Confluence: 6.1.1
Confluence: 6.2.1
Confluence: 6.3.4
Confluence: 6.4.0
Confluence: 6.5.0
Confluence: 6.6.2
Confluence: 6.7.0
Confluence: 6.8.1
Confluence: 6.9.0
Confluence: 6.10.0
Confluence: 6.11.0
Confluence: 6.12.0
Is the plug-in free or paid?
It's a free add-on.
Do I need to restart Jira or Confluence after I deploy the plug-in?
A restart is not required. You can start using the plug-in immediately.
How do I get support for the plug-in?
You can reach out to the Azure AD SSO Integration Team for any support needed for this plug-in. The team
responds in 24-48 business hours.
You can also raise a support ticket with Microsoft through the Azure portal channel.
Would the plug-in work on a Mac or Ubuntu installation of Jira and Confluence?
We have tested the plug-in only on 64-bit Windows Server installations of Jira and Confluence.
Does the plug-in work with IdPs other than Azure AD?
No. It works only with Azure AD.
What version of SAML does the plug-in work with?
It works with SAML 2.0.
Does the plug-in do user provisioning?
No. The plug-in provides only SAML 2.0-based SSO. The user has to be provisioned in the application before the
SSO sign-in.
Does the plug-in support cluster versions of Jira and Confluence?
No. The plug-in works with on-premises versions of Jira and Confluence.
Does the plug-in work with HTTP versions of Jira and Confluence?
No. The plug-in works with HTTPS -enabled installations only.
Atomic Learning
In this tutorial, you learn how to integrate Atomic Learning with Azure Active Directory (Azure AD ). Integrating
Atomic Learning with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Atomic Learning.
You can enable your users to be automatically signed-in to Atomic Learning (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Atomic Learning, you need the following items:
Atomic Learning single sign-on enabled subscription
Atomic Learning supports SP initiated SSO
Atomic Learning supports Just In Time user provisioning
Adding Atomic Learning from the gallery

To configure the integration of Atomic Learning into Azure AD, you need to add Atomic Learning from the gallery
To add Atomic Learning from the gallery, perform the following steps:
4. In the search box, type Atomic Learning, select Atomic Learning from result panel then click Add button

In this section, you configure and test Azure AD single sign-on with Atomic Learning based on a test user called
Atomic Learning needs to be established.
To configure and test Azure AD single sign-on with Atomic Learning, you need to complete the following building
blocks:
2. Configure Atomic Learning Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Atomic Learning test user - to have a counterpart of Britta Simon in Atomic Learning that is linked to
To configure Azure AD single sign-on with Atomic Learning, perform the following steps:
1. In the Azure portal, on the Atomic Learning application integration page, select Single sign-on.
dialog.

https://secure2.atomiclearning.com/sso/shibboleth/<companyname>
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact Atomic Learning Client support team to
get the value. You can also refer to the patterns shown in the Basic SAML Configuration section in the Azure portal.
6. On the Set up Atomic Learning section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Atomic Learning Single Sign-On
To configure single sign-on on Atomic Learning side, you need to send the downloaded Federation Metadata
XML and appropriate copied URLs from Azure portal to Atomic Learning support team. They set this setting to
have the SAML SSO connection set properly on both sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Atomic Learning.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Atomic Learning.
2. In the applications list, select Atomic Learning.
Create Atomic Learning test user
In this section, a user called Britta Simon is created in Atomic Learning. Atomic Learning supports just-in-time user
exist in Atomic Learning, a new one is created after authentication.
Test single sign-on
When you click the Atomic Learning tile in the Access Panel, you should be automatically signed in to the Atomic
Learning for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Attendance Management Services
In this tutorial, you learn how to integrate Attendance Management Services with Azure Active Directory (Azure
AD ). Integrating Attendance Management Services with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Attendance Management Services.
You can enable your users to be automatically signed-in to Attendance Management Services (Single Sign-On)
you begin.
Prerequisites
To configure Azure AD integration with Attendance Management Services, you need the following items:
Attendance Management Services single sign-on enabled subscription
Attendance Management Services supports SP initiated SSO
Adding Attendance Management Services from the gallery

To configure the integration of Attendance Management Services into Azure AD, you need to add Attendance
Management Services from the gallery to your list of managed SaaS apps.
To add Attendance Management Services from the gallery, perform the following steps:
4. In the search box, type Attendance Management Services, select Attendance Management Services
from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Attendance Management Services based on a
test user called Britta Simon. For single sign-on to work, a link relationship between an Azure AD user and the
related user in Attendance Management Services needs to be established.
To configure and test Azure AD single sign-on with Attendance Management Services, you need to complete the
2. Configure Attendance Management Services Single Sign-On - to configure the Single Sign-On settings
5. Create Attendance Management Services test user - to have a counterpart of Britta Simon in Attendance
Management Services that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with Attendance Management Services, perform the following steps:
1. In the Azure portal, on the Attendance Management Services application integration page, select Single
sign-on.
dialog.

https://id.obc.jp/<tenant information >/
https://id.obc.jp/<tenant information >/
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Attendance
Management Services Client support team to get these values. You can also refer to the patterns shown in the Basic
6. On the Set up Attendance Management Services section, copy the appropriate URL (s) as per your
requirement.
a. Login URL
c. Logout URL
Configure Attendance Management Services Single Sign-On
1. In a different browser window, sign-on to your Attendance Management Services company site as
administrator.
2. Click on SAML authentication under the Security management section.
3. Perform the following steps:

a. Select Use SAML authentication.
b. In the Identifier textbox, paste the value of Azure AD Identifier value, which you have copied from
Azure portal.
c. In the Authentication endpoint URL textbox, paste the value of Login URL value, which you have
copied from Azure portal.
d. Click Select a file to upload the certificate which you downloaded from Azure AD.
e. Select Disable password authentication.
f. Click Registration


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Attendance Management
Services.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Attendance
Management Services.
2. In the applications list, select Attendance Management Services.

Create Attendance Management Services test user
To enable Azure AD users to sign in to Attendance Management Services, they must be provisioned into
Attendance Management Services. In the case of Attendance Management Services, provisioning is a manual task.
1. Sign in to your Attendance Management Services company site as an administrator.
2. Click on User management under the Security management section.
3. Click New rules login.
4. In the OBCiD information section, perform the following steps:
a. In the OBCiD textbox, type the email of user like BrittaSimon\@contoso.com .

b. In the Password textbox, type the password of user.
c. Click Registration
Test single sign-on
When you click the Attendance Management Services tile in the Access Panel, you should be automatically signed
in to the Attendance Management Services for which you set up SSO. For more information about the Access
Panel, see Introduction to the Access Panel.
AuditBoard
In this tutorial, you learn how to integrate AuditBoard with Azure Active Directory (Azure AD ). Integrating
AuditBoard with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to AuditBoard.
You can enable your users to be automatically signed-in to AuditBoard (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with AuditBoard, you need the following items:
AuditBoard single sign-on enabled subscription
AuditBoard supports SP and IDP initiated SSO
Adding AuditBoard from the gallery

To configure the integration of AuditBoard into Azure AD, you need to add AuditBoard from the gallery to your list
To add AuditBoard from the gallery, perform the following steps:
4. In the search box, type AuditBoard, select AuditBoard from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with AuditBoard based on a test user called Britta
AuditBoard needs to be established.
To configure and test Azure AD single sign-on with AuditBoard, you need to complete the following building
blocks:
2. Configure AuditBoard Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create AuditBoard test user - to have a counterpart of Britta Simon in AuditBoard that is linked to the Azure
To configure Azure AD single sign-on with AuditBoard, perform the following steps:
1. In the Azure portal, on the AuditBoard application integration page, select Single sign-on.
dialog.
4. On the Basic SAML Configuration section, if you wish to configure the application in IDP initiated mode
https://<SUBDOMAIN>.auditboardapp.com/api/v1/sso/saml/metadata.xml
https://<SUBDOMAIN>.auditboardapp.com/api/v1/sso/saml/assert
initiated mode:
d. In the Sign-on URL text box, type a URL using the following pattern:
https://<SUBDOMAIN>.auditboardapp.com/
NOTE
AuditBoard Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
Configure AuditBoard Single Sign-On

To configure single sign-on on AuditBoard side, you need to send the App Federation Metadata Url to
AuditBoard support team. They set this setting to have the SAML SSO connection set properly on both sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to AuditBoard.
1. In the Azure portal, select Enterprise Applications, select All applications, then select AuditBoard.
2. In the applications list, select AuditBoard.
Create AuditBoard test user
In this section, you create a user called Britta Simon in AuditBoard. Work with AuditBoard support team to add the
users in the AuditBoard platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the AuditBoard tile in the Access Panel, you should be automatically signed in to the AuditBoard
Autotask Endpoint Backup
In this tutorial, you learn how to integrate Autotask Endpoint Backup with Azure Active Directory (Azure AD ).
Integrating Autotask Endpoint Backup with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Autotask Endpoint Backup.
You can enable your users to be automatically signed-in to Autotask Endpoint Backup (Single Sign-On) with
you begin.
Prerequisites
To configure Azure AD integration with Autotask Endpoint Backup, you need the following items:
Autotask Endpoint Backup single sign-on enabled subscription
Autotask Endpoint Backup supports IDP initiated SSO
Adding Autotask Endpoint Backup from the gallery

To configure the integration of Autotask Endpoint Backup into Azure AD, you need to add Autotask Endpoint
Backup from the gallery to your list of managed SaaS apps.
To add Autotask Endpoint Backup from the gallery, perform the following steps:
4. In the search box, type Autotask Endpoint Backup, select Autotask Endpoint Backup from result panel
then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Autotask Endpoint Backup based on a test user
in Autotask Endpoint Backup needs to be established.
To configure and test Azure AD single sign-on with Autotask Endpoint Backup, you need to complete the following
building blocks:
2. Configure Autotask Endpoint Backup Single Sign-On - to configure the Single Sign-On settings on
application side.
5. Create Autotask Endpoint Backup test user - to have a counterpart of Britta Simon in Autotask Endpoint
Backup that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with Autotask Endpoint Backup, perform the following steps:
1. In the Azure portal, on the Autotask Endpoint Backup application integration page, select Single sign-
on.
dialog.
https://<subdomain>.backup.autotask.net/singlesignon/saml/metadata
https://<subdomain>.backup.autotask.net/singlesignon/saml/SSO
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact Autotask Endpoint
Backup Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
6. On the Set up Autotask Endpoint Backup section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Autotask Endpoint Backup Single Sign-On
To configure single sign-on on Autotask Endpoint Backup side, you need to send the downloaded Federation
Metadata XML and appropriate copied URLs from Azure portal to Autotask Endpoint Backup support team. They

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Autotask Endpoint
Backup.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Autotask
Endpoint Backup.
2. In the applications list, select Autotask Endpoint Backup.
Create Autotask Endpoint Backup test user
In this section, you create a user called Britta Simon in Autotask Endpoint Backup. Work with Autotask Endpoint
Backup support team to add the users in the Autotask Endpoint Backup platform. Users must be created and
activated before you use single sign-on.
Test single sign-on
When you click the Autotask Endpoint Backup tile in the Access Panel, you should be automatically signed in to the
Autotask Endpoint Backup for which you set up SSO. For more information about the Access Panel, see
Autotask Workplace
In this tutorial, you learn how to integrate Autotask Workplace with Azure Active Directory (Azure AD ). Integrating
Autotask Workplace with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Autotask Workplace.
You can enable your users to be automatically signed-in to Autotask Workplace (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Autotask Workplace, you need the following items:
Autotask Workplace single sign-on enabled subscription
An Autotask Workplace single-sign on enabled subscription
You must be an administrator or super administrator in Workplace.
You must have an administrator account in the Azure AD.
The users that will utilize this feature must have accounts within Workplace and the Azure AD, and their email
addresses for both must match.
Autotask Workplace supports SP and IDP initiated SSO
Adding Autotask Workplace from the gallery

To configure the integration of Autotask Workplace into Azure AD, you need to add Autotask Workplace from the
To add Autotask Workplace from the gallery, perform the following steps:
4. In the search box, type Autotask Workplace, select Autotask Workplace from result panel then click Add

In this section, you configure and test Azure AD single sign-on with Autotask Workplace based on a test user called
Autotask Workplace needs to be established.
To configure and test Azure AD single sign-on with Autotask Workplace, you need to complete the following
building blocks:
2. Configure Autotask Workplace Single Sign-On - to configure the Single Sign-On settings on application
side.
5. Create Autotask Workplace test user - to have a counterpart of Britta Simon in Autotask Workplace that is
To configure Azure AD single sign-on with Autotask Workplace, perform the following steps:
1. In the Azure portal, on the Autotask Workplace application integration page, select Single sign-on.
dialog.
https://<subdomain>.awp.autotask.net/singlesignon/saml/metadata
https://<subdomain>.awp.autotask.net/singlesignon/saml/SSO
initiated mode:
https://<subdomain>.awp.autotask.net/loginsso
NOTE
Autotask Workplace Client support team to get these values. You can also refer to the patterns shown in the Basic
7. On the Set up Autotask Workplace section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Autotask Workplace Single Sign-On
1. In a different web browser window, Log in to Workplace Online using the administrator credentials.
NOTE
When configuring the IdP, a subdomain will need to be specified. To confirm the correct subdomain, login to
Workplace Online. Once logged in, make note to the subdomain in the URL. The subdomain is the part between the
“https://“ and “.awp.autotask.net/“ and should be us, eu, ca, or au.
2. Go to Configuration > Single Sign-On and perform the following steps:
a. Select the XML Metadata File option, and then upload the downloaded Federation Metadata XML
from Azure portal.
b. Click ENABLE SSO.
c. Select the I confirm this information is correct and I trust this IdP check box.
d. Click APPROVE.
NOTE
If you require assistance with configuring Autotask Workplace, please see this page to get assistance with your Workplace
account.


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Autotask Workplace.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Autotask
Workplace.
2. In the applications list, select Autotask Workplace.

Create Autotask Workplace test user
In this section, you create a user called Britta Simon in Autotask Workplace. Please work with Autotask Workplace
support team to add the users in the Autotask Workplace platform.
Test single sign-on
When you click the Autotask Workplace tile in the Access Panel, you should be automatically signed in to the
Autotask Workplace for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
AwardSpring
In this tutorial, you learn how to integrate AwardSpring with Azure Active Directory (Azure AD ). Integrating
AwardSpring with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to AwardSpring.
You can enable your users to be automatically signed-in to AwardSpring (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with AwardSpring, you need the following items:
AwardSpring single sign-on enabled subscription
AwardSpring supports SP and IDP initiated SSO
AwardSpring supports Just In Time user provisioning
Adding AwardSpring from the gallery

To configure the integration of AwardSpring into Azure AD, you need to add AwardSpring from the gallery to your
To add AwardSpring from the gallery, perform the following steps:
4. In the search box, type AwardSpring, select AwardSpring from result panel then click Add button to add
the application.

In this section, you configure and test Azure AD single sign-on with AwardSpring based on a test user called Britta
AwardSpring needs to be established.
To configure and test Azure AD single sign-on with AwardSpring, you need to complete the following building
blocks:
2. Configure AwardSpring Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create AwardSpring test user - to have a counterpart of Britta Simon in AwardSpring that is linked to the
To configure Azure AD single sign-on with AwardSpring, perform the following steps:
1. In the Azure portal, on the AwardSpring application integration page, select Single sign-on.
dialog.
https://<subdomain>.awardspring.com/SignIn/SamlMetaData
https://<subdomain>.awardspring.com/SignIn/SamlAcs
initiated mode:
In the Sign-on URL text box, type a URL using the following pattern: https://<subdomain>.awardspring.com/
NOTE
AwardSpring Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
6. AwardSpring application expects the SAML assertions in a specific format. Configure the following claims
for this application. You can manage the values of these attributes from the User Attributes section on
First Name user.givenname
Last Name user.surname
Email user.mail
Username user.userprinicipalname
StudentID < Student ID >
NOTE
The StudentID attribute is mapped with the actual Student ID which needs to be passed back in claims. Contact
AwardSpring Client support team to get this value.
f. Click Ok
g. Click Save.
9. On the Set up AwardSpring section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure AwardSpring Single Sign-On
To configure single sign-on on AwardSpring side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to AwardSpring support team. They set this setting to have the


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to AwardSpring.
1. In the Azure portal, select Enterprise Applications, select All applications, then select AwardSpring.
2. In the applications list, select AwardSpring.

Create AwardSpring test user
In this section, a user called Britta Simon is created in AwardSpring. AwardSpring supports just-in-time user
exist in AwardSpring, a new one is created after authentication.
NOTE
If you need to create a user manually, contact AwardSpring support team.
Test single sign-on
When you click the AwardSpring tile in the Access Panel, you should be automatically signed in to the
AwardSpring for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
BambooHR
In this tutorial, you learn how to integrate BambooHR with Azure Active Directory (Azure AD ). Integrating
BambooHR with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to BambooHR.
You can enable your users to be automatically signed-in to BambooHR (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with BambooHR, you need the following items:
BambooHR single sign-on enabled subscription
BambooHR supports SP initiated SSO
Adding BambooHR from the gallery

To configure the integration of BambooHR into Azure AD, you need to add BambooHR from the gallery to your
To add BambooHR from the gallery, perform the following steps:
4. In the search box, type BambooHR, select BambooHR from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with BambooHR based on a test user called Britta
BambooHR needs to be established.
To configure and test Azure AD single sign-on with BambooHR, you need to complete the following building
blocks:
2. Configure BambooHR Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create BambooHR test user - to have a counterpart of Britta Simon in BambooHR that is linked to the Azure
To configure Azure AD single sign-on with BambooHR, perform the following steps:
1. In the Azure portal, on the BambooHR application integration page, select Single sign-on.
dialog.

a. In the Sign on URL text box, type a URL using the following pattern: https://<company>.bamboohr.com
b. In the Identifier (Entity ID ) text box, type a URL using the following pattern: BambooHR-SAML
NOTE
The Sign on URL value is not real. Update the value with actual sign-on URL. Contact BambooHR Client support
team to get the value. You can also refer to the patterns shown in the Basic SAML Configuration section in the
Azure portal.
6. On the Set up BambooHR section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure BambooHR Single Sign-On
1. In a new window, sign in to your BambooHR company site as an administrator.
2. On the home page, do the following:
a. Select Apps.
b. In the Apps pane, select Single Sign-On.
c. Select SAML Single Sign-On.
3. In the SAML Single Sign-On pane, do the following:
a. Into the SSO Login Url box, paste the Login URL that you copied from the Azure portal in step 6.
b. In Notepad, open the base-64 encoded certificate that you downloaded from the Azure portal, copy its
content, and then paste it into the X.509 Certificate box.
c. Select Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to BambooHR.
1. In the Azure portal, select Enterprise Applications, select All applications, then select BambooHR.
2. In the applications list, type and select BambooHR.
Create BambooHR test user
To enable Azure AD users to sign in to BambooHR, set them up manually in BambooHR by doing the following:
1. Sign in to your BambooHR site as an administrator.
2. In the toolbar at the top, select Settings.
3. Select Overview.
4. In the left pane, select Security > Users.
5. Type the username, password, and email address of the valid Azure AD account that you want to set up.
6. Select Save.
NOTE
To set up Azure AD user accounts, you can also use BambooHR user account-creation tools or APIs.
Test single sign-on

When you click the BambooHR tile in the Access Panel, you should be automatically signed in to the BambooHR
Bambu by Sprout Social
In this tutorial, you learn how to integrate Bambu by Sprout Social with Azure Active Directory (Azure AD ).
Integrating Bambu by Sprout Social with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Bambu by Sprout Social.
You can enable your users to be automatically signed-in to Bambu by Sprout Social (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Bambu by Sprout Social, you need the following items:
Bambu by Sprout Social single sign-on enabled subscription
Bambu by Sprout Social supports IDP initiated SSO
Bambu by Sprout Social supports Just In Time user provisioning
Adding Bambu by Sprout Social from the gallery

To configure the integration of Bambu by Sprout Social into Azure AD, you need to add Bambu by Sprout Social
To add Bambu by Sprout Social from the gallery, perform the following steps:
4. In the search box, type Bambu by Sprout Social, select Bambu by Sprout Social from result panel then

In this section, you configure and test Azure AD single sign-on with Bambu by Sprout Social based on a test user
in Bambu by Sprout Social needs to be established.
To configure and test Azure AD single sign-on with Bambu by Sprout Social, you need to complete the following
building blocks:
2. Configure Bambu by Sprout Social Single Sign-On - to configure the Single Sign-On settings on
application side.
5. Create Bambu by Sprout Social test user - to have a counterpart of Britta Simon in Bambu by Sprout Social
To configure Azure AD single sign-on with Bambu by Sprout Social, perform the following steps:
1. In the Azure portal, on the Bambu by Sprout Social application integration page, select Single sign-on.
dialog.
6. On the Set up Bambu by Sprout Social section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Bambu by Sprout Social Single Sign-On
To configure single sign-on on Bambu by Sprout Social side, you need to send the downloaded Federation
Metadata XML and appropriate copied URLs from Azure portal to Bambu by Sprout Social support team. They

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Bambu by Sprout Social.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Bambu by Sprout
Social.
2. In the applications list, select Bambu by Sprout Social.

Create Bambu by Sprout Social test user
In this section, a user called Britta Simon is created in Bambu by Sprout Social. Bambu by Sprout Social supports
just-in-time user provisioning, which is enabled by default. There is no action item for you in this section. If a user
doesn't already exist in Bambu by Sprout Social, a new one is created after authentication.
Test single sign-on
When you click the Bambu by Sprout Social tile in the Access Panel, you should be automatically signed in to the
Bambu by Sprout Social for which you set up SSO. For more information about the Access Panel, see Introduction
Tutorial: Azure Active Directory integration with BC in
the Cloud
In this tutorial, you learn how to integrate BC in the Cloud with Azure Active Directory (Azure AD ). Integrating BC
in the Cloud with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to BC in the Cloud.
You can enable your users to be automatically signed-in to BC in the Cloud (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with BC in the Cloud, you need the following items:
BC in the Cloud single sign-on enabled subscription
BC in the Cloud supports SP initiated SSO
Adding BC in the Cloud from the gallery

To configure the integration of BC in the Cloud into Azure AD, you need to add BC in the Cloud from the gallery to
To add BC in the Cloud from the gallery, perform the following steps:
4. In the search box, type BC in the Cloud, select BC in the Cloud from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with BC in the Cloud based on a test user called
Britta Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in BC
in the Cloud needs to be established.
To configure and test Azure AD single sign-on with BC in the Cloud, you need to complete the following building
blocks:
2. Configure BC in the Cloud Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create BC in the Cloud test user - to have a counterpart of Britta Simon in BC in the Cloud that is linked to
To configure Azure AD single sign-on with BC in the Cloud, perform the following steps:
1. In the Azure portal, on the BC in the Cloud application integration page, select Single sign-on.
dialog.

https://app.bcinthecloud.com/router/loginSaml/<customerid>
b. In the Identifier (Entity ID ) text box, type the URL: https://app.bcinthecloud.com
NOTE
This value is not real. Update this value with the actual Sign-On URL. Contact BC in the Cloud Client support team to
get this value.
6. On the Set up BC in the Cloud section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure BC in the Cloud Single Sign-On
To configure single sign-on on BC in the Cloud side, you need to send the downloaded Federation Metadata
XML and appropriate copied URLs from Azure portal to BC in the Cloud support team. They set this setting to

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to BC in the Cloud.
1. In the Azure portal, select Enterprise Applications, select All applications, then select BC in the Cloud.
2. In the applications list, select BC in the Cloud.
Create BC in the Cloud test user
In this section, you create a user called Britta Simon in BC in the Cloud. Work with BC in the Cloud support team to
add the users in the BC in the Cloud platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the BC in the Cloud tile in the Access Panel, you should be automatically signed in to the BC in the
Cloud for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
BeeLine
In this tutorial, you learn how to integrate BeeLine with Azure Active Directory (Azure AD ). Integrating BeeLine
You can control in Azure AD who has access to BeeLine.
You can enable your users to be automatically signed-in to BeeLine (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with BeeLine, you need the following items:
BeeLine single sign-on enabled subscription
BeeLine supports IDP initiated SSO
Adding BeeLine from the gallery

To configure the integration of BeeLine into Azure AD, you need to add BeeLine from the gallery to your list of
managed SaaS apps.
To add BeeLine from the gallery, perform the following steps:
4. In the search box, type BeeLine, select BeeLine from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with BeeLine based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in BeeLine
To configure and test Azure AD single sign-on with BeeLine, you need to complete the following building blocks:
2. Configure BeeLine Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create BeeLine test user - to have a counterpart of Britta Simon in BeeLine that is linked to the Azure AD
To configure Azure AD single sign-on with BeeLine, perform the following steps:
1. In the Azure portal, on the BeeLine application integration page, select Single sign-on.
dialog.
https://projects.beeline.net/<instancename>
https://projects.beeline.net/<instancename>/SSO_External.ashx
https://projects.beeline.net/<companyname>/SSO_External.ashx
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact BeeLine Client
5. Beeline application expects the SAML assertions in a specific format. Please work with BeeLine support
team first to identify the correct user identifier which will be mapped into the application. Also please take
the guidance from BeeLine support team about the attribute which they want to use for this mapping. You
can manage the value of this attribute from the User Attributes tab of the application. The following
screenshot shows an example for this. Here we have mapped the User Identifier claim with the
userprincipalname attribute, which provides unique user ID, which will be sent to the Beeline application
in the every successful SAML Response.
7. On the Set up BeeLine section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure BeeLine Single Sign-On
To configure single sign-on on BeeLine side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to BeeLine support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to BeeLine.
1. In the Azure portal, select Enterprise Applications, select All applications, then select BeeLine.
2. In the applications list, select BeeLine.

Create BeeLine test user
In this section, you create a user called Britta Simon in Beeline. Beeline application needs all the users to be
provisioned in the application before doing Single Sign On. So work with the BeeLine support team to provision
all these users into the application.
Test single sign-on
When you click the BeeLine tile in the Access Panel, you should be automatically signed in to the BeeLine for which
Benchling
In this tutorial, you learn how to integrate Benchling with Azure Active Directory (Azure AD ). Integrating Benchling
You can control in Azure AD who has access to Benchling.
You can enable your users to be automatically signed-in to Benchling (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Benchling, you need the following items:
Benchling single sign-on enabled subscription
Benchling supports SP and IDP initiated SSO
Benchling supports Just in Time user provisioning
Adding Benchling from the gallery

To configure the integration of Benchling into Azure AD, you need to add Benchling from the gallery to your list of
managed SaaS apps.
To add Benchling from the gallery, perform the following steps:
4. In the search box, type Benchling, select Benchling from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Benchling based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Benchling
To configure and test Azure AD single sign-on with Benchling, you need to complete the following building blocks:
2. Configure Benchling Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Benchling test user - to have a counterpart of Britta Simon in Benchling that is linked to the Azure AD
To configure Azure AD single sign-on with Benchling, perform the following steps:
1. In the Azure portal, on the Benchling application integration page, select Single sign-on.
dialog.
https://<SUBDOMAIN>.benchling.com/ext/saml/metadata.xml
https://<SUBDOMAIN>.benchling.com/ext/saml/signin:finish
initiated mode:
In the Sign-on URL text box, type a URL using the following pattern: https://<SUBDOMAIN>.benchling.com
NOTE
Benchling Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
6. Benchling application expects the SAML assertions in a specific format, which requires you to add custom
default attributes. Click Edit icon to open User Attributes dialog.
7. In addition to above, Benchling application expects few more attributes to be passed back in SAML
response. In the User Claims section on the User Attributes dialog, perform the following steps to add
SAML token attribute as shown in the below table:
Email user.mail
f. Click Ok
g. Click Save.
Configure Benchling Single Sign-On
To configure single sign-on on Benchling side, you need to send the App Federation Metadata Url to Benchling

b. In the User name field type brittasimon@yourcompanydomain.extension. For example,
d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Benchling.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Benchling.
2. In the applications list, select Benchling.

Create Benchling test user
In this section, a user called Britta Simon is created in Benchling. Benchling supports just-in-time user provisioning,
Benchling, a new one is created after authentication.
Test single sign-on
When you click the Benchling tile in the Access Panel, you should be automatically signed in to the Benchling for
BenefitHub
In this tutorial, you learn how to integrate BenefitHub with Azure Active Directory (Azure AD ). Integrating
BenefitHub with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to BenefitHub.
You can enable your users to be automatically signed-in to BenefitHub (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with BenefitHub, you need the following items:
BenefitHub single sign-on enabled subscription
BenefitHub supports IDP initiated SSO
Adding BenefitHub from the gallery

To configure the integration of BenefitHub into Azure AD, you need to add BenefitHub from the gallery to your list
To add BenefitHub from the gallery, perform the following steps:
4. In the search box, type BenefitHub, select BenefitHub from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with BenefitHub based on a test user called Britta
BenefitHub needs to be established.
To configure and test Azure AD single sign-on with BenefitHub, you need to complete the following building
blocks:
2. Configure BenefitHub Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create BenefitHub test user - to have a counterpart of Britta Simon in BenefitHub that is linked to the Azure
To configure Azure AD single sign-on with BenefitHub, perform the following steps:
1. In the Azure portal, on the BenefitHub application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type the value: urn:benefithub:passport
b. In the Reply URL text box, type the value: https://passport.benefithub.info/saml/post/ac
5. BenefitHub application expects the SAML assertions in a specific format. Configure the following claims for
organizationid < organizationid >
NOTE
This attribute value is not real. Update this value with actual organizationid. Contact BenefitHub support team to get
the actual organizationid.
f. Click Ok
g. Click Save.
NOTE
Before you can configure the SAML assertion, you need to contact your BenefitHub support and request the value of
the unique identifier attribute for your tenant. You need this value to configure the custom claim for your application.
8. On the Set up BenefitHub section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure BenefitHub Single Sign-On
To configure single sign-on on BenefitHub side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to BenefitHub support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to BenefitHub.
1. In the Azure portal, select Enterprise Applications, select All applications, then select BenefitHub.
2. In the applications list, select BenefitHub.

Create BenefitHub test user
In this section, you create a user called Britta Simon in BenefitHub. Work with BenefitHub support team to add the
users in the BenefitHub platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the BenefitHub tile in the Access Panel, you should be automatically signed in to the BenefitHub for
Benefitsolver
In this tutorial, you learn how to integrate Benefitsolver with Azure Active Directory (Azure AD ). Integrating
Benefitsolver with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Benefitsolver.
You can enable your users to be automatically signed-in to Benefitsolver (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Benefitsolver, you need the following items:
Benefitsolver single sign-on enabled subscription
Benefitsolver supports SP initiated SSO
Adding Benefitsolver from the gallery

To configure the integration of Benefitsolver into Azure AD, you need to add Benefitsolver from the gallery to your
To add Benefitsolver from the gallery, perform the following steps:
4. In the search box, type Benefitsolver, select Benefitsolver from result panel then click Add button to add
the application.

In this section, you configure and test Azure AD single sign-on with Benefitsolver based on a test user called Britta
Benefitsolver needs to be established.
To configure and test Azure AD single sign-on with Benefitsolver, you need to complete the following building
blocks:
2. Configure Benefitsolver Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Benefitsolver test user - to have a counterpart of Britta Simon in Benefitsolver that is linked to the
To configure Azure AD single sign-on with Benefitsolver, perform the following steps:
1. In the Azure portal, on the Benefitsolver application integration page, select Single sign-on.
dialog.

a. In the Sign-on URL text box, type a URL using the following pattern:
http://<companyname>.benefitsolver.com
b. In the Identifier box, type a URL using the following pattern:

https://<companyname>.benefitsolver.com/saml20
c. In the Reply URL text box, type the URL using the following pattern:
https://www.benefitsolver.com/benefits/BenefitSolverView?page_name=single_signon_saml
NOTE
These values are not real. Update these values with the actual Sign-On URL, Identifier and Reply URL. Contact
Benefitsolver Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
5. Benefitsolver application expects the SAML assertions in a specific format. Configure the following claims
ClientID You need to get this value from your Benefitsolver Client
support team.
ClientKey You need to get this value from your Benefitsolver Client
support team.
LogoutURL You need to get this value from your Benefitsolver Client
support team.
EmployeeID You need to get this value from your Benefitsolver Client
support team.
f. Click Ok
g. Click Save.
8. On the Set up Benefitsolver section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Benefitsolver Single Sign-On
To configure single sign-on on Benefitsolver side, you need to send the downloaded Metadata XML and
appropriate copied URLs from Azure portal to Benefitsolver support team. They set this setting to have the SAML
NOTE
Your Benefitsolver support team has to do the actual SSO configuration. You will get a notification when SSO has been
enabled for your subscription.



d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Benefitsolver.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Benefitsolver.
2. In the applications list, select Benefitsolver.

Create Benefitsolver test user
In this section, you create a user called Britta Simon in Benefitsolver. Work with Benefitsolver support team to add
the users in the Benefitsolver platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Benefitsolver tile in the Access Panel, you should be automatically signed in to the Benefitsolver
Tutorial: Integrate BenSelect with Azure Active
Directory
In this tutorial, you'll learn how to integrate BenSelect with Azure Active Directory (Azure AD ). When you integrate
BenSelect with Azure AD, you can:
Control in Azure AD who has access to BenSelect.
Enable your users to be automatically signed-in to BenSelect with their Azure AD accounts.
Prerequisites
BenSelect single sign-on (SSO ) enabled subscription.
BenSelect supports IDP initiated SSO
Adding BenSelect from the gallery

To configure the integration of BenSelect into Azure AD, you need to add BenSelect from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type BenSelect in the search box.
6. Select BenSelect from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.

Configure and test Azure AD SSO with BenSelect using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in BenSelect.
To configure and test Azure AD SSO with BenSelect, complete the following building blocks:
2. Configure BenSelect SSO - to configure the Single Sign-On settings on application side.
5. Create BenSelect test user - to have a counterpart of B.Simon in BenSelect that is linked to the Azure AD
1. In the Azure portal, on the BenSelect application integration page, find the Manage section and select
Single sign-on.
https://www.benselect.com/enroll/login.aspx?Path=<tenant name>
NOTE
The value is not real. Update the value with the actual Reply URL. Contact BenSelect Client support team to get the
5. BenSelect application expects the SAML assertions in a specific format. Configure the following claims for
6. Click on the Edit icon to edit the Name identifier value.

7. On the Manage user claims section, perform the following steps:
a. Select Transformation as a Source.

b. In the Transformation dropdown list, select ExtractMailPrefix().
c. In the Parameter 1 dropdown list, select user.userprincipalname.
d. Click Save.
Certificate (Raw) and select Download to download the certificate and save it on your computer.
9. On the Set up BenSelect section, copy the appropriate URL (s) based on your requirement.
Configure BenSelect SSO

To configure single sign-on on BenSelect side, you need to send the downloaded Certificate(Raw) and
appropriate copied URLs from Azure portal to BenSelect support team. They set this setting to have the SAML
NOTE
You need to mention that this integration requires the SHA256 algorithm (SHA1 is not supported) to set the SSO on the
appropriate server like app2101 etc.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to BenSelect.
2. In the applications list, select BenSelect.
Create BenSelect test user
In this section, you create a user called Britta Simon in BenSelect. Work with BenSelect support team to add the
users in the BenSelect platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the BenSelect tile in the Access Panel, you should be automatically signed in to the BenSelect for
Bersin
In this tutorial, you learn how to integrate Bersin with Azure Active Directory (Azure AD ). Integrating Bersin with
You can control in Azure AD who has access to Bersin.
You can enable your users to be automatically signed-in to Bersin (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Bersin, you need the following items:
Bersin single sign-on enabled subscription
Bersin supports SP and IDP initiated SSO
Adding Bersin from the gallery

To configure the integration of Bersin into Azure AD, you need to add Bersin from the gallery to your list of
managed SaaS apps.
To add Bersin from the gallery
4. In the search box, type Bersin, select Bersin from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Bersin based on a test user called Britta
Simon For single sign-on to work, a link relationship between an Azure AD user and the related user in Bersin
To configure and test Azure AD single sign-on with Bersin, you need to complete the following building blocks:
2. Configure Bersin Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Bersin test user - to have a counterpart of Britta Simon in Bersin that is linked to the Azure AD
To configure Azure AD single sign-on with Bersin, do the following steps:
1. In the Azure portal, on the Bersin application integration page, select Single sign-on.
dialog.
do the following step:
a. In the Identifier text box, type a URL using the following pattern: https://www.bersin.com/shibboleth
b. Click Set additional URLs.

c. In the Relay State text box, type a URL using the following pattern: https://www.bersin.com/secure/
5. Click Set additional URLs and do the following steps if you wish to configure the application in SP
initiated mode:
In the Sign-on URL text box, type a URL using the following pattern: https://www.bersin.com/Login.aspx
7. On the Set up Bersin section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Bersin Single Sign-On
To configure single sign-on on Bersin side, send the downloaded Federation Metadata XML and appropriate
copied URLs from Azure portal to Bersin support team. They set this setting to have the SAML SSO connection
set properly on both sides.
3. In the User properties, do the following steps.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Bersin.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Bersin.
2. In the applications list, select Bersin.
6. If you're expecting any role value in the SAML assertion, then in the Select Role dialog, select the
appropriate role for the user from the list. Click the Select button at the bottom of the screen.
Create Bersin test user
In this section, you create a user called Britta Simon in Bersin. Work with the Bersin support team to add the users
in the Bersin platform or the domain that must be added to an allow list for the Bersin platform. If the domain is
added by the team, users will get automatically provisioned to the Bersin platform. Users must be created and
Test single sign-on
When you click the Bersin tile in the Access Panel, you should be automatically signed in to the Bersin for which
integration with BetterWorks
In this tutorial, you'll learn how to integrate BetterWorks with Azure Active Directory (Azure AD ). When you
integrate BetterWorks with Azure AD, you can:
Control in Azure AD who has access to BetterWorks.
Enable your users to be automatically signed-in to BetterWorks with their Azure AD accounts.
Prerequisites
BetterWorks single sign-on (SSO ) enabled subscription.
BetterWorks supports SP and IDP initiated SSO
NOTE
Adding BetterWorks from the gallery

To configure the integration of BetterWorks into Azure AD, you need to add BetterWorks from the gallery to your
5. In the Add from the gallery section, type BetterWorks in the search box.
6. Select BetterWorks from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for BetterWorks

Configure and test Azure AD SSO with BetterWorks using a test user called B.Simon. For SSO to work, you need
to establish a link relationship between an Azure AD user and the related user in BetterWorks.
To configure and test Azure AD SSO with BetterWorks, complete the following building blocks:
2. Configure BetterWorks SSO - to configure the single sign-on settings on application side.
a. Create BetterWorks test user - to have a counterpart of B.Simon in BetterWorks that is linked to the

1. In the Azure portal, on the BetterWorks application integration page, find the Manage section and select
single sign-on.
edit the settings.
a. In the Identifier text box, type a URL: https://app.betterworks.com/saml2/metadata/
b. In the Reply URL text box, type a URL: https://app.betterworks.com/saml2/acs/
initiated mode:
In the Sign-on URL text box, type a URL: https://app.betterworks.com
computer.
7. On the Set up BetterWorks section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to BetterWorks.
2. In the applications list, select BetterWorks.
Configure BetterWorks SSO

To configure single sign-on on BetterWorks side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to BetterWorks support team. They set this setting to have the
Create BetterWorks test user
In this section, you create a user called Britta Simon in BetterWorks. Work with BetterWorks support team to add
the users in the BetterWorks platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the BetterWorks tile in the Access Panel, you should be automatically signed in to the BetterWorks
Try BetterWorks with Azure AD
Tutorial: Azure Active Directory integration with BGS
Online
In this tutorial, you learn how to integrate BGS Online with Azure Active Directory (Azure AD ). Integrating BGS
Online with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to BGS Online.
You can enable your users to be automatically signed-in to BGS Online (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with BGS Online, you need the following items:
BGS Online single sign-on enabled subscription
BGS Online supports IDP initiated SSO
Adding BGS Online from the gallery

To configure the integration of BGS Online into Azure AD, you need to add BGS Online from the gallery to your
To add BGS Online from the gallery, perform the following steps:
4. In the search box, type BGS Online, select BGS Online from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with BGS Online based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in BGS
Online needs to be established.
To configure and test Azure AD single sign-on with BGS Online, you need to complete the following building
blocks:
2. Configure BGS Online Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create BGS Online test user - to have a counterpart of Britta Simon in BGS Online that is linked to the Azure
To configure Azure AD single sign-on with BGS Online, perform the following steps:
1. In the Azure portal, on the BGS Online application integration page, select Single sign-on.
dialog.
a. In the Identifier textbox, type a URL using the following pattern:
For production environment, use this pattern https://<company name>.millwardbrown.report
For test environment, use this pattern https://millwardbrown.marketingtracker.nl/mt5/
b. In the Reply URL textbox, type a URL using the following pattern:
For production environment, use this pattern
https://<company name>.millwardbrown.report/sso/saml/AssertionConsumerService.aspx
For test environment, use this pattern

https://millwardbrown.marketingtracker.nl/mt5/sso/saml/AssertionConsumerService.aspx
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact BGS Online support
team to get these values.
6. On the Set up BGS Online section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure BGS Online Single Sign-On
To configure single sign-on on BGS Online side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to BGS Online support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to BGS Online.
1. In the Azure portal, select Enterprise Applications, select All applications, then select BGS Online.
2. In the applications list, select BGS Online.

Create BGS Online test user
In this section, you create a user called Britta Simon in BGS Online. Work with BGS Online support team to add
the users in the BGS Online platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the BGS Online tile in the Access Panel, you should be automatically signed in to the BGS Online
Tutorial: Azure Active Directory integration with Bime
In this tutorial, you learn how to integrate Bime with Azure Active Directory (Azure AD ). Integrating Bime with
You can control in Azure AD who has access to Bime.
You can enable your users to be automatically signed-in to Bime (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Bime, you need the following items:
Bime single sign-on enabled subscription
Bime supports SP initiated SSO
Adding Bime from the gallery

To configure the integration of Bime into Azure AD, you need to add Bime from the gallery to your list of managed
SaaS apps.
To add Bime from the gallery, perform the following steps:
4. In the search box, type Bime, select Bime from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Bime based on a test user called Britta Simon.
For single sign-on to work, a link relationship between an Azure AD user and the related user in Bime needs to be
established.
To configure and test Azure AD single sign-on with Bime, you need to complete the following building blocks:
2. Configure Bime Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Bime test user - to have a counterpart of Britta Simon in Bime that is linked to the Azure AD
To configure Azure AD single sign-on with Bime, perform the following steps:
1. In the Azure portal, on the Bime application integration page, select Single sign-on.
dialog.

a. In the Sign on URL text box, type a URL using the following pattern: https://<tenant-name>.Bimeapp.com
https://<tenant-name>.Bimeapp.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Bime Client
7. On the Set up Bime section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Bime Single Sign-On
1. In a different web browser window, log into your Bime company site as an administrator.
2. In the toolbar, click Admin, and then Account.
3. On the account configuration page, perform the following steps:
a. Select Enable SAML authentication.

b. In the Remote Login URL textbox, paste the value of Login URL, which you have copied from Azure
portal.
c. In the Certificate Fingerprint textbox, paste the THUMBPRINT value which you have copied from
Azure portal.
d. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Bime.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Bime.
2. In the applications list, select Bime.
Create Bime test user
In order to enable Azure AD users to log in to Bime, they must be provisioned into Bime. In the case of Bime,
1. Log in to your Bime tenant.
2. In the toolbar, click Admin, and then Users.
3. In the Users List, click Add New User (“+”).
4. On the User Details dialog page, perform the following steps:
a. In the First name textbox, enter the first name of user like Britta.
b. In the Last name textbox, enter the last name of user like Simon.
c. In the Email textbox, enter the email of user like brittasimon@contoso.com.
d. Click Save.
NOTE
You can use any other Bime user account creation tools or APIs provided by Bime to provision Azure AD user accounts.
Test single sign-on
When you click the Bime tile in the Access Panel, you should be automatically signed in to the Bime for which you
Tutorial: Azure Active Directory integration with Birst
Agile Business Analytics
In this tutorial, you learn how to integrate Birst Agile Business Analytics with Azure Active Directory (Azure AD ).
Integrating Birst Agile Business Analytics with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Birst Agile Business Analytics.
You can enable your users to be automatically signed-in to Birst Agile Business Analytics (Single Sign-On) with
you begin.
Prerequisites
To configure Azure AD integration with Birst Agile Business Analytics, you need the following items:
Birst Agile Business Analytics single sign-on enabled subscription
Birst Agile Business Analytics supports SP initiated SSO
Adding Birst Agile Business Analytics from the gallery

To configure the integration of Birst Agile Business Analytics into Azure AD, you need to add Birst Agile Business
Analytics from the gallery to your list of managed SaaS apps.
To add Birst Agile Business Analytics from the gallery, perform the following steps:
4. In the search box, type Birst Agile Business Analytics, select Birst Agile Business Analytics from result

In this section, you configure and test Azure AD single sign-on with Birst Agile Business Analytics based on a test
user in Birst Agile Business Analytics needs to be established.
To configure and test Azure AD single sign-on with Birst Agile Business Analytics, you need to complete the
2. Configure Birst Agile Business Analytics Single Sign-On - to configure the Single Sign-On settings on
application side.
5. Create Birst Agile Business Analytics test user - to have a counterpart of Britta Simon in Birst Agile
Business Analytics that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with Birst Agile Business Analytics, perform the following steps:
1. In the Azure portal, on the Birst Agile Business Analytics application integration page, select Single sign-
on.
dialog.

In the Sign-on URL textbox, type a URL using the following pattern:
https://login.bws.birst.com/SAMLSSO/Services.aspx?birst.idpid=TENANTIDPID
The URL depends on the datacenter that your Birst account is located:
For US datacenter use following the pattern:
https://login.bws.birst.com/SAMLSSO/Services.aspx?birst.idpid=TENANTIDPID
For Europe datacenter use the following pattern:

https://login.eu1.birst.com/SAMLSSO/Services.aspx?birst.idpid=TENANTIDPID
NOTE
This value is not real. Update the value with the actual Sign-On URL. Contact Birst Agile Business Analytics
Client support team to get the value.
6. On the Set up Birst Agile Business Analytics section, copy the appropriate URL (s) as per your
requirement.
a. Login URL
c. Logout URL
Configure Birst Agile Business Analytics Single Sign-On
To configure single sign-on on Birst Agile Business Analytics side, you need to send the downloaded Certificate
(Base64) and appropriate copied URLs from Azure portal to Birst Agile Business Analytics support team. They set
NOTE
Mention to Birst team that this integration needs SHA256 Algorithm (SHA1 will not be supported) so that they can set the
SSO on the appropriate server like app2101 etc.


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Birst Agile Business
Analytics.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Birst Agile
Business Analytics.
2. In the applications list, select Birst Agile Business Analytics.

Create Birst Agile Business Analytics test user
In this section, you create a user called Britta Simon in Birst Agile Business Analytics. Work with Birst Agile
Business Analytics support team to add the users in the Birst Agile Business Analytics platform. Users must be
created and activated before you use single sign-on.
Test single sign-on
When you click the Birst Agile Business Analytics tile in the Access Panel, you should be automatically signed in to
the Birst Agile Business Analytics for which you set up SSO. For more information about the Access Panel, see
integration with BIS
In this tutorial, you'll learn how to integrate BIS with Azure Active Directory (Azure AD ). When you integrate BIS
Control in Azure AD who has access to BIS.
Enable your users to be automatically signed-in to BIS with their Azure AD accounts.
Prerequisites
BIS single sign-on (SSO ) enabled subscription.
BIS supports SP initiated SSO
BIS supports Just In Time user provisioning
NOTE
Adding BIS from the gallery

To configure the integration of BIS into Azure AD, you need to add BIS from the gallery to your list of managed
SaaS apps.
5. In the Add from the gallery section, type BIS in the search box.
6. Select BIS from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
Configure and test Azure AD single sign-on for BIS

Configure and test Azure AD SSO with BIS using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in BIS.
To configure and test Azure AD SSO with BIS, complete the following building blocks:
2. Configure BIS SSO - to configure the single sign-on settings on application side.
a. Create BIS test user - to have a counterpart of B.Simon in BIS that is linked to the Azure AD

1. In the Azure portal, on the BIS application integration page, find the Manage section and select single
sign-on.
edit the settings.
In the Sign-on URL text box, type a URL: https://www.bistrainer.com/sso/biscr.cfm
computer.
6. On the Set up BIS section, copy the appropriate URL (s) based on your requirement.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to BIS.
2. In the applications list, select BIS.
Configure BIS SSO

To configure single sign-on on BIS side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to BIS support team. They set this setting to have the SAML SSO
Create BIS test user
In this section, a user called B.Simon is created in BIS. BIS supports just-in-time user provisioning, which is
enabled by default. There is no action item for you in this section. If a user doesn't already exist in BIS, a new one is
created after authentication.
Test SSO
When you click the BIS tile in the Access Panel, you should be automatically signed in to the BIS for which you set
up SSO. For more information about the Access Panel, see Introduction to the Access Panel.
Try BIS with Azure AD
BitaBIZ
In this tutorial, you learn how to integrate BitaBIZ with Azure Active Directory (Azure AD ). Integrating BitaBIZ with
You can control in Azure AD who has access to BitaBIZ.
You can enable your users to be automatically signed-in to BitaBIZ (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with BitaBIZ, you need the following items:
BitaBIZ single sign-on enabled subscription
BitaBIZ supports SP and IDP initiated SSO
Adding BitaBIZ from the gallery

To configure the integration of BitaBIZ into Azure AD, you need to add BitaBIZ from the gallery to your list of
managed SaaS apps.
To add BitaBIZ from the gallery, perform the following steps:
4. In the search box, type BitaBIZ, select BitaBIZ from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with BitaBIZ based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in BitaBIZ
To configure and test Azure AD single sign-on with BitaBIZ, you need to complete the following building blocks:
2. Configure BitaBIZ Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create BitaBIZ test user - to have a counterpart of Britta Simon in BitaBIZ that is linked to the Azure AD
To configure Azure AD single sign-on with BitaBIZ, perform the following steps:
1. In the Azure portal, on the BitaBIZ application integration page, select Single sign-on.
dialog.
perform the following step:
In the Identifier text box, type a URL using the following pattern: https://www.bitabiz.com/<instanceId>
NOTE
The value in the above URL is for demonstration only. Update the value with the actual identifier, which is explained
initiated mode:
In the Sign-on URL text box, type the URL: https://www.bitabiz.com/dashboard
7. On the Set up BitaBIZ section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure BitaBIZ Single Sign-On
1. In a different web browser window, sign-on to your BitaBIZ tenant as an administrator.
2. Click on SETUP ADMIN.
3. Click on Microsoft integrations under Add value section.
4. Scroll down to the section Microsoft Azure AD (Enable single sign on) and perform following steps:
a. Copy the value from the Entity ID (”Identifier” in Azure AD ) textbox and paste it into the Identifier
textbox on the Basic SAML Configuration section in Azure portal.
b. In the Azure AD Single Sign-On Service URL textbox, paste Login URL, which you have copied from
Azure portal.
c. In the Azure AD SAML Entity ID textbox, paste Azure Ad Identifier, which you have copied from
Azure portal.
d. Open your downloaded Certificate(Base64) file in notepad, copy the content of it into your clipboard,
and then paste it to the Azure AD Signing Certificate (Base64 encoded) textbox.
e. Add your business e-mail domain name that is, mycompany.com in Domain name textbox to assign
SSO to the users in your company with this email domain (NOT MANDATORY ).
f. Mark SSO enabled the BitaBIZ account.
g. Click Save Azure AD configuration to save and activate the SSO configuration.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to BitaBIZ.
1. In the Azure portal, select Enterprise Applications, select All applications, then select BitaBIZ.
2. In the applications list, select BitaBIZ.

Create BitaBIZ test user
To enable Azure AD users to log in to BitaBIZ, they must be provisioned into BitaBIZ.
In the case of BitaBIZ, provisioning is a manual task.
1. Log in to your BitaBIZ company site as an administrator.
2. Click on SETUP ADMIN.
3. Click on Add users under Organization section.
4. Click Add new employee.
5. On the Add new employee dialog page, perform the following steps:
a. In the First Name textbox, type the first name of user like Britta.
b. In the Last Name textbox, type the last name of user like Simon.
c. In the Email textbox, type the email address of user like Brittasimon@contoso.com.
d. Select a date in Date of employment.
e. There are other non-mandatory user attributes which can be set up for the user. Please refer the
Employee Setup Doc for more details.
f. Click Save employee.
NOTE
The Azure Active Directory account holder receives an email and follows a link to confirm their account before it
becomes active.
Test single sign-on

When you click the BitaBIZ tile in the Access Panel, you should be automatically signed in to the BitaBIZ for which
integration with Bitly
In this tutorial, you'll learn how to integrate Bitly with Azure Active Directory (Azure AD ). When you integrate Bitly
Control in Azure AD who has access to Bitly.
Enable your users to be automatically signed-in to Bitly with their Azure AD accounts.
Prerequisites
Bitly single sign-on (SSO ) enabled subscription.
Bitly supports SP and IDP initiated SSO
Bitly supports Just In Time user provisioning
Adding Bitly from the gallery

To configure the integration of Bitly into Azure AD, you need to add Bitly from the gallery to your list of managed
SaaS apps.
5. In the Add from the gallery section, type Bitly in the search box.
6. Select Bitly from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
Configure and test Azure AD single sign-on for Bitly

Configure and test Azure AD SSO with Bitly using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Bitly.
To configure and test Azure AD SSO with Bitly, complete the following building blocks:
2. Configure Bitly SSO - to configure the single sign-on settings on application side.
a. Create Bitly test user - to have a counterpart of B.Simon in Bitly that is linked to the Azure AD

1. In the Azure portal, on the Bitly application integration page, find the Manage section and select single
sign-on.
edit the settings.
https://bitly.com/sso/<subdomain>/metadata
https://bitly.com/sso/<subdomain>?acs
initiated mode:
In the Sign-on URL text box, type a URL using the following pattern: https://bitly.com/sso/<subdomain>
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact Bitly
6. On the Set up single sign-on with SAML page, In the SAML Signing Certificate section, click copy
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Bitly.
2. In the applications list, select Bitly.
Configure Bitly SSO

To configure single sign-on on Bitly side, you need to send the App Federation Metadata Url to Bitly support
Create Bitly test user
In this section, a user called Britta Simon is created in Bitly. Bitly supports just-in-time user provisioning, which is
enabled by default. There is no action item for you in this section. If a user doesn't already exist in Bitly, a new one
Test SSO
When you click the Bitly tile in the Access Panel, you should be automatically signed in to the Bitly for which you
Try Bitly with Azure AD
integration with Blackboard Learn
In this tutorial, you'll learn how to integrate Blackboard Learn with Azure Active Directory (Azure AD ). When you
integrate Blackboard Learn with Azure AD, you can:
Control in Azure AD who has access to Blackboard Learn.
Enable your users to be automatically signed-in to Blackboard Learn with their Azure AD accounts.
Prerequisites
Blackboard Learn single sign-on (SSO ) enabled subscription.
Blackboard Learn supports SP initiated SSO
Blackboard Learn supports Just In Time user provisioning
Adding Blackboard Learn from the gallery

To configure the integration of Blackboard Learn into Azure AD, you need to add Blackboard Learn from the
5. In the Add from the gallery section, type Blackboard Learn in the search box.
6. Select Blackboard Learn from results panel and then add the app. Wait a few seconds while the app is added
to your tenant.
Configure and test Azure AD single sign-on for Blackboard Learn

Configure and test Azure AD SSO with Blackboard Learn using a test user called B.Simon. For SSO to work, you
need to establish a link relationship between an Azure AD user and the related user in Blackboard Learn.
To configure and test Azure AD SSO with Blackboard Learn, complete the following building blocks:
2. Configure Blackboard Learn SSO - to configure the single sign-on settings on application side.
a. Create Blackboard Learn test user - to have a counterpart of B.Simon in Blackboard Learn that is

1. In the Azure portal, on the Blackboard Learn application integration page, find the Manage section and
edit the settings.
https://<subdomain>.blackboard.com/
https://<subdomain>.blackboard.com/auth-saml/saml/SSO/entity-id/SAML_AD
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Blackboard Learn
computer.
6. On the Set up Blackboard Learn section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Blackboard Learn.
2. In the applications list, select Blackboard Learn.
Configure Blackboard Learn SSO

To configure single sign-on on Blackboard Learn side, follow the link. If you are facing any problem while
configuring, contact Blackboard Learn support team.
Create Blackboard Learn test user
In this section, you create a user called Britta Simon in Blackboard Learn. Blackboard Learn application support just
in time user provisioning. Make sure that you have configured the claims as described in the section Configuring
Azure AD Single Sign-On.
Test SSO
When you click the Blackboard Learn tile in the Access Panel, you should be automatically signed in to the
Blackboard Learn for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Try Blackboard Learn with Azure AD
Blackboard Learn - Shibboleth
In this tutorial, you learn how to integrate Blackboard Learn - Shibboleth with Azure Active Directory (Azure AD ).
Integrating Blackboard Learn - Shibboleth with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Blackboard Learn - Shibboleth.
You can enable your users to be automatically signed-in to Blackboard Learn - Shibboleth (Single Sign-On)
you begin.
Prerequisites
To configure Azure AD integration with Blackboard Learn - Shibboleth, you need the following items:
Blackboard Learn - Shibboleth single sign-on enabled subscription
Blackboard Learn - Shibboleth supports SP initiated SSO
Adding Blackboard Learn - Shibboleth from the gallery

To configure the integration of Blackboard Learn - Shibboleth into Azure AD, you need to add Blackboard Learn -
Shibboleth from the gallery to your list of managed SaaS apps.
To add Blackboard Learn - Shibboleth from the gallery, perform the following steps:
4. In the search box, type Blackboard Learn - Shibboleth, select Blackboard Learn - Shibboleth from

In this section, you configure and test Azure AD single sign-on with Blackboard Learn - Shibboleth based on a test
user in Blackboard Learn - Shibboleth needs to be established.
To configure and test Azure AD single sign-on with Blackboard Learn - Shibboleth, you need to complete the
2. Configure Blackboard Learn - Shibboleth Single Sign-On - to configure the Single Sign-On settings on
application side.
5. Create Blackboard Learn - Shibboleth test user - to have a counterpart of Britta Simon in Blackboard Learn
- Shibboleth that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with Blackboard Learn - Shibboleth, perform the following steps:
1. In the Azure portal, on the Blackboard Learn - Shibboleth application integration page, select Single
sign-on.
dialog.

https://<yourblackoardlearnserver>.blackboardlearn.com/Shibboleth.sso/Login

https://<yourblackoardlearnserver>.blackboardlearn.com/shibboleth-sp
c. In the Reply URL text box, type a URL using the following pattern:
https://<yourblackoardlearnserver>.blackboardlearn.com/Shibboleth.sso/SAML2/POST
NOTE
Blackboard Learn - Shibboleth Client support team to get these values. You can also refer to the patterns shown in
the Basic SAML Configuration section in the Azure portal.
6. On the Set up Blackboard Learn - Shibboleth section, copy the appropriate URL (s) as per your
requirement.
a. Login URL
c. Logout URL
Configure Blackboard Learn - Shibboleth Single Sign-On
To configure single sign-on on Blackboard Learn - Shibboleth side, you need to send the downloaded
Federation Metadata XML and appropriate copied URLs from Azure portal to Blackboard Learn - Shibboleth

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Blackboard Learn -
Shibboleth.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Blackboard Learn
- Shibboleth.
2. In the applications list, select Blackboard Learn - Shibboleth.

Create Blackboard Learn - Shibboleth test user
In this section, you create a user called Britta Simon in Blackboard Learn - Shibboleth. Work with Blackboard Learn
- Shibboleth support team to add the users in the Blackboard Learn - Shibboleth platform. Users must be created
Test single sign-on
When you click the Blackboard Learn - Shibboleth tile in the Access Panel, you should be automatically signed in to
the Blackboard Learn - Shibboleth for which you set up SSO. For more information about the Access Panel, see
integration with Blink
In this tutorial, you'll learn how to integrate Blink with Azure Active Directory (Azure AD ). When you integrate
Blink with Azure AD, you can:
Control in Azure AD who has access to Blink.
Enable your users to be automatically signed-in to Blink with their Azure AD accounts.
Prerequisites
Blink single sign-on (SSO ) enabled subscription.
Blink supports SP initiated SSO
Blink supports Just In Time user provisioning
Adding Blink from the gallery

To configure the integration of Blink into Azure AD, you need to add Blink from the gallery to your list of managed
SaaS apps.
5. In the Add from the gallery section, type Blink in the search box.
6. Select Blink from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
Configure and test Azure AD single sign-on for Blink

Configure and test Azure AD SSO with Blink using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Blink.
To configure and test Azure AD SSO with Blink, complete the following building blocks:
2. Configure Blink SSO - to configure the Single Sign-On settings on application side.
a. Create Blink test user - to have a counterpart of B.Simon in Blink that is linked to the Azure AD

1. In the Azure portal, on the Blink application integration page, find the Manage section and select single
sign-on.
a. In the Sign on URL text box, type a URL using one of the following pattern:
https://app.joinblink.com
https://<SUBDOMAIN>.joinblink.com
https://api.joinblink.com/saml/o-<TENANTID>
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Blink Client support
Azure portal.
5. Blink Meetings application expects the SAML assertions in a specific format, which requires you to add
6. In addition to above, Blink Meetings application expects few more attributes to be passed back in SAML
second_name user.surname
email user.mail
f. Click Save.
computer.
8. On the Set up Blink section, copy the appropriate URL (s) based on your requirement.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Blink.
2. In the applications list, select Blink.
Configure Blink SSO

To configure single sign-on on Blink side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to Blink support team. They set this setting to have the SAML SSO
Create Blink test user
In this section, a user called Britta Simon is created in Blink. Blink supports just-in-time user provisioning, which is
enabled by default. There is no action item for you in this section. If a user doesn't already exist in Blink, a new one
Test SSO
When you click the Blink tile in the Access Panel, you should be automatically signed in to the Blink for which you
Try Slack with Azure AD
integration with Blue Access for Members (BAM)
In this tutorial, you'll learn how to integrate Blue Access for Members (BAM ) with Azure Active Directory (Azure
AD ). When you integrate Blue Access for Members (BAM ) with Azure AD, you can:
Control in Azure AD who has access to Blue Access for Members (BAM ).
Enable your users to be automatically signed-in to Blue Access for Members (BAM ) with their Azure AD
accounts.
Prerequisites
Blue Access for Members (BAM ) single sign-on (SSO ) enabled subscription.
Blue Access for Members (BAM ) supports IDP initiated SSO
Adding Blue Access for Members (BAM) from the gallery

To configure the integration of Blue Access for Members (BAM ) into Azure AD, you need to add Blue Access for
Members (BAM ) from the gallery to your list of managed SaaS apps.
5. In the Add from the gallery section, type Blue Access for Members (BAM ) in the search box.
6. Select Blue Access for Members (BAM ) from results panel and then add the app. Wait a few seconds while
the app is added to your tenant.
Configure and test Azure AD single sign-on for Blue Access for
Members (BAM)
Configure and test Azure AD SSO with Blue Access for Members (BAM ) using a test user called B.Simon. For
SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Blue
Access for Members (BAM ).
To configure and test Azure AD SSO with Blue Access for Members (BAM ), complete the following building blocks:
2. Configure Blue Access for Members (BAM ) SSO - to configure the single sign-on settings on application
side.
Create Blue Access for Members (BAM ) test user - to have a counterpart of B.Simon in Blue Access
for Members (BAM ) that is linked to the Azure AD representation of user.

1. In the Azure portal, on the Blue Access for Members (BAM ) application integration page, find the
Manage section and select single sign-on.
edit the settings.
a. In the Identifier text box, type a URL using the following pattern: <Custom Domain Value>
https://<CUSTOMURL>/affwebservices/public/saml2assertionconsumer

https://<CUSTOMURL>/BAMSSOServlet/sso/BamInboundSsoServlet
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Relay State. Contact Blue
Access for Members (BAM) Client support team to get these values. You can also refer to the patterns shown in the
5. Blue Access for Members (BAM ) application expects the SAML assertions in a specific format, which
requires you to add custom attribute mappings to your SAML token attributes configuration. The following
screenshot shows the list of default attributes.
6. In addition to above, Blue Access for Members (BAM ) application expects few more attributes to be passed
back in SAML response which are shown below. These attributes are also pre populated but you can review
them as per your requirements.
ClientID <ClientID>
UID <UID>
computer.
8. On the Set up Blue Access for Members (BAM ) section, copy the appropriate URL (s) based on your
requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Blue Access for Members
(BAM ).
2. In the applications list, select Blue Access for Members (BAM ).
Configure Blue Access for Members (BAM) SSO

To configure single sign-on on Blue Access for Members (BAM ) side, you need to send the downloaded
Federation Metadata XML and appropriate copied URLs from Azure portal to Blue Access for Members (BAM )
Create Blue Access for Members (BAM ) test user
In this section, you create a user called B.Simon in Blue Access for Members (BAM ). Work with Blue Access for
Members (BAM ) support team to add the users in the Blue Access for Members (BAM ) platform. Users must be
Test SSO
When you click the Blue Access for Members (BAM ) tile in the Access Panel, you should be automatically signed in
to the Blue Access for Members (BAM ) for which you set up SSO. For more information about the Access Panel,
see Introduction to the Access Panel.
Try Blue Access for Members (BAM ) with Azure AD
integration with BlueJeans for Azure AD
In this tutorial, you'll learn how to integrate BlueJeans for Azure AD with Azure Active Directory (Azure AD ). When
you integrate BlueJeans for Azure AD with Azure AD, you can:
Control in Azure AD who has access to BlueJeans for Azure AD.
Enable your users to be automatically signed-in to BlueJeans for Azure AD with their Azure AD accounts.
Prerequisites
BlueJeans for Azure AD single sign-on (SSO ) enabled subscription.
BlueJeans for Azure AD supports SP initiated SSO
BlueJeans for Azure AD supports Automated user provisioning
NOTE
Adding BlueJeans for Azure AD from the gallery

To configure the integration of BlueJeans for Azure AD into Azure AD, you need to add BlueJeans for Azure AD
5. In the Add from the gallery section, type BlueJeans for Azure AD in the search box.
6. Select BlueJeans for Azure AD from results panel and then add the app. Wait a few seconds while the app is
Configure and test Azure AD single sign-on for BlueJeans for Azure AD
Configure and test Azure AD SSO with BlueJeans for Azure AD using a test user called B.Simon. For SSO to
work, you need to establish a link relationship between an Azure AD user and the related user in BlueJeans for
Azure AD.
To configure and test Azure AD SSO with BlueJeans for Azure AD, complete the following building blocks:
2. Configure BlueJeans for Azure AD SSO - to configure the single sign-on settings on application side.
a. Create BlueJeans for Azure AD test user - to have a counterpart of B.Simon in BlueJeans for Azure
AD that is linked to the Azure AD representation of user.

1. In the Azure portal, on the BlueJeans for Azure AD application integration page, find the Manage section
edit the settings.
In the Sign-on URL text box, type a URL using the following pattern: https://<companyname>.bluejeans.com
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact BlueJeans for Azure AD Client support
Azure portal.
6. On the Set up BlueJeans for Azure AD section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to BlueJeans for Azure AD.
2. In the applications list, select BlueJeans for Azure AD.
Configure BlueJeans for Azure AD SSO

1. In a different web browser window, sign in to your BlueJeans for Azure AD company site as an
administrator.
2. Go to ADMIN > GROUP SETTINGS > SECURITY.
3. In the SECURITY section, perform the following steps:

a. Select SAML Single Sign On.
b. Select Enable automatic provisioning.
4. Move on with the following steps:
a. Click Choose File, to upload the base-64 encoded certificate that you have downloaded from the Azure
portal.
b. In the Login URL textbox, paste the value of Login URL which you have copied from Azure portal.
c. In the Password Change URL textbox, paste the value of Change Password URL which you have
d. In the Logout URL textbox, paste the value of Logout URL which you have copied from Azure portal.
5. Move on with the following steps:
a. In the User Id textbox, type http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name .
b. In the Email textbox, type http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name .
c. Click SAVE CHANGES.
Create BlueJeans for Azure AD test user
The objective of this section is to create a user called B.Simon in BlueJeans for Azure AD. BlueJeans for Azure AD
supports automatic user provisioning, which is by default enabled. You can find more details here on how to
configure automatic user provisioning.
If you need to create user manually, perform following steps:
1. Sign in to your BlueJeans for Azure AD company site as an administrator.
2. Go to ADMIN > MANAGE USERS > ADD USER.
IMPORTANT
The ADD USER tab is only available if, in the SECUTIRY tab, Enable automatic provisioning is unchecked.
3. In the ADD USER section, perform the following steps:

a. In First Name text box, enter the first name of user like B.
b. In Last Name text box, enter the last name of user like Simon.
c. In Pick a BlueJeans for Azure AD Username text box, enter the username of user like Brittasimon
d. In Create a Password text box, enter your password.
e. In Company text box, enter your Company.
f. In Email Address text box, enter the email of user like b.simon\@contoso.com .
g. In Create a BlueJeans for Azure AD Meeting I.D text box, enter your meeting ID.
h. In Pick a Moderator Passcode text box, enter your passcode.
i. Click CONTINUE.
J. Click ADD USER.
NOTE
You can use any other BlueJeans for Azure AD user account creation tools or APIs provided by BlueJeans for Azure AD to
provision Azure AD user accounts.
Test SSO
When you click the BlueJeans for Azure AD tile in the Access Panel, you should be automatically signed in to the
BlueJeans for Azure AD for which you set up SSO. For more information about the Access Panel, see Introduction
Try BlueJeans for Azure AD with Azure AD
integration with BeyondTrust Remote Support
In this tutorial, you'll learn how to integrate BeyondTrust Remote Support with Azure Active Directory (Azure AD ).
When you integrate BeyondTrust Remote Support with Azure AD, you can:
Control in Azure AD who has access to BeyondTrust Remote Support.
Enable your users to be automatically signed-in to BeyondTrust Remote Support with their Azure AD accounts.
Prerequisites
BeyondTrust Remote Support single sign-on (SSO ) enabled subscription.
BeyondTrust Remote Support supports SP initiated SSO
BeyondTrust Remote Support supports Just In Time user provisioning
Adding BeyondTrust Remote Support from the gallery

To configure the integration of BeyondTrust Remote Support into Azure AD, you need to add BeyondTrust Remote
Support from the gallery to your list of managed SaaS apps.
5. In the Add from the gallery section, type BeyondTrust Remote Support in the search box.
6. Select BeyondTrust Remote Support from results panel and then add the app. Wait a few seconds while the
Configure and test Azure AD single sign-on for BeyondTrust Remote

Support
Configure and test Azure AD SSO with BeyondTrust Remote Support using a test user called B.Simon. For SSO
to work, you need to establish a link relationship between an Azure AD user and the related user in BeyondTrust
Remote Support.
To configure and test Azure AD SSO with BeyondTrust Remote Support, complete the following building blocks:
2. Configure BeyondTrust Remote Support SSO - to configure the single sign-on settings on application side.
Create BeyondTrust Remote Support test user - to have a counterpart of B.Simon in BeyondTrust
Remote Support that is linked to the Azure AD representation of user.

1. In the Azure portal, on the BeyondTrust Remote Support application integration page, find the Manage
edit the settings.
a. In the Sign-on URL text box, type a URL using the following pattern: https://<HOSTNAME>.bomgar.com/saml
b. In the Identifier box, type a URL using the following pattern: https://<HOSTNAME>.bomgar.com
https://<HOSTNAME>.bomgar.com/saml/sso
NOTE
These values are not real. Update these values with the actual Sign-On URL, Identifier and Reply URL. You will get
these values explained later in the tutorial.
5. BeyondTrust Remote Support application expects the SAML assertions in a specific format, which requires
you to add custom attribute mappings to your SAML token attributes configuration. The following
6. In addition to above, BeyondTrust Remote Support application expects few more attributes to be passed
Givenname user.givenname
Emailaddress user.mail
Name user.userprincipalname
Username user.userprincipalname
Groups user.groups
Unique User Identifier user.userprincipalname
NOTE
When assigning Azure AD Groups for the BeyondTrust Remote Support application, the ‘Groups returned in claim’
option will need to be modified from None to SecurityGroup. The Groups will be imported into the application as their
Object IDs. The Object ID of the Azure AD Group can be found by checking the Properties in the Azure Active
Directory interface. This will be required to reference and assign Azure AD Groups to the correct group policies.
7. When setting the Unique User Identifier, this value must be set to NameID -Format: Persistent. We require
this to be a Persistent identifier to correctly identify and associate the user into the correct group policies for
permissions. Click on the edit icon to open the User Attributes & Claims dialog to edit the Unique User
Identifier value.
8. On the Manage Claim section, click on the Choose name identifier format and set the value to
Persistent and click Save.
computer.
10. On the Set up BeyondTrust Remote Support section, copy the appropriate URL (s) based on your
requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to BeyondTrust Remote
Support.
2. In the applications list, select BeyondTrust Remote Support.
Configure BeyondTrust Remote Support SSO

1. In a different web browser window, sign in to BeyondTrust Remote Support as an Administrator.
2. Click on the STATUS menu and copy the Identifier, Reply URL and Sign on URL and use these values in
3. Navigate to the BeyondTrust Remote Support /login interface at https://support.example.com/login where

support.example.com is the primary hostname of your appliance and authenticate using your
administrative credentials.
4. Navigate to Users & Security > Security Providers.
5. In the drop-down menu, select SAML and click the Create Provider button.
6. Under the Identity Provider Settings section, there is an option to upload the Identity Provider Metadata.
Locate the Metadata XML file that you have downloaded from the Azure portal and click the Upload
button. The Entity ID, Single Sign-On Service URL and Certificate will automatically be uploaded, and
the Protocol Binding will need to be changed to HTTP POST. See screenshot below:
Create BeyondTrust Remote Support test user

We will be configuring the User Provision Settings here. The values used in this section will be referenced from the
User Attributes & Claims section in the Azure portal. We configured this to be the default values which are
already imported at the time of creation, however, the value can be customized if necessary.
NOTE
The groups and e-mail attribute are not necessary for this implementation. If utilizing Azure AD groups and assigning them
to BeyondTrust Remote Support Group Policies for permissions, the Object ID of the group will need to be referenced via its
properties in the Azure portal and placed in the ‘Available Groups’ section. Once this has been completed, the Object ID/AD
Group will now be available for assignment to a group policy for permissions.
NOTE
Alternatively, a default group policy can be set on the SAML2 Security Provider. By defining this option, this will assign all
users who authenticate through SAML the permissions specified within the group policy. The General Members policy is
included within BeyondTrust Remote Support/Privileged Remote Access with limited permissions, which can be used to test
authentication and assign users to the correct policies. Users will not populate into the SAML2 Users list via /login > Users &
Security until the first successful authentication attempt. Additional information on Group policies can be found at the
following link: https://www.beyondtrust.com/docs/remote-support/getting-started/admin/group-policies.htm
Test SSO
When you click the BeyondTrust Remote Support tile in the Access Panel, you should be automatically signed in to
the BeyondTrust Remote Support for which you set up SSO. For more information about the Access Panel, see
Try BeyondTrust Remote Support with Azure AD
Bonusly
In this tutorial, you learn how to integrate Bonusly with Azure Active Directory (Azure AD ). Integrating Bonusly
You can control in Azure AD who has access to Bonusly.
You can enable your users to be automatically signed-in to Bonusly (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Bonusly, you need the following items:
Bonusly single sign-on enabled subscription
Bonusly supports IDP initiated SSO
Adding Bonusly from the gallery

To configure the integration of Bonusly into Azure AD, you need to add Bonusly from the gallery to your list of
managed SaaS apps.
To add Bonusly from the gallery, perform the following steps:
4. In the search box, type Bonusly, select Bonusly from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Bonusly based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Bonusly
To configure and test Azure AD single sign-on with Bonusly, you need to complete the following building blocks:
2. Configure Bonusly Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Bonusly test user - to have a counterpart of Britta Simon in Bonusly that is linked to the Azure AD
To configure Azure AD single sign-on with Bonusly, perform the following steps:
1. In the Azure portal, on the Bonusly application integration page, select Single sign-on.
dialog.

In the Reply URL text box, type a URL using the following pattern: https://Bonus.ly/saml/<tenant-name>
NOTE
The value is not real. Update the value with the actual Reply URL. Contact Bonusly Client support team to get the
7. On the Set up Bonusly section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Bonusly Single Sign-On
1. In a different browser window, sign in to your Bonusly tenant.
2. In the toolbar on the top, click Settings and then select Integrations and apps.
3. Under Single Sign-On, select SAML.

4. On the SAML dialog page, perform the following steps:
a. In the IdP SSO target URL textbox, paste the value of Login URL, which you have copied from Azure
portal.
b. In the IdP Login URL textbox, paste the value of Login URL, which you have copied from Azure portal.
c. In the IdP Issuer textbox, paste the value of Azure AD Identifier, which you have copied from Azure
portal.
d. Paste the Thumbprint value copied from Azure portal into the Cert Fingerprint textbox.
e. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Bonusly.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Bonusly.
2. In the applications list, select Bonusly.

Create Bonusly test user
In order to enable Azure AD users to sign in to Bonusly, they must be provisioned into Bonusly. In the case of
Bonusly, provisioning is a manual task.
NOTE
You can use any other Bonusly user account creation tools or APIs provided by Bonusly to provision Azure AD user accounts.

1. In a web browser window, sign in to your Bonusly tenant.
2. Click Settings.
3. Click the Users and bonuses tab.
4. Click Manage Users.
5. Click Add User.

c. In the Email textbox, enter the email of user like brittasimon\@contoso.com .
d. Click Save.
NOTE
The Azure AD account holder receives an email that includes a link to confirm the account before it becomes active.
Test single sign-on

When you click the Bonusly tile in the Access Panel, you should be automatically signed in to the Bonusly for which
integration with Boomi
In this tutorial, you'll learn how to integrate Boomi with Azure Active Directory (Azure AD ). When you integrate
Boomi with Azure AD, you can:
Control in Azure AD who has access to Boomi.
Enable your users to be automatically signed-in to Boomi with their Azure AD accounts.
Prerequisites
Boomi single sign-on (SSO ) enabled subscription.
Boomi supports IDP initiated SSO
Adding Boomi from the gallery

To configure the integration of Boomi into Azure AD, you need to add Boomi from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Boomi in the search box.
6. Select Boomi from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Boomi

Configure and test Azure AD SSO with Boomi using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Boomi.
To configure and test Azure AD SSO with Boomi, complete the following building blocks:
2. Configure Boomi SSO - to configure the single sign-on settings on application side.
Create Boomi test user - to have a counterpart of B.Simon in Boomi that is linked to the Azure AD

1. In the Azure portal, on the Boomi application integration page, find the Manage section and select single
sign-on.
edit the settings.
4. On the Set up single sign-on with SAML page, enter the values for the following fields:
a. In the Identifier text box, type a URL: https://platform.boomi.com/
https://platform.boomi.com/sso/<boomi-tenant>/saml
NOTE
The Reply URL value is not real. Update the value with the actual Reply URL. Contact Boomi Client support team to
get this value. You can also refer to the patterns shown in the Basic SAML Configuration section in the Azure
portal.
5. Boomi application expects the SAML assertions in a specific format, which requires you to add custom
default attributes.
6. In addition to above, Boomi application expects few more attributes to be passed back in SAML response
requirements.
FEDERATION_ID user.mail
8. On the Set up Boomi section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Boomi.
2. In the applications list, select Boomi.
Configure Boomi SSO

1. In a different web browser window, sign in to your Boomi company site as an administrator.
2. Navigate to Company Name and go to Set up.
3. Click the SSO Options tab and perform below steps.
a. Check Enable SAML Single Sign-On checkbox.
b. Click Import to upload the downloaded certificate from Azure AD to Identity Provider Certificate.
c. In the Identity Provider Login URL textbox, put the value of Login URL from Azure AD application
configuration window.
d. As Federation Id Location, select Federation Id is in FEDERATION_ID Attribute element radio
button.
e. Click Save button.
Create Boomi test user
In order to enable Azure AD users to sign in to Boomi, they must be provisioned into Boomi. In the case of Boomi,
1. Sign in to your Boomi company site as an administrator.
2. After logging in, navigate to User Management and go to Users.
3. Click + icon and the Add/Maintain User Roles dialog opens.

a. In the User e-mail address textbox, type the email of user like B.Simon@contoso.com.
b. In the First name textbox, type the First name of user like B.
c. In the Last name textbox, type the Last name of user like Simon.
d. Enter the user's Federation ID. Each user must have a Federation ID that uniquely identifies the user
within the account.
e. Assign the Standard User role to the user. Do not assign the Administrator role because that would give
them normal Atmosphere access as well as single sign-on access.
f. Click OK.
NOTE
The user will not receive a welcome notification email containing a password that can be used to log in to the
AtomSphere account because their password is managed through the identity provider. You may use any other
Boomi user account creation tools or APIs provided by Boomi to provision Azure AD user accounts.
Test SSO
When you click the Boomi tile in the Access Panel, you should be automatically signed in to the Boomi for which
Try Boomi with Azure AD
BorrowBox
In this tutorial, you learn how to integrate BorrowBox with Azure Active Directory (Azure AD ). Integrating
BorrowBox with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to BorrowBox.
You can enable your users to be automatically signed-in to BorrowBox (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with BorrowBox, you need the following items:
BorrowBox single sign-on enabled subscription
BorrowBox supports SP and IDP initiated SSO
BorrowBox supports Just In Time user provisioning
Adding BorrowBox from the gallery

To configure the integration of BorrowBox into Azure AD, you need to add BorrowBox from the gallery to your list
To add BorrowBox from the gallery, perform the following steps:
4. In the search box, type BorrowBox, select BorrowBox from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with BorrowBox based on a test user called Britta
BorrowBox needs to be established.
To configure and test Azure AD single sign-on with BorrowBox, you need to complete the following building
blocks:
2. Configure BorrowBox Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create BorrowBox test user - to have a counterpart of Britta Simon in BorrowBox that is linked to the Azure
To configure Azure AD single sign-on with BorrowBox, perform the following steps:
1. In the Azure portal, on the BorrowBox application integration page, select Single sign-on.
dialog.
initiated mode:
https://fe.bolindadigital.com/wldcs_bol_fo/b2i/mainPage.html?b2bSite=<ID>
NOTE
The value is not real. Update the value with the actual Sign-on URL. Contact BorrowBox Client support team to get
6. Your BorrowBox application expects the SAML assertions in a specific format, which requires you to add
the list of default attributes, where as nameidentifier is mapped with user.userprincipalname. BorrowBox
application expects nameidentifier to be mapped with user.mail, so you need to edit the attribute mapping
by clicking on Edit icon and change the attribute mapping.
8. On the Set up BorrowBox section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure BorrowBox Single Sign-On
To configure single sign-on on BorrowBox side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to BorrowBox support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to BorrowBox.
1. In the Azure portal, select Enterprise Applications, select All applications, then select BorrowBox.
2. In the applications list, select BorrowBox.
Create BorrowBox test user
In this section, a user called Britta Simon is created in BorrowBox. BorrowBox supports just-in-time user
exist in BorrowBox, a new one is created after authentication.
NOTE
If you need to create a user manually, contact BorrowBox support team.
Test single sign-on

When you click the BorrowBox tile in the Access Panel, you should be automatically signed in to the BorrowBox for
integration with Box
In this tutorial, you'll learn how to integrate Box with Azure Active Directory (Azure AD ). When you integrate Box
Control in Azure AD who has access to Box.
Enable your users to be automatically signed-in to Box with their Azure AD accounts.
Prerequisites
Box single sign-on (SSO ) enabled subscription.
Box supports SP initiated SSO
Box supports Just In Time user provisioning
Box supports Automated user provisioning
Adding Box from the gallery

To configure the integration of Box into Azure AD, you need to add Box from the gallery to your list of managed
SaaS apps.
5. In the Add from the gallery section, type Box in the search box.
6. Select Box from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
Configure and test Azure AD single sign-on for Box

Configure and test Azure AD SSO with Box using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Box.
To configure and test Azure AD SSO with Box, complete the following building blocks:
2. Configure Box SSO - to configure the single sign-on settings on application side.
a. Create Box test user - to have a counterpart of B.Simon in Box that is linked to the Azure AD

1. In the Azure portal, on the Box application integration page, find the Manage section and select single
sign-on.
edit the settings.
https://<SUBDOMAIN>.account.box.com
b. In the Identifier (Entity ID ) text box, type a URL: box.net
NOTE
The Sign-on URL value is not real. Update the value with the actual Sign-On URL. Contact Box Client support team to
computer.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Box.
2. In the applications list, select Box.
Configure Box SSO

To configure SSO for your application, follow the procedure in Set up SSO on your own.
NOTE
If you are unable to configure the SSO settings for your Box account, you need to send the downloaded Federation
Metadata XML to Box support team. They set this setting to have the SAML SSO connection set properly on both sides.
Create Box test user

In this section, a user called Britta Simon is created in Box. Box supports just-in-time user provisioning, which is
enabled by default. There is no action item for you in this section. If a user doesn't already exist in Box, a new one is
NOTE
If you need to create a user manually, contact Box support team.
Test SSO
When you click the Box tile in the Access Panel, you should be automatically signed in to the Box for which you set
Try Box with Azure AD
Boxcryptor
In this tutorial, you learn how to integrate Boxcryptor with Azure Active Directory (Azure AD ). Integrating
Boxcryptor with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Boxcryptor.
You can enable your users to be automatically signed-in to Boxcryptor (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Boxcryptor, you need the following items:
Boxcryptor single sign-on enabled subscription
Boxcryptor supports SP initiated SSO
Boxcryptor supports Just In Time user provisioning
Adding Boxcryptor from the gallery

To configure the integration of Boxcryptor into Azure AD, you need to add Boxcryptor from the gallery to your list
To add Boxcryptor from the gallery, perform the following steps:
4. In the search box, type Boxcryptor, select Boxcryptor from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Boxcryptor based on a test user called Britta
Boxcryptor needs to be established.
To configure and test Azure AD single sign-on with Boxcryptor, you need to complete the following building blocks:
2. Configure Boxcryptor Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Boxcryptor test user - to have a counterpart of Britta Simon in Boxcryptor that is linked to the Azure
To configure Azure AD single sign-on with Boxcryptor, perform the following steps:
1. In the Azure portal, on the Boxcryptor application integration page, select Single sign-on.
dialog.

a. In the Sign on URL text box, type a URL: https://www.boxcryptor.com/app
b. In the Identifier (Entity ID ) text box, type the value: boxcryptor
6. On the Set up Boxcryptor section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Boxcryptor Single Sign-On
To configure single sign-on on Boxcryptor side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to Boxcryptor support team. They set this setting to have the SAML

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Boxcryptor.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Boxcryptor.
2. In the applications list, select Boxcryptor.
Create Boxcryptor test user
In this section, you create a user called Britta Simon in Boxcryptor. Work with Boxcryptor support team to add the
users or the domain that must be added to an allow list for the Boxcryptor platform. If the domain is added by the
team, users will get automatically provisioned to the Boxcryptor platform. Users must be created and activated
before you use single sign-on.
Test single sign-on
When you click the Boxcryptor tile in the Access Panel, you should be automatically signed in to the Boxcryptor for
Bpm’online
In this tutorial, you learn how to integrate Bpm’online with Azure Active Directory (Azure AD ). Integrating
Bpm’online with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Bpm’online.
You can enable your users to be automatically signed-in to Bpm’online (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Bpm’online, you need the following items:
Bpm’online single sign-on enabled subscription
Bpm’online supports SP and IDP initiated SSO
Adding Bpm’online from the gallery

To configure the integration of Bpm’online into Azure AD, you need to add Bpm’online from the gallery to your list
To add Bpm’online from the gallery, perform the following steps:
4. In the search box, type Bpm’online, select Bpm’online from the result panel then click the Add button to

In this section, you configure and test Azure AD single sign-on with Bpm’online based on a test user called Britta
Bpm’online needs to be established.
To configure and test Azure AD single sign-on with Bpm’online, you need to complete the following building
blocks:
2. Configure Bpm’online Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Bpm’online test user - to have a counterpart of Britta Simon in Bpm’online that is linked to the Azure
To configure Azure AD single sign-on with Bpm’online, perform the following steps:
1. In the Azure portal, on the Bpm’online application integration page, select Single sign-on.
dialog.
https://<client site name>.bpmonline.com/
https://<client site name>.bpmonline.com/ServiceModel/AuthService.svc/SsoLogin
initiated mode:
https://<client site name>.bpmonline.com/
NOTE
Bpm’online Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
Configure Bpm’online Single Sign-On

To configure single sign-on on Bpm’online side, you need to send the App Federation Metadata Url to
Bpm’online support team. They set this setting to have the SAML SSO connection set properly on both sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Bpm’online.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Bpm’online.
2. In the applications list, select Bpm’online.
Create Bpm’online test user
In this section, you create a user called Britta Simon in Bpm’online. Work with Bpm’online support team to add the
users in the Bpm’online platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Bpm’online tile in the Access Panel, you should be automatically signed in to the Bpm’online
Brandfolder
In this tutorial, you learn how to integrate Brandfolder with Azure Active Directory (Azure AD ). Integrating
Brandfolder with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Brandfolder.
You can enable your users to be automatically signed-in to Brandfolder (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Brandfolder, you need the following items:
Brandfolder single sign-on enabled subscription
Brandfolder supports IDP initiated SSO
Brandfolder supports Just In Time user provisioning
Adding Brandfolder from the gallery

To configure the integration of Brandfolder into Azure AD, you need to add Brandfolder from the gallery to your
To add Brandfolder from the gallery, perform the following steps:
4. In the search box, type Brandfolder, select Brandfolder from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Brandfolder based on a test user called Britta
Brandfolder needs to be established.
To configure and test Azure AD single sign-on with Brandfolder, you need to complete the following building
blocks:
2. Configure Brandfolder Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Brandfolder test user - to have a counterpart of Britta Simon in Brandfolder that is linked to the Azure
To configure Azure AD single sign-on with Brandfolder, perform the following steps:
1. In the Azure portal, on the Brandfolder application integration page, select Single sign-on.
dialog.
https://brandfolder.com/organizations/<ORG_SLUG>/saml/metadata
https://brandfolder.com/organizations/<ORG_SLUG>/saml
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact Brandfolder Client
Configure Brandfolder Single Sign-On

To configure single sign-on on Brandfolder side, you need to send the App Federation Metadata Url to
Brandfolder support team. They set this setting to have the SAML SSO connection set properly on both sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Brandfolder.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Brandfolder.
2. In the applications list, select Brandfolder.
Create Brandfolder test user
In this section, a user called Britta Simon is created in Brandfolder. Brandfolder supports just-in-time user
exist in Brandfolder, a new one is created after authentication.
Test single sign-on
When you click the Brandfolder tile in the Access Panel, you should be automatically signed in to the Brandfolder
integration with Braze
In this tutorial, you'll learn how to integrate Braze with Azure Active Directory (Azure AD ). When you integrate
Braze with Azure AD, you can:
Control in Azure AD who has access to Braze.
Enable your users to be automatically signed-in to Braze with their Azure AD accounts.
Prerequisites
Braze single sign-on (SSO ) enabled subscription.
Braze supports SP and IDP initiated SSO
Adding Braze from the gallery

To configure the integration of Braze into Azure AD, you need to add Braze from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Braze in the search box.
6. Select Braze from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
Configure and test Azure AD single sign-on for Braze

Configure and test Azure AD SSO with Braze using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Braze.
To configure and test Azure AD SSO with Braze, complete the following building blocks:
2. Configure Braze SSO - to configure the single sign-on settings on application side.
Create Braze test user - to have a counterpart of B.Simon in Braze that is linked to the Azure AD

1. In the Azure portal, on the Braze application integration page, find the Manage section and select single
sign-on.
edit the settings.
https://<SUBDOMAIN>.braze.com/auth/saml/callback
initiated mode:
https://<SUBDOMAIN>.braze.com/sign_in
NOTE
For the subdomain, use the coordinating subdomain listed in your Braze instance URL. For example, if your instance is
US-01, your URL is https://dashboard-01.braze.com. This means that your subdomain will be dashboard-01.
6. Braze application expects the SAML assertions in a specific format, which requires you to add custom
default attributes.
7. In addition to above, Braze application expects few more attributes to be passed back in SAML response
requirements.
9. On the Set up Braze section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Braze.
2. In the applications list, select Braze.
Configure Braze SSO

To configure single sign-on on Braze side, you will need to ensure that a Braze Account Manager has enabled
SAML SSO for your account. Once enabled, you can then go to Company Settings > Security Settings and toggle
the SAML SSO section to ON. Within this section, you will need to copy and paste the downloaded Certificate
(Base64), along with adding a SAML Name.
Create Braze test user
In this section, you create a user called B.Simon in Braze. Work with Braze support team to add the users in the
Braze platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the Braze tile in the Access Panel, you should be automatically signed in to the Braze for which you
Try Braze with Azure AD
Bridge
In this tutorial, you learn how to integrate Bridge with Azure Active Directory (Azure AD ). Integrating Bridge with
You can control in Azure AD who has access to Bridge.
You can enable your users to be automatically signed-in to Bridge (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Bridge, you need the following items:
Bridge single sign-on enabled subscription
Bridge supports SP initiated SSO
Adding Bridge from the gallery

To configure the integration of Bridge into Azure AD, you need to add Bridge from the gallery to your list of
managed SaaS apps.
To add Bridge from the gallery, perform the following steps:
4. In the search box, type Bridge, select Bridge from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Bridge based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Bridge
To configure and test Azure AD single sign-on with Bridge, you need to complete the following building blocks:
2. Configure Bridge Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Bridge test user - to have a counterpart of Britta Simon in Bridge that is linked to the Azure AD
To configure Azure AD single sign-on with Bridge, perform the following steps:
1. In the Azure portal, on the Bridge application integration page, select Single sign-on.
dialog.

https://<company name>.bridgeapp.com
https://<company name>.bridgeapp.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Bridge Client
on your computer.
6. On the Set up Bridge section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Bridge Single Sign-On
To configure single sign-on on Bridge side, you need to send the downloaded Certificate (Raw) and appropriate
copied URLs from Azure portal to Bridge support team. They set this setting to have the SAML SSO connection

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Bridge.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Bridge.
2. In the applications list, select Bridge.
Create Bridge test user
In this section, you create a user called Britta Simon in Bridge. Work with Bridge support team to add the users in
the Bridge platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Bridge tile in the Access Panel, you should be automatically signed in to the Bridge for which
Bridgeline Unbound
In this tutorial, you learn how to integrate Bridgeline Unbound with Azure Active Directory (Azure AD ). Integrating
Bridgeline Unbound with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Bridgeline Unbound.
You can enable your users to be automatically signed-in to Bridgeline Unbound (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Bridgeline Unbound, you need the following items:
Bridgeline Unbound single sign-on enabled subscription
Bridgeline supports SP and IDP initiated SSO
Bridgeline Unbound supports Just In Time user provisioning
Adding Bridgeline Unbound from the gallery

To configure the integration of Bridgeline Unbound into Azure AD, you need to add Bridgeline Unbound from the
To add Bridgeline Unbound from the gallery, perform the following steps:
4. In the search box, type Bridgeline Unbound, select Bridgeline Unbound from result panel then click

In this section, you configure and test Azure AD single sign-on with Bridgeline Unbound based on a test user called
Bridgeline Unbound needs to be established.
To configure and test Azure AD single sign-on with Bridgeline Unbound, you need to complete the following
building blocks:
2. Configure Bridgeline Unbound Single Sign-On - to configure the Single Sign-On settings on application
side.
5. Create Bridgeline Unbound test user - to have a counterpart of Britta Simon in Bridgeline Unbound that is
To configure Azure AD single sign-on with Bridgeline Unbound, perform the following steps:
1. In the Azure portal, on the Bridgeline Unbound application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type a URL using the following pattern: iApps_UPSTT_<ENVIRONMENTNAME>
https://<SUBDOMAIN>.iapps.com/SAMLAssertionService.aspx
initiated mode:
https://<SUBDOMAIN>.iapps.com/CommonLogin/login?<INSTANCENAME>
NOTE
Bridgeline Unbound Client support team to get these values. You can also refer to the patterns shown in the Basic
7. On the Set up Bridgeline Unbound section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Bridgeline Unbound Single Sign-On
To configure single sign-on on Bridgeline Unbound side, you need to send the downloaded Certificate
(Base64) and appropriate copied URLs from Azure portal to Bridgeline Unbound support team. They set this

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Bridgeline Unbound.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Bridgeline
Unbound.
2. In the applications list, select Bridgeline Unbound.

Create Bridgeline Unbound test user
In this section, a user called Britta Simon is created in Bridgeline Unbound. Bridgeline Unbound supports just-in-
already exist in Bridgeline Unbound, a new one is created after authentication.
NOTE
If you need to create a user manually, contact Bridgeline Unbound support team.
Test single sign-on
When you click the Bridgeline Unbound tile in the Access Panel, you should be automatically signed in to the
Bridgeline Unbound for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
integration with Bright Pattern Omnichannel Contact
Center
In this tutorial, you'll learn how to integrate Bright Pattern Omnichannel Contact Center with Azure Active
Directory (Azure AD ). When you integrate Bright Pattern Omnichannel Contact Center with Azure AD, you can:
Control in Azure AD who has access to Bright Pattern Omnichannel Contact Center.
Enable your users to be automatically signed-in to Bright Pattern Omnichannel Contact Center with their Azure
AD accounts.
Prerequisites
Bright Pattern Omnichannel Contact Center single sign-on (SSO ) enabled subscription.
Bright Pattern Omnichannel Contact Center supports SP and IDP initiated SSO
Bright Pattern Omnichannel Contact Center supports Just In Time user provisioning
Adding Bright Pattern Omnichannel Contact Center from the gallery

To configure the integration of Bright Pattern Omnichannel Contact Center into Azure AD, you need to add Bright
Pattern Omnichannel Contact Center from the gallery to your list of managed SaaS apps.
5. In the Add from the gallery section, type Bright Pattern Omnichannel Contact Center in the search box.
6. Select Bright Pattern Omnichannel Contact Center from results panel and then add the app. Wait a few
Configure and test Azure AD single sign-on for Bright Pattern

Omnichannel Contact Center
Configure and test Azure AD SSO with Bright Pattern Omnichannel Contact Center using a test user called
B.Simon. For SSO to work, you need to establish a link relationship between an Azure AD user and the related
user in Bright Pattern Omnichannel Contact Center.
To configure and test Azure AD SSO with Bright Pattern Omnichannel Contact Center, complete the following
building blocks:
2. Configure Bright Pattern Omnichannel Contact Center SSO - to configure the single sign-on settings on
application side.
a. Create Bright Pattern Omnichannel Contact Center test user - to have a counterpart of B.Simon in
Bright Pattern Omnichannel Contact Center that is linked to the Azure AD representation of user.

1. In the Azure portal, on the Bright Pattern Omnichannel Contact Center application integration page,
find the Manage section and select single sign-on.
edit the settings.
a. In the Identifier text box, type a URL using the following pattern: <SUBDOMAIN>_sso
https://<SUBDOMAIN>.brightpattern.com/agentdesktop/sso/redirect
initiated mode:
https://<SUBDOMAIN>.brightpattern.com/
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact Bright
Pattern Omnichannel Contact Center Client support team to get these values. You can also refer to the patterns
shown in the Basic SAML Configuration section in the Azure portal.
6. Bright Pattern Omnichannel Contact Center application expects the SAML assertions in a specific format,
which requires you to add custom attribute mappings to your SAML token attributes configuration. The
following screenshot shows the list of default attributes.
7. In addition to above, Bright Pattern Omnichannel Contact Center application expects few more attributes to
be passed back in SAML response which are shown below. These attributes are also pre populated but you
can review them as per your requirement.
NAME NAMESPACE
email user.mail
9. On the Set up Bright Pattern Omnichannel Contact Center section, copy the appropriate URL (s) based
on your requirement.

In the Name field, enter .
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Bright Pattern Omnichannel
Contact Center.
2. In the applications list, select Bright Pattern Omnichannel Contact Center.
Configure Bright Pattern Omnichannel Contact Center SSO

To configure single sign-on on Bright Pattern Omnichannel Contact Center side, you need to send the
downloaded Certificate (Base64) and appropriate copied URLs from Azure portal to Bright Pattern Omnichannel
Contact Center support team. They set this setting to have the SAML SSO connection set properly on both sides.
Create Bright Pattern Omnichannel Contact Center test user
In this section, a user called B.Simon is created in Bright Pattern Omnichannel Contact Center. Bright Pattern
Omnichannel Contact Center supports just-in-time user provisioning, which is enabled by default. There is no
action item for you in this section. If a user doesn't already exist in Bright Pattern Omnichannel Contact Center, a
new one is created after authentication.
Test SSO
When you click the Bright Pattern Omnichannel Contact Center tile in the Access Panel, you should be
automatically signed in to the Bright Pattern Omnichannel Contact Center for which you set up SSO. For more
information about the Access Panel, see Introduction to the Access Panel.
Try Bright Pattern Omnichannel Contact Center with Azure AD
Brightidea
In this tutorial, you learn how to integrate Brightidea with Azure Active Directory (Azure AD ). Integrating
Brightidea with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Brightidea.
You can enable your users to be automatically signed-in to Brightidea (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Brightidea, you need the following items:
Brightidea single sign-on enabled subscription
Brightidea supports SP and IDP initiated SSO
Brightidea supports Just In Time user provisioning
Adding Brightidea from the gallery

To configure the integration of Brightidea into Azure AD, you need to add Brightidea from the gallery to your list of
managed SaaS apps.
To add Brightidea from the gallery, perform the following steps:
4. In the search box, type Brightidea, select Brightidea from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Brightidea based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Brightidea
To configure and test Azure AD single sign-on with Brightidea, you need to complete the following building blocks:
2. Configure Brightidea Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Brightidea test user - to have a counterpart of Britta Simon in Brightidea that is linked to the Azure
To configure Azure AD single sign-on with Brightidea, perform the following steps:
1. In the Azure portal, on the Brightidea application integration page, select Single sign-on.
dialog.
4. On the Basic SAML Configuration section, if you have Service Provider metadata file and wish to
configure in IDP intiated mode perform the following steps:
c. After the metadata file is successfully uploaded, the Identifier and Reply URL values get auto populated
in Brightidea section textbox:
NOTE
If the Identifier and Reply URL values do not get auto polulated, then fill in the values manually according to your
requirement.
initiated mode:
In the Sign-on URL text box, type a URL using the following pattern: https://<SUBDOMAIN>.brightidea.com
7. On the Set up Brightidea section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Brightidea Single Sign-On
1. In a different web browser window, sign in to Brightidea using the administrator credentials.
2. To get to the SSO feature in your Brightidea system, navigate to Enterprise Setup -> Authentication Tab.
There you will see two sub tabs: Auth Selection & SAML Profiles.
3. Select Auth Selection. By default, it only shows two standard methods: Brightidea Login & Registration.
When an SSO method added, it will show up in the list.
4. Select SAML Profiles and perform the following steps:

a. Click on the Download Metadata and upload at the Basic SAML Configuration section in the Azure
portal.
b. Click on the Add New button under the Identity Provider Setting and perform the following steps:
Enter the SAML Profile Name like e.g Azure Ad SSO
For Upload Metadata, click choose file and upload the downloaded metadata file from the Azure
portal.
NOTE
After uploading the metadata file, the remaining fields Single Sign-on Service, Identity Provider Issuer,
Upload Public Key will populate automatically.
In the Email textbox, enter the value as mail .

In the Screen Name textbox, enter the value as givenName .
Click Save Changes.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Brightidea.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Brightidea.
2. In the applications list, select Brightidea.
Create Brightidea test user
In this section, a user called Britta Simon is created in Brightidea. Brightidea supports just-in-time user
exist in Brightidea, a new one is created after authentication.
Test single sign-on
When you click the Brightidea tile in the Access Panel, you should be automatically signed in to the Brightidea for
Brightspace by Desire2Learn
In this tutorial, you learn how to integrate Brightspace by Desire2Learn with Azure Active Directory (Azure AD ).
Integrating Brightspace by Desire2Learn with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Brightspace by Desire2Learn.
You can enable your users to be automatically signed-in to Brightspace by Desire2Learn (Single Sign-On) with
you begin.
Prerequisites
To configure Azure AD integration with Brightspace by Desire2Learn, you need the following items:
Brightspace by Desire2Learn single sign-on enabled subscription
Brightspace by Desire2Learn supports IDP initiated SSO
Adding Brightspace by Desire2Learn from the gallery

To configure the integration of Brightspace by Desire2Learn into Azure AD, you need to add Brightspace by
Desire2Learn from the gallery to your list of managed SaaS apps.
To add Brightspace by Desire2Learn from the gallery, perform the following steps:
4. In the search box, type Brightspace by Desire2Learn, select Brightspace by Desire2Learn from result

In this section, you configure and test Azure AD single sign-on with Brightspace by Desire2Learn based on a test
user in Brightspace by Desire2Learn needs to be established.
To configure and test Azure AD single sign-on with Brightspace by Desire2Learn, you need to complete the
2. Configure Brightspace by Desire2Learn Single Sign-On - to configure the Single Sign-On settings on
application side.
5. Create Brightspace by Desire2Learn test user - to have a counterpart of Britta Simon in Brightspace by
Desire2Learn that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with Brightspace by Desire2Learn, perform the following steps:
1. In the Azure portal, on the Brightspace by Desire2Learn application integration page, select Single sign-
on.
dialog.
https://<companyname>.tenants.brightspace.com/samlLogin
https://<companyname>.desire2learn.com/shibboleth-sp
https://<companyname>.desire2learn.com/d2l/lp/auth/login/samlLogin.d2l
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact Brightspace by
Desire2Learn Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
6. On the Set up Brightspace by Desire2Learn section, copy the appropriate URL (s) as per your
requirement.
a. Login URL
c. Logout URL
Configure Brightspace by Desire2Learn Single Sign-On
To configure single sign-on on Brightspace by Desire2Learn side, you need to send the downloaded Federation
Metadata XML and appropriate copied URLs from Azure portal to Brightspace by Desire2Learn support team.
They set this setting to have the SAML SSO connection set properly on both sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Brightspace by
Desire2Learn.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Brightspace by
Desire2Learn.
2. In the applications list, select Brightspace by Desire2Learn.

Create Brightspace by Desire2Learn test user
In this section, you create a user called Britta Simon in Brightspace by Desire2Learn. Work with Brightspace by
Desire2Learn support team to add the users in the Brightspace by Desire2Learn platform. Users must be created
NOTE
You can use any other Brightspace by Desire2Learn user account creation tools or APIs provided by Brightspace by
Desire2Learn to provision Azure Active Directory user accounts.
Test single sign-on
When you click the Brightspace by Desire2Learn tile in the Access Panel, you should be automatically signed in to
the Brightspace by Desire2Learn for which you set up SSO. For more information about the Access Panel, see
Bugsnag
In this tutorial, you learn how to integrate Bugsnag with Azure Active Directory (Azure AD ). Integrating Bugsnag
You can control in Azure AD who has access to Bugsnag.
You can enable your users to be automatically signed-in to Bugsnag (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Bugsnag, you need the following items:
Bugsnag single sign-on enabled subscription
Bugsnag supports SP and IDP initiated SSO
Bugsnag supports Just In Time user provisioning
Adding Bugsnag from the gallery

To configure the integration of Bugsnag into Azure AD, you need to add Bugsnag from the gallery to your list of
managed SaaS apps.
To add Bugsnag from the gallery, perform the following steps:
4. In the search box, type Bugsnag, select Bugsnag from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Bugsnag based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Bugsnag
To configure and test Azure AD single sign-on with Bugsnag, you need to complete the following building blocks:
2. Configure Bugsnag Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Bugsnag test user - to have a counterpart of Britta Simon in Bugsnag that is linked to the Azure AD
To configure Azure AD single sign-on with Bugsnag, perform the following steps:
1. In the Azure portal, on the Bugsnag application integration page, select Single sign-on.
dialog.
https://app.bugsnag.com/user/sign_in/saml/<org_slug>/acs
NOTE
The Reply URL value is not real. Update this value with the actual Reply URL. Contact Bugsnag Client support team to
portal.
initiated mode:
In the Sign-on URL text box, type as: https://app.bugsnag.com/user/identity_provider
Configure Bugsnag Single Sign-On

To configure single sign-on on Bugsnag side, you need to send the App Federation Metadata Url to Bugsnag

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Bugsnag.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Bugsnag.
2. In the applications list, select Bugsnag.

Create Bugsnag test user
In this section, a user called Britta Simon is created in Bugsnag. Bugsnag supports just-in-time user provisioning,
Bugsnag, a new one is created after authentication.
Test single sign-on
When you click the Bugsnag tile in the Access Panel, you should be automatically signed in to the Bugsnag for
Tutorial: Integrate Bynder with Azure Active Directory
In this tutorial, you'll learn how to integrate Bynder with Azure Active Directory (Azure AD ). When you integrate
Bynder with Azure AD, you can:
Control in Azure AD who has access to Bynder.
Enable your users to be automatically signed-in to Bynder with their Azure AD accounts.
Prerequisites
Bynder single sign-on (SSO ) enabled subscription.
Bynder supports SP and IDP initiated SSO
Bynder supports Just In Time user provisioning
Adding Bynder from the gallery

To configure the integration of Bynder into Azure AD, you need to add Bynder from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Bynder in the search box.
6. Select Bynder from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.

Configure and test Azure AD SSO with Bynder using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Bynder.
To configure and test Azure AD SSO with Bynder, complete the following building blocks:
2. Configure Bynder SSO - to configure the Single Sign-On settings on application side.
5. Create Bynder test user - to have a counterpart of Britta Simon in Bynder that is linked to the Azure AD
1. In the Azure portal, on the Bynder application integration page, find the Manage section and select Single
sign-on.
a. In the Identifier text box, type a URL using the following pattern: https://<company name>.getbynder.com
https://<company name>.getbynder.com/sso/SAML/authenticate/
initiated mode:
https://<company name>.getbynder.com/login/
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact Bynder
6. Bynder application expects the SAML assertions in a specific format. Configure the following claims for this
application. You can manage the values of these attributes from the User Attributes section on application
integration page. On the Set up Single Sign-On with SAML page, click Edit button to open User
Attributes dialog.
b. Select Security groups from the radio list.
d. Click Save.
9. On the Set up Bynder section, copy the appropriate URL (s) based on your requirement.
Configure Bynder SSO
To configure single sign-on on Bynder side, you need to send the downloaded Metadata XML and appropriate
copied URLs from Azure portal to Bynder support team. They set this setting to have the SAML SSO connection
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Bynder.
2. In the applications list, select Bynder.
Create Bynder test user
In this section, a user called Britta Simon is created in Bynder. Bynder supports just-in-time user provisioning,
which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Bynder,
NOTE
If you need to create a user manually, you need to contact the Bynder support team.
Test SSO
When you click the Bynder tile in the Access Panel, you should be automatically signed in to the Bynder for which
Tutorial: Azure Active Directory integration with CA
PPM
In this tutorial, you learn how to integrate CA PPM with Azure Active Directory (Azure AD ). Integrating CA PPM
You can control in Azure AD who has access to CA PPM.
You can enable your users to be automatically signed-in to CA PPM (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with CA PPM, you need the following items:
CA PPM single sign-on enabled subscription
CA PPM supports IDP initiated SSO
Adding CA PPM from the gallery

To configure the integration of CA PPM into Azure AD, you need to add CA PPM from the gallery to your list of
managed SaaS apps.
To add CA PPM from the gallery, perform the following steps:
4. In the search box, type CA PPM, select CA PPM from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with CA PPM based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in CA PPM
To configure and test Azure AD single sign-on with CA PPM, you need to complete the following building blocks:
2. Configure CA PPM Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create CA PPM test user - to have a counterpart of Britta Simon in CA PPM that is linked to the Azure AD
To configure Azure AD single sign-on with CA PPM, perform the following steps:
1. In the Azure portal, on the CA PPM application integration page, select Single sign-on.
dialog.
https://ca.ondemand.saml.20.post.<companyname>
b. In the Reply URL text box, type as:

https://fedsso.ondemand.ca.com/affwebservices/public/saml2assertionconsumer
NOTE
This value is not real. Update this value with the actual Identifier. Contact CA PPM Client support team to get this
6. On the Set up CA PPM section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure CA PPM Single Sign-On
To configure single sign-on on CA PPM side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to CA PPM support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to CA PPM.
1. In the Azure portal, select Enterprise Applications, select All applications, then select CA PPM.
2. In the applications list, select CA PPM.
Create CA PPM test user
In this section, you create a user called Britta Simon in CA PPM. Work with CA PPM support team to add the users
in the CA PPM platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the CA PPM tile in the Access Panel, you should be automatically signed in to the CA PPM for
integration with CakeHR
In this tutorial, you'll learn how to integrate CakeHR with Azure Active Directory (Azure AD ). When you integrate
CakeHR with Azure AD, you can:
Control in Azure AD who has access to CakeHR.
Enable your users to be automatically signed-in to CakeHR with their Azure AD accounts.
Prerequisites
CakeHR single sign-on (SSO ) enabled subscription.
CakeHR supports SP initiated SSO
NOTE
Adding CakeHR from the gallery

To configure the integration of CakeHR into Azure AD, you need to add CakeHR from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type CakeHR in the search box.
6. Select CakeHR from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for CakeHR

Configure and test Azure AD SSO with CakeHR using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in CakeHR.
To configure and test Azure AD SSO with CakeHR, complete the following building blocks:
2. Configure CakeHR SSO - to configure the single sign-on settings on application side.
Create CakeHR test user - to have a counterpart of B.Simon in CakeHR that is linked to the Azure AD

1. In the Azure portal, on the CakeHR application integration page, find the Manage section and select
single sign-on.
edit the settings.
a. In the Sign-on URL text box, type a URL using the following pattern: https://<yourcakedomain>.cake.hr/
https://<yourcakedomain>.cake.hr/services/saml/consume
NOTE
These values are not real. Update these values with the actual Sign-On URL and Reply URL. Contact CakeHR Client
6. In the SAML Signing Certificate section, copy the THUMBPRINT value and save it on your Notepad.
7. On the Set up CakeHR section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to CakeHR.
2. In the applications list, select CakeHR.
Configure CakeHR SSO

1. To automate the configuration within CakeHR, you need to install My Apps Secure Sign-in browser
2. After adding extension to the browser, click on Set up CakeHR will direct you to the CakeHR application.
From there, provide the admin credentials to sign into CakeHR. The browser extension will automatically
3. If you want to setup CakeHR manually, open a new web browser window and sign into your CakeHR
4. On the top-right corner of the page, click on Profile and then navigate to Settings.
5. From the left side of the menu bar, click on INTEGRATIONS > SAML SSO and perform the following
steps:
a. In the Entity ID text box, type cake.hr .

b. In the Authentication URL text box, paste the value of Login URL, which you have copied from Azure
portal.
c. In the Key fingerprint (SHA1 format) text box, paste the THUMBPRINT value, which you have copied
from Azure portal.
d. Check the Enable Single Sign on box.
e. Click Save.
Create CakeHR test user
To enable Azure AD users to sign in to CakeHR, they must be provisioned into CakeHR. In CakeHR, provisioning is
a manual task.
1. Sign in to CakeHR as a Security Administrator.
2. From the left side of the menu bar, click on COMPANY > ADD.
3. On the Add new employee pop-up, perform the following steps:
a. In Full name text box, enter the name of user like B.Simon.
b. In Work email text box, enter the email of user like B.Simon@contoso.com .
c. Click CREATE ACCOUNT.
Test SSO
When you click the CakeHR tile in the Access Panel, you should be automatically signed in to the CakeHR for
Try CakeHR with Azure AD
Canvas
In this tutorial, you learn how to integrate Canvas with Azure Active Directory (Azure AD ). Integrating Canvas with
You can control in Azure AD who has access to Canvas.
You can enable your users to be automatically signed-in to Canvas (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Canvas, you need the following items:
Canvas single sign-on enabled subscription
Canvas supports SP initiated SSO
Adding Canvas from the gallery

To configure the integration of Canvas into Azure AD, you need to add Canvas from the gallery to your list of
managed SaaS apps.
To add Canvas from the gallery, perform the following steps:
4. In the search box, type Canvas, select Canvas from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Canvas based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Canvas
To configure and test Azure AD single sign-on with Canvas, you need to complete the following building blocks:
2. Configure Canvas Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Canvas test user - to have a counterpart of Britta Simon in Canvas that is linked to the Azure AD
To configure Azure AD single sign-on with Canvas, perform the following steps:
1. In the Azure portal, on the Canvas application integration page, select Single sign-on.
dialog.

https://<tenant-name>.instructure.com
https://<tenant-name>.instructure.com/saml2
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Canvas Client
7. On the Set up Canvas section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Canvas Single Sign-On
1. In a different web browser window, log in to your Canvas company site as an administrator.
2. Go to Courses > Managed Accounts > Microsoft.
3. In the navigation pane on the left, select Authentication, and then click Add New SAML Config.
4. On the Current Integration page, perform the following steps:

a. In IdP Entity ID textbox, paste the value of Azure Ad Identifier which you have copied from Azure
portal.
b. In Log On URL textbox, paste the value of Login URL which you have copied from Azure portal .
c. In Log Out URL textbox, paste the value of Logout URL which you have copied from Azure portal.
d. In Change Password Link textbox, paste the value of Change Password URL which you have copied
from Azure portal.
e. In Certificate Fingerprint textbox, paste the Thumbprint value of certificate which you have copied
from Azure portal.
f. From the Login Attribute list, select NameID.
g. From the Identifier Format list, select emailAddress.
h. Click Save Authentication Settings.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Canvas.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Canvas.
2. In the applications list, select Canvas.
Create Canvas test user
To enable Azure AD users to log in to Canvas, they must be provisioned into Canvas. In the case of Canvas, user
1. Log in to your Canvas tenant.
2. Go to Courses > Managed Accounts > Microsoft.
3. Click Users.
4. Click Add New User.
5. On the Add a New User dialog page, perform the following steps:
a. In the Full Name textbox, enter the name of user like BrittaSimon.
b. In the Email textbox, enter the email of user like brittasimon@contoso.com.
c. In the Login textbox, enter the user’s Azure AD email address like brittasimon@contoso.com.
d. Select Email the user about this account creation.
e. Click Add User.
NOTE
You can use any other Canvas user account creation tools or APIs provided by Canvas to provision Azure AD user accounts.
Test single sign-on

When you click the Canvas tile in the Access Panel, you should be automatically signed in to the Canvas for which
Capriza Platform
In this tutorial, you learn how to integrate Capriza Platform with Azure Active Directory (Azure AD ). Integrating
Capriza Platform with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Capriza Platform.
You can enable your users to be automatically signed-in to Capriza Platform (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Capriza Platform, you need the following items:
Capriza Platform single sign-on enabled subscription
Capriza Platform supports SP initiated SSO
Capriza Platform supports Just In Time user provisioning
Adding Capriza Platform from the gallery

To configure the integration of Capriza Platform into Azure AD, you need to add Capriza Platform from the gallery
To add Capriza Platform from the gallery, perform the following steps:
4. In the search box, type Capriza Platform, select Capriza Platform from result panel then click Add button

In this section, you configure and test Azure AD single sign-on with Capriza Platform based on a test user called
Capriza Platform needs to be established.
To configure and test Azure AD single sign-on with Capriza Platform, you need to complete the following building
blocks:
2. Configure Capriza Platform Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Capriza Platform test user - to have a counterpart of Britta Simon in Capriza Platform that is linked to
To configure Azure AD single sign-on with Capriza Platform, perform the following steps:
1. In the Azure portal, on the Capriza Platform application integration page, select Single sign-on.
dialog.

https://<companyname>.capriza.com/<tenantid>
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact Capriza Platform Client support team to
6. On the Set up Capriza Platform section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Capriza Platform Single Sign-On
To configure single sign-on on Capriza Platform side, you need to send the downloaded Certificate (Base64)
and appropriate copied URLs from Azure portal to Capriza Platform support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Capriza Platform.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Capriza Platform.
2. In the applications list, select Capriza Platform.
Create Capriza Platform test user
The objective of this section is to create a user called Britta Simon in Capriza. Capriza supports just-in-time
provisioning, which is by default enabled. Please make sure that your domain name is configured with
Capriza for user provisioning. After that only the just-in-time user provisioning will work.
There is no action item for you in this section. A new user will be created during an attempt to access Capriza if it
doesn't exist yet.
Test single sign-on
When you click the Capriza Platform tile in the Access Panel, you should be automatically signed in to the Capriza
Platform for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Tutorial: Integrate Carbonite Endpoint Backup with
Azure Active Directory
In this tutorial, you'll learn how to integrate Carbonite Endpoint Backup with Azure Active Directory (Azure AD ).
When you integrate Carbonite Endpoint Backup with Azure AD, you can:
Control in Azure AD who has access to Carbonite Endpoint Backup.
Enable your users to be automatically signed-in to Carbonite Endpoint Backup with their Azure AD accounts.
Prerequisites
Carbonite Endpoint Backup single sign-on (SSO ) enabled subscription.
Carbonite Endpoint Backup supports SP and IDP initiated SSO
Adding Carbonite Endpoint Backup from the gallery

To configure the integration of Carbonite Endpoint Backup into Azure AD, you need to add Carbonite Endpoint
Backup from the gallery to your list of managed SaaS apps.
5. In the Add from the gallery section, type Carbonite Endpoint Backup in the search box.
6. Select Carbonite Endpoint Backup from results panel and then add the app. Wait a few seconds while the

Configure and test Azure AD SSO with Carbonite Endpoint Backup using a test user called B.Simon. For SSO to
work, you need to establish a link relationship between an Azure AD user and the related user in Carbonite
Endpoint Backup.
To configure and test Azure AD SSO with Carbonite Endpoint Backup, complete the following building blocks:
2. Configure Carbonite Endpoint Backup SSO - to configure the Single Sign-On settings on application side.
5. Create Carbonite Endpoint Backup test user - to have a counterpart of B.Simon in Carbonite Endpoint
Backup that is linked to the Azure AD representation of user.
1. In the Azure portal, on the Carbonite Endpoint Backup application integration page, find the Manage
section and select Single sign-on.
a. In the Identifier text box, type one of the following URLs:
https://red-us.mysecuredatavault.com
https://red-apac.mysecuredatavault.com
https://red-fr.mysecuredatavault.com
https://red-emea.mysecuredatavault.com
https://kamino.mysecuredatavault.com
b. In the Reply URL text box, type one of the following URLs:
https://red-
us.mysecuredatavault.com/AssertionConsumerService.aspx
https://red-
apac.mysecuredatavault.com/AssertionConsumerService.aspx
https://red-
fr.mysecuredatavault.com/AssertionConsumerService.aspx
https://red-
emea.mysecuredatavault.com/AssertionConsumerService.aspx
initiated mode:
In the Sign-on URL text box, type one of the following URLs:
https://red-us.mysecuredatavault.com/
https://red-apac.mysecuredatavault.com/
https://red-fr.mysecuredatavault.com/
https://red-emea.mysecuredatavault.com/
7. On the Set up Carbonite Endpoint Backup section, copy the appropriate URL (s) based on your
requirement.
Configure Carbonite Endpoint Backup SSO

1. To automate the configuration within Carbonite Endpoint Backup, you need to install My Apps Secure
Sign-in browser extension by clicking Install the extension.
2. After adding extension to the browser, click on Setup Carbonite Endpoint Backup will direct you to the
Carbonite Endpoint Backup application. From there, provide the admin credentials to sign into Carbonite
Endpoint Backup. The browser extension will automatically configure the application for you and automate
steps 3-7.
3. If you want to setup Carbonite Endpoint Backup manually, open a new web browser window and sign into
your Carbonite Endpoint Backup company site as an administrator and perform the following steps:
4. Click on the Company from the left pane.
5. Click on Single sign-on.
6. Click on Enable and then click Edit settings to configure.

7. On the Single sign-on settings page, perform the following steps:
a. In the Identity provider name textbox, paste the Azure AD Identifier value, which you have
b. In the Identity provider URL textbox, paste the Login URL value, which you have copied from the
Azure portal.
c. Click on Choose file to upload the downloaded Certificate(Base64) file from the Azure portal.
d. Click Save.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Carbonite Endpoint Backup.
2. In the applications list, select Carbonite Endpoint Backup.
Create Carbonite Endpoint Backup test user
1. In a different web browser window, sign in to your Carbonite Endpoint Backup company site as an
administrator.
2. Click on the Users from the left pane and then click Add user.
3. On the Add user page, perform the following steps:

a. Enter the Email, First name, Last name of the user and provide the required permissions to the
user according to the Organizational requirements.
b. Click Add user.
Test SSO
When you click the Carbonite Endpoint Backup tile in the Access Panel, you should be automatically signed in to
the Carbonite Endpoint Backup for which you set up SSO. For more information about the Access Panel, see
Carlson Wagonlit Travel
In this tutorial, you learn how to integrate Carlson Wagonlit Travel with Azure Active Directory (Azure AD ).
Integrating Carlson Wagonlit Travel with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Carlson Wagonlit Travel.
You can enable your users to be automatically signed-in to Carlson Wagonlit Travel (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Carlson Wagonlit Travel, you need the following items:
Carlson Wagonlit Travel single sign-on enabled subscription
Carlson Wagonlit Travel supports IDP initiated SSO
Adding Carlson Wagonlit Travel from the gallery

To configure the integration of Carlson Wagonlit Travel into Azure AD, you need to add Carlson Wagonlit Travel
To add Carlson Wagonlit Travel from the gallery, perform the following steps:
4. In the search box, type Carlson Wagonlit Travel, select Carlson Wagonlit Travel from result panel then

In this section, you configure and test Azure AD single sign-on with Carlson Wagonlit Travel based on a test user
in Carlson Wagonlit Travel needs to be established.
To configure and test Azure AD single sign-on with Carlson Wagonlit Travel, you need to complete the following
building blocks:
2. Configure Carlson Wagonlit Travel Single Sign-On - to configure the Single Sign-On settings on
application side.
5. Create Carlson Wagonlit Travel test user - to have a counterpart of Britta Simon in Carlson Wagonlit Travel
To configure Azure AD single sign-on with Carlson Wagonlit Travel, perform the following steps:
1. In the Azure portal, on the Carlson Wagonlit Travel application integration page, select Single sign-on.
dialog.

In the Identifier text box, type the value: cwt-stage
6. On the Set-up Carlson Wagonlit Travel section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Carlson Wagonlit Travel Single Sign-On
To configure single sign-on on Carlson Wagonlit Travel side, you need to send the downloaded Federation
Metadata XML and appropriate copied URLs from Azure portal to Carlson Wagonlit Travel support team. They
2. Select New user, at the top of the screen.


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Carlson Wagonlit Travel.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Carlson Wagonlit
Travel.
2. In the applications list, select Carlson Wagonlit Travel.

Create Carlson Wagonlit Travel test user
In this section, you create a user called Britta Simon in Carlson Wagonlit Travel. Work with Carlson Wagonlit Travel
support team to add the users in the Carlson Wagonlit Travel platform. Users must be created and activated before
Test single sign-on
When you click the Carlson Wagonlit Travel tile in the Access Panel, you should be automatically signed in to the
Carlson Wagonlit Travel for which you set up SSO. For more information about the Access Panel, see Introduction
integration with CBRE ServiceInsight
In this tutorial, you'll learn how to integrate CBRE ServiceInsight with Azure Active Directory (Azure AD ). When
you integrate CBRE ServiceInsight with Azure AD, you can:
Control in Azure AD who has access to CBRE ServiceInsight.
Enable your users to be automatically signed-in to CBRE ServiceInsight with their Azure AD accounts.
Prerequisites
CBRE ServiceInsight single sign-on (SSO ) enabled subscription.
CBRE ServiceInsight supports SP initiated SSO
CBRE ServiceInsight supports Just In Time user provisioning
Adding CBRE ServiceInsight from the gallery

To configure the integration of CBRE ServiceInsight into Azure AD, you need to add CBRE ServiceInsight from the
5. In the Add from the gallery section, type CBRE ServiceInsight in the search box.
6. Select CBRE ServiceInsight from results panel and then add the app. Wait a few seconds while the app is
Configure and test Azure AD single sign-on for CBRE ServiceInsight

Configure and test Azure AD SSO with CBRE ServiceInsight using a test user called B.Simon. For SSO to work,
you need to establish a link relationship between an Azure AD user and the related user in CBRE ServiceInsight.
To configure and test Azure AD SSO with CBRE ServiceInsight, complete the following building blocks:
2. Configure CBRE ServiceInsight SSO - to configure the single sign-on settings on application side.
a. Create CBRE ServiceInsight test user - to have a counterpart of B.Simon in CBRE ServiceInsight that
is linked to the Azure AD representation of user.

1. In the Azure portal, on the CBRE ServiceInsight application integration page, find the Manage section
edit the settings.
In the Sign-on URL text box, type a URL: https://adfs4.mainstreamsasp.com/adfs/ls/
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact CBRE ServiceInsight Client support team
to get the value. You can also refer to the patterns shown in the Basic SAML Configuration section in the Azure
portal.

.
B.Simon@contoso.com
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to CBRE ServiceInsight.
2. In the applications list, select CBRE ServiceInsight.
Configure CBRE ServiceInsight SSO

To configure single sign-on on CBRE ServiceInsight side, you need to send the App Federation Metadata Url
to CBRE ServiceInsight support team. They set this setting to have the SAML SSO connection set properly on both
sides.
Create CBRE ServiceInsight test user
In this section, a user called Britta Simon is created in CBRE ServiceInsight. CBRE ServiceInsight supports just-in-
already exist in CBRE ServiceInsight, a new one is created when you attempt to access CBRE ServiceInsight.
Test SSO
When you click the CBRE ServiceInsight tile in the Access Panel, you should be automatically signed in to the
CBRE ServiceInsight for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
Try CBRE ServiceInsight with Azure AD
Central Desktop
In this tutorial, you learn how to integrate Central Desktop with Azure Active Directory (Azure AD ). Integrating
Central Desktop with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Central Desktop.
You can enable your users to be automatically signed-in to Central Desktop (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Central Desktop, you need the following items:
Central Desktop single sign-on enabled subscription
Central Desktop supports SP initiated SSO
Adding Central Desktop from the gallery

To configure the integration of Central Desktop into Azure AD, you need to add Central Desktop from the gallery
To add Central Desktop from the gallery, perform the following steps:
4. In the search box, type Central Desktop, select Central Desktop from result panel then click Add button

In this section, you configure and test Azure AD single sign-on with Central Desktop based on a test user called
Central Desktop needs to be established.
To configure and test Azure AD single sign-on with Central Desktop, you need to complete the following building
blocks:
2. Configure Central Desktop Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Central Desktop test user - to have a counterpart of Britta Simon in Central Desktop that is linked to
To configure Azure AD single sign-on with Central Desktop, perform the following steps:
1. In the Azure portal, on the Central Desktop application integration page, select Single sign-on.
dialog.

https://<companyname>.centraldesktop.com
https://<companyname>.centraldesktop.com/saml2-metadata.php
https://<companyname>.imeetcentral.com/saml2-metadata.php
https://<companyname>.centraldesktop.com/saml2-assertion.php
NOTE
These values are not real. Update these values with the actual Sign-On URL, Identifier and Reply URL. Contact Central
Desktop Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
on your computer.
6. On the Set up Central Desktop section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Central Desktop Single Sign-On
1. Sign in to your Central Desktop tenant.
2. Go to Settings. Select Advanced, and then select Single Sign On.
3. On the Single Sign On Settings page, take the following steps:
a. Select Enable SAML v2 Single Sign On.

b. In the SSO URL box, paste the Azure Ad Identifier value that you copied from the Azure portal.
c. In the SSO Login URL box, paste the Login URL value that you copied from the Azure portal.
d. In the SSO Logout URL box, paste the Logout URL value that you copied from the Azure portal.
4. In the Message Signature Verification Method section, take the following steps:
a. Select Certificate.
b. In the SSO Certificate list, select RSH SHA256.
c. Open your downloaded certificate in Notepad. Then copy the content of certificate and paste it into the
SSO Certificate field.
d. Select Display a link to your SAMLv2 login page.
e. Select Update.


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Central Desktop.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Central Desktop.
2. In the applications list, select Central Desktop.

Create Central Desktop test user
For Azure AD users to be able to sign in, they must be provisioned in the Central Desktop application. This section
describes how to create Azure AD user accounts in Central Desktop.
NOTE
To provision Azure AD user accounts, you can use any other Central Desktop user account creation tools or APIs that are
provided by Central Desktop.
To provision user accounts to Central Desktop:
1. Sign in to your Central Desktop tenant.
2. Select People and then select Add Internal Members.
3. In the Email Address of New Members box, type an Azure AD account that you want to provision, and
then select Next.
4. Select Add Internal member(s).
NOTE
The users that you add receive an email that includes a confirmation link for activating their accounts.
Test single sign-on

When you click the Central Desktop tile in the Access Panel, you should be automatically signed in to the Central
Desktop for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Ceridian Dayforce HCM
In this tutorial, you learn how to integrate Ceridian Dayforce HCM with Azure Active Directory (Azure AD ).
Integrating Ceridian Dayforce HCM with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Ceridian Dayforce HCM.
You can enable your users to be automatically signed-in to Ceridian Dayforce HCM (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Ceridian Dayforce HCM, you need the following items:
Ceridian Dayforce HCM single sign-on enabled subscription
Ceridian Dayforce HCM supports SP initiated SSO
Adding Ceridian Dayforce HCM from the gallery

To configure the integration of Ceridian Dayforce HCM into Azure AD, you need to add Ceridian Dayforce HCM
To add Ceridian Dayforce HCM from the gallery, perform the following steps:
4. In the search box, type Ceridian Dayforce HCM, select Ceridian Dayforce HCM from result panel then

In this section, you configure and test Azure AD single sign-on with Ceridian Dayforce HCM based on a test user
in Ceridian Dayforce HCM needs to be established.
To configure and test Azure AD single sign-on with Ceridian Dayforce HCM, you need to complete the following
building blocks:
2. Configure Ceridian Dayforce HCM Single Sign-On - to configure the Single Sign-On settings on
application side.
5. Create Ceridian Dayforce HCM test user - to have a counterpart of Britta Simon in Ceridian Dayforce HCM
To configure Azure AD single sign-on with Ceridian Dayforce HCM, perform the following steps:
1. In the Azure portal, on the Ceridian Dayforce HCM application integration page, select Single sign-on.
dialog.

a. In the Sign On URL textbox, type the URL used by your users to sign-on to your Ceridian Dayforce HCM
application.
ENVIRONMENT URL
For production https://sso.dayforcehcm.com/<DayforcehcmNamespace>
For test https://ssotest.dayforcehcm.com/<DayforcehcmNamespace>
b. In the Identifier textbox, type a URL using the following pattern:
ENVIRONMENT URL
For production https://ncpingfederate.dayforcehcm.com/sp
For test https://fs-test.dayforcehcm.com/sp
c. In the Reply URL textbox, type the URL used by Azure AD to post the response.
ENVIRONMENT URL
For production https://ncpingfederate.dayforcehcm.com/sp/ACS.saml2
For test https://fs-test.dayforcehcm.com/sp/ACS.saml2
NOTE
Ceridian Dayforce HCM Client support team to get these values. You can also refer to the patterns shown in the
5. Ceridian Dayforce HCM application expects the SAML assertions in a specific format. Configure the
name user.extensionattribute2
e. From the Source attribute list, select the user attribute you want to use for your implementation. For
example, if you want to use the EmployeeID as unique user identifier and you have stored the attribute value
in the ExtensionAttribute2, then select user.extensionattribute2.
f. Click Ok
g. Click Save.
Download to download the Metadata XML from the given options as per your requirement and save it on
your computer.
8. On the Set up Ceridian Dayforce HCM section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Ceridian Dayforce HCM Single Sign-On
To configure single sign-on on Ceridian Dayforce HCM side, you need to send the downloaded Metadata XML
and appropriate copied URLs from Azure portal to Ceridian Dayforce HCM support team. They set this setting to


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Ceridian Dayforce HCM.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Ceridian
Dayforce HCM.
2. In the applications list, select Ceridian Dayforce HCM.

Create Ceridian Dayforce HCM test user
In this section, you create a user called Britta Simon in Ceridian Dayforce HCM. Work with Ceridian Dayforce HCM
support team to add the users in the Ceridian Dayforce HCM platform. Users must be created and activated before
Test single sign-on
When you click the Ceridian Dayforce HCM tile in the Access Panel, you should be automatically signed in to the
Ceridian Dayforce HCM for which you set up SSO. For more information about the Access Panel, see Introduction
Cerner Central
In this tutorial, you learn how to integrate Cerner Central with Azure Active Directory (Azure AD ). Integrating
Cerner Central with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Cerner Central.
You can enable your users to be automatically signed-in to Cerner Central (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Cerner Central, you need the following items:
Cerner Central single sign-on enabled subscription
Cerner Central supports IDP initiated SSO
Cerner Central supports Automated user provisioning
Adding Cerner Central from the gallery

To configure the integration of Cerner Central into Azure AD, you need to add Cerner Central from the gallery to
To add Cerner Central from the gallery, perform the following steps:
4. In the search box, type Cerner Central, select Cerner Central from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with Cerner Central based on a test user called
Cerner Central needs to be established.
To configure and test Azure AD single sign-on with Cerner Central, you need to complete the following building
blocks:
2. Configure Cerner Central Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Cerner Central test user - to have a counterpart of Britta Simon in Cerner Central that is linked to the
To configure Azure AD single sign-on with Cerner Central, perform the following steps:
1. In the Azure portal, on the Cerner Central application integration page, select Single sign-on.
dialog.
https://<instancename>.cernercentral.com/session-api/protocol/saml2/metadata
https://<instancename>.sandboxcernercentral.com/session-api/protocol/saml2/metadata
https://<instancename>.cernercentral.com/session-api/protocol/saml2/sso
https://<instancename>.sandboxcernercentral.com/session-api/protocol/saml2/sso
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact Cerner Central Client
Configure Cerner Central Single Sign-On

To configure single sign-on on Cerner Central side, you need to send the App Federation Metadata Url to
Cerner Central support team. They set this setting to have the SAML SSO connection set properly on both sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Cerner Central.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Cerner Central.
2. In the applications list, select Cerner Central.
Create Cerner Central test user
Cerner Central application allows authentication from any federated identity provider. If a user is able to sign in to
the application home page, they are federated and have no need for any manual provisioning. You can find more
details here on how to configure automatic user provisioning.
Test single sign-on
When you click the Cerner Central tile in the Access Panel, you should be automatically signed in to the Cerner
Central for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Certain Admin SSO
In this tutorial, you learn how to integrate Certain Admin SSO with Azure Active Directory (Azure AD ). Integrating
Certain Admin SSO with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Certain Admin SSO.
You can enable your users to be automatically signed-in to Certain Admin SSO (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Certain Admin SSO, you need the following items:
Certain Admin SSO single sign-on enabled subscription
Certain Admin SSO supports SP initiated SSO
Adding Certain Admin SSO from the gallery

To configure the integration of Certain Admin SSO into Azure AD, you need to add Certain Admin SSO from the
To add Certain Admin SSO from the gallery, perform the following steps:
4. In the search box, type Certain Admin SSO, select Certain Admin SSO from result panel then click Add

In this section, you configure and test Azure AD single sign-on with Certain Admin SSO based on a test user called
Certain Admin SSO needs to be established.
To configure and test Azure AD single sign-on with Certain Admin SSO, you need to complete the following
building blocks:
2. Configure Certain Admin SSO Single Sign-On - to configure the Single Sign-On settings on application
side.
5. Create Certain Admin SSO test user - to have a counterpart of Britta Simon in Certain Admin SSO that is
To configure Azure AD single sign-on with Certain Admin SSO, perform the following steps:
1. In the Azure portal, on the Certain Admin SSO application integration page, select Single sign-on.
dialog.

https://<YOUR DOMAIN URL>/svcs/sso_admin_login/handleRequest/<ID>
https://<SUBDOMAIN>.certain.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Certain Admin SSO
on your computer.
6. On the Set up Certain Admin SSO section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Certain Admin SSO Single Sign-On
To configure single sign-on on Certain Admin SSO side, you need to send the downloaded Certificate (Raw)
and appropriate copied URLs from Azure portal to Certain Admin SSO support team. They set this setting to have

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Certain Admin SSO.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Certain Admin
SSO.
2. In the applications list, select Certain Admin SSO.
Create Certain Admin SSO test user
In this section, you create a user called Britta Simon in Certain Admin SSO. Work with Certain Admin SSO
support team to add the users in the Certain Admin SSO platform. Users must be created and activated before you
use single sign-on.
Test single sign-on
When you click the Certain Admin SSO tile in the Access Panel, you should be automatically signed in to the
Certain Admin SSO for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
Certent Equity Management
In this tutorial, you learn how to integrate Certent Equity Management with Azure Active Directory (Azure AD ).
Integrating Certent Equity Management with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Certent Equity Management.
You can enable your users to be automatically signed-in to Certent Equity Management (Single Sign-On) with
you begin.
Prerequisites
To configure Azure AD integration with Certent Equity Management, you need the following items:
Certent Equity Management single sign-on enabled subscription
Certent Equity Management supports IDP initiated SSO
Adding Certent Equity Management from the gallery

To configure the integration of Certent Equity Management into Azure AD, you need to add Certent Equity
Management from the gallery to your list of managed SaaS apps.
To add Certent Equity Management from the gallery, perform the following steps:
4. In the search box, type Certent Equity Management, select Certent Equity Management from result

In this section, you configure and test Azure AD single sign-on with Certent Equity Management based on a test
user in Certent Equity Management needs to be established.
To configure and test Azure AD single sign-on with Certent Equity Management, you need to complete the
2. Configure Certent Equity Management Single Sign-On - to configure the Single Sign-On settings on
application side.
5. Create Certent Equity Management test user - to have a counterpart of Britta Simon in Certent Equity
Management that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with Certent Equity Management, perform the following steps:
1. In the Azure portal, on the Certent Equity Management application integration page, select Single sign-
on.
dialog.
https://<SUBDOMAIN>.certent.com/sys/sso/saml/acs.aspx
https://<SUBDOMAIN>.certent.com/sys/sso/saml/acs.aspx
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact Certent Integration
Analyst assigned by Customer Success Manager to get these values. You can also refer to the patterns shown in the
5. Certent Equity Management application expects the SAML assertions in a specific format, which requires
you to add custom attribute mappings to your SAML token attributes configuration. The following
screenshot shows the list of default attributes. Click Edit icon to open User Attributes dialog.
6. For classic SSO, Certent Equity Management application expects few more attributes to be passed back in
SAML response. In the User Claims section on the User Attributes dialog, perform the following steps to
add SAML token attribute as shown in the below table:
COMPANY user.companyname
USER user.userprincipalname
ROLE user.assignedroles
NOTE
Please click here to know how to configure Role in Azure AD
f. Click Save.
8. On the Set up Certent Equity Management section, copy the appropriate URL (s) as per your
requirement.
a. Login URL
c. Logout URL
Configure Certent Equity Management Single Sign-On
To configure single sign-on on Certent Equity Management side, you need to send the downloaded Federation
Metadata XML and appropriate copied URLs from Azure portal to Certent Integration Analyst assigned by
Customer Success Manager. They set this setting to have the SAML SSO connection set properly on both sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Certent Equity
Management.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Certent Equity
Management.
2. In the applications list, select Certent Equity Management.

Create Certent Equity Management test user
In this section, you create a user called Britta Simon in Certent Equity Management. Work with Certent Integration
Analyst assigned by Customer Success Manager to add the users in the Certent Equity Management platform.
Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Certent Equity Management tile in the Access Panel, you should be automatically signed in to
the Certent Equity Management for which you set up SSO. For more information about the Access Panel, see
Certify
In this tutorial, you learn how to integrate Certify with Azure Active Directory (Azure AD ). Integrating Certify with
You can control in Azure AD who has access to Certify.
You can enable your users to be automatically signed-in to Certify (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Certify, you need the following items:
Certify single sign-on enabled subscription
Certify supports IDP initiated SSO
Certify supports Just In Time user provisioning
Adding Certify from the gallery

To configure the integration of Certify into Azure AD, you need to add Certify from the gallery to your list of
managed SaaS apps.
To add Certify from the gallery, perform the following steps:
4. In the search box, type Certify, select Certify from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Certify based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Certify
To configure and test Azure AD single sign-on with Certify, you need to complete the following building blocks:
2. Configure Certify Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Certify test user - to have a counterpart of Britta Simon in Certify that is linked to the Azure AD
To configure Azure AD single sign-on with Certify, perform the following steps:
1. In the Azure portal, on the Certify application integration page, select Single sign-on.
dialog.

In the Identifier text box, type the URL: https://www.certify.com
on your computer.
6. On the Set up Certify section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Certify Single Sign-On
To configure single sign-on on Certify side, you need to send the downloaded Certificate (Raw) and appropriate
copied URLs from Azure portal to Certify support team. They set this setting to have the SAML SSO connection


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Certify.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Certify.
2. In the applications list, select Certify.

Create Certify test user
In this section, a user called Britta Simon is created in Certify. Certify supports just-in-time user provisioning, which
is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Certify, a new
NOTE
If you need to create an user manually, you need to contact the Certify support team.
Test single sign-on
When you click the Certify tile in the Access Panel, you should be automatically signed in to the Certify for which
Cezanne HR Software
In this tutorial, you learn how to integrate Cezanne HR Software with Azure Active Directory (Azure AD ).
Integrating Cezanne HR Software with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Cezanne HR Software.
You can enable your users to be automatically signed-in to Cezanne HR Software (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Cezanne HR Software, you need the following items:
Cezanne HR Software single sign-on enabled subscription
Cezanne HR Software supports SP initiated SSO
Adding Cezanne HR Software from the gallery

To configure the integration of Cezanne HR Software into Azure AD, you need to add Cezanne HR Software from
To add Cezanne HR Software from the gallery, perform the following steps:
4. In the search box, type Cezanne HR Software, select Cezanne HR Software from result panel then click

In this section, you configure and test Azure AD single sign-on with Cezanne HR Software based on a test user
in Cezanne HR Software needs to be established.
To configure and test Azure AD single sign-on with Cezanne HR Software, you need to complete the following
building blocks:
2. Configure Cezanne HR Software Single Sign-On - to configure the Single Sign-On settings on application
side.
5. Create Cezanne HR Software test user - to have a counterpart of Britta Simon in Cezanne HR Software that
To configure Azure AD single sign-on with Cezanne HR Software, perform the following steps:
1. In the Azure portal, on the Cezanne HR Software application integration page, select Single sign-on.
dialog.

https://w3.cezanneondemand.com/CezanneOnDemand/-/<tenantidentifier>
b. In the Identifier (Entity ID ) text box, type the URL: https://w3.cezanneondemand.com/CezanneOnDemand/
c. In the Reply URL textbox, type a URL using the following pattern:
https://w3.cezanneondemand.com:443/cezanneondemand/-/<tenantidentifier>/Saml/samlp
NOTE
These values are not real. Update these values with the actual Sign-On URL and Reply URL. Contact Cezanne HR
Software Client support team to get these values.
6. On the Set up Cezanne HR Software section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Cezanne HR Software Single Sign-On
1. In a different web browser window, sign-on to your Cezanne HR Software tenant as an administrator.
2. On the left navigation pane, click System Setup. Go to Security Settings. Then navigate to Single Sign-
On Configuration.
3. In the Allow users to log in using the following Single Sign-On (SSO ) Service panel, check the SAML
2.0 box and select the Advanced Configuration option.
4. Click Add New button.
5. Perform the following steps on SAML 2.0 IDENTITY PROVIDERS section.
a. Enter the name of your Identity Provider as the Display Name.

b. In the Entity Identifier textbox, paste the value of Azure Ad Identifier which you have copied from the
Azure portal.
c. Change the SAML Binding to 'POST'.
d. In the Security Token Service Endpoint textbox, paste the value of Login URL which you have copied
from the Azure portal.
e. In the User ID Attribute Name textbox, enter http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name .
f. Click Upload icon to upload the downloaded certificate from Azure portal.
g. Click the Ok button.
6. Click Save button.


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Cezanne HR Software.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Cezanne HR
Software.
2. In the applications list, select Cezanne HR Software.

Create Cezanne HR Software test user
In order to enable Azure AD users to log into Cezanne HR Software, they must be provisioned into Cezanne HR
Software. In the case of Cezanne HR Software, provisioning is a manual task.
1. Log into your Cezanne HR Software company site as an administrator.
2. On the left navigation pane, click System Setup. Go to Manage Users. Then navigate to Add New User.
3. On PERSON DETAILS section, perform below steps:
a. Set Internal User as OFF.

b. In the First Name textbox, type the First Name of user like Britta.
c. In the Last Name textbox, type the last Name of user like Simon.
d. In the E -mail textbox, type the email address of user like Brittasimon@contoso.com.
4. On Account Information section, perform below steps:
a. In the Username textbox, type the email of user like Brittasimon@contoso.com.
c. Select HR Professional as Security Role.
d. Click OK.
5. Navigate to Single Sign-On tab and select Add New in the SAML 2.0 Identifiers area.
6. Choose your Identity Provider for the Identity Provider and in the text box of User Identifier, enter the
email address of Britta Simon account.

Test single sign-on
When you click the Cezanne HR Software tile in the Access Panel, you should be automatically signed in to the
Cezanne HR Software for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
Tutorial: Integrate Chargebee with Azure Active
Directory
In this tutorial, you'll learn how to integrate Chargebee with Azure Active Directory (Azure AD ). When you
integrate Chargebee with Azure AD, you can:
Control in Azure AD who has access to Chargebee.
Enable your users to be automatically signed-in to Chargebee with their Azure AD accounts.
Prerequisites
Chargebee single sign-on (SSO ) enabled subscription.
Chargebee supports SP and IDP initiated SSO
Adding Chargebee from the gallery

To configure the integration of Chargebee into Azure AD, you need to add Chargebee from the gallery to your list
5. In the Add from the gallery section, type Chargebee in the search box.
6. Select Chargebee from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Chargebee

Configure and test Azure AD SSO with Chargebee using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Chargebee.
To configure and test Azure AD SSO with Chargebee, complete the following building blocks:
2. Configure Chargebee SSO - to configure the Single Sign-On settings on application side.
a. Create Chargebee test user - to have a counterpart of B.Simon in Chargebee that is linked to the Azure

1. In the Azure portal, on the Chargebee application integration page, find the Manage section and select
Single sign-on.
a. In the Identifier text box, type a URL using the following pattern: https://<domainname>.chargebee.com
https://app.chargebee.com/saml/<domainname>/acs
initiated mode:
In the Sign-on URL text box, type a URL using the following pattern: https://<domainname>.chargebee.com
NOTE
<domainname> is the name of the domain that the user creates after claiming the account. In case of any other
information, contact Chargebee Client support team. You can also refer to the patterns shown in the Basic SAML
7. On the Set up Chargebee section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Chargebee.
2. In the applications list, select Chargebee.
Configure Chargebee SSO

1. Open a new web browser window and sign into your Chargebee company site as an administrator.
2. From the left side of menu, click on Settings > Security > Manage.
3. On the Single Sign-On pop-up, perform the following steps:

a. Select SAML.
b. In the Login URL text box, Paste the Login URL value, which you have copied from the Azure portal.
c. Open the Base64 encoded certificate in notepad, copy its content and paste it into the SAML Certificate
text box.
d. Click Confirm.
Create Chargebee test user
To enable Azure AD users, sign in to Chargebee, they must be provisioned into Chargebee. In Chargebee,
1. In a different web browser window, sign in to Chargebee as a Security Administrator.
2. From the left side of menu,, click on Customers and then navigate to Create a New Customer.
3. On the New Customer page, fill the respective fields shown below and click Create Customer for user
creation.
Test SSO
When you click the Chargebee tile in the Access Panel, you should be automatically signed in to the Chargebee for
Cherwell
In this tutorial, you learn how to integrate Cherwell with Azure Active Directory (Azure AD ). Integrating Cherwell
You can control in Azure AD who has access to Cherwell.
You can enable your users to be automatically signed-in to Cherwell (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Cherwell, you need the following items:
Cherwell single sign-on enabled subscription
Cherwell supports SP initiated SSO
Adding Cherwell from the gallery

To configure the integration of Cherwell into Azure AD, you need to add Cherwell from the gallery to your list of
managed SaaS apps.
To add Cherwell from the gallery, perform the following steps:
4. In the search box, type Cherwell, select Cherwell from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Cherwell based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Cherwell
To configure and test Azure AD single sign-on with Cherwell, you need to complete the following building blocks:
2. Configure Cherwell Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Cherwell test user - to have a counterpart of Britta Simon in Cherwell that is linked to the Azure AD
To configure Azure AD single sign-on with Cherwell, perform the following steps:
1. In the Azure portal, on the Cherwell application integration page, select Single sign-on.
dialog.

https://<companyname>.cherwellondemand.com/cherwellclient
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact Cherwell Client support team to get the
6. On the Set up Cherwell section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Cherwell Single Sign-On
To configure single sign-on on Cherwell side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to Cherwell support team. They set this setting to have the SAML SSO
NOTE
Your Cherwell support team has to do the actual SSO configuration. You will get a notification when SSO has been enabled
for your subscription.


b. In the User name field, type brittasimon\@yourcompanydomain.extension . For example,
d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Cherwell.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Cherwell.
2. In the applications list, select Cherwell.
Create Cherwell test user
To enable Azure AD users to sign in to Cherwell, they must be provisioned into Cherwell. In the case of Cherwell,
the user accounts need to be created by your Cherwell support team.
NOTE
You can use any other Cherwell user account creation tools or APIs provided by Cherwell to provision Azure Active Directory
user accounts.
Test single sign-on

When you click the Cherwell tile in the Access Panel, you should be automatically signed in to the Cherwell for
Chromeriver
In this tutorial, you learn how to integrate Chromeriver with Azure Active Directory (Azure AD ). Integrating
Chromeriver with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Chromeriver.
You can enable your users to be automatically signed-in to Chromeriver (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Chromeriver, you need the following items:
Chromeriver single sign-on enabled subscription
Chromeriver supports IDP initiated SSO
Adding Chromeriver from the gallery

To configure the integration of Chromeriver into Azure AD, you need to add Chromeriver from the gallery to your
To add Chromeriver from the gallery, perform the following steps:
4. In the search box, type Chromeriver, select Chromeriver from result panel then click Add button to add
the application.

In this section, you configure and test Azure AD single sign-on with Chromeriver based on a test user called Britta
Chromeriver needs to be established.
To configure and test Azure AD single sign-on with Chromeriver, you need to complete the following building
blocks:
2. Configure Chromeriver Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Chromeriver test user - to have a counterpart of Britta Simon in Chromeriver that is linked to the
To configure Azure AD single sign-on with Chromeriver, perform the following steps:
1. In the Azure portal, on the Chromeriver application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type a URL using the following pattern: https://<subdomain>.chromeriver.com
https://<subdomain>.chromeriver.com/login/sso/saml/consume?customerId=<uniqueid>
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact Chromeriver Client
6. On the Set up Chromeriver section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Chromeriver Single Sign-On
To configure single sign-on on Chromeriver side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to Chromeriver support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Chromeriver.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Chromeriver.
2. In the applications list, select Chromeriver.
Create Chromeriver test user
To enable Azure AD users to log in to Chromeriver, they must be provisioned into Chromeriver. In the case of
Chromeriver, the user accounts need to be created by your Chromeriver support team.
NOTE
You can use any other Chromeriver user account creation tools or APIs provided by Chromeriver to provision Azure Active
Directory user accounts.
Test single sign-on

When you click the Chromeriver tile in the Access Panel, you should be automatically signed in to the Chromeriver
ChronicX®
In this tutorial, you learn how to integrate ChronicX® with Azure Active Directory (Azure AD ). Integrating
ChronicX® with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to ChronicX®.
You can enable your users to be automatically signed-in to ChronicX® (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with ChronicX®, you need the following items:
ChronicX® single sign-on enabled subscription
ChronicX® supports SP initiated SSO
ChronicX® supports Just In Time user provisioning
Adding ChronicX® from the gallery

To configure the integration of ChronicX® into Azure AD, you need to add ChronicX® from the gallery to your list
To add ChronicX® from the gallery, perform the following steps:
4. In the search box, type ChronicX®, select ChronicX® from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with ChronicX® based on a test user called Britta
ChronicX® needs to be established.
To configure and test Azure AD single sign-on with ChronicX®, you need to complete the following building
blocks:
2. Configure ChronicX® Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create ChronicX® test user - to have a counterpart of Britta Simon in ChronicX® that is linked to the Azure
To configure Azure AD single sign-on with ChronicX®, perform the following steps:
1. In the Azure portal, on the ChronicX® application integration page, select Single sign-on.
dialog.

https://<subdomain>.chronicx.com/ups/processlogonSSO.jsp
b. In the Identifier (Entity ID ) text box, type a URL: ups.chronicx.com
NOTE
The Sign-on URL value is not real. Update the value with the actual Sign-On URL. Contact ChronicX® Client support
Azure portal.
6. On the Set up ChronicX® section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure ChronicX Single Sign-On
To configure single sign-on on ChronicX® side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to ChronicX® support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to ChronicX®.
1. In the Azure portal, select Enterprise Applications, select All applications, then select ChronicX®.
2. In the applications list, select ChronicX®.
Create ChronicX test user
In this section, a user called Britta Simon is created in ChronicX®. ChronicX® supports just-in-time user
exist in ChronicX®, a new one is created after authentication.
NOTE
If you need to create a user manually, contact ChronicX® support team.
Test single sign-on

When you click the ChronicX® tile in the Access Panel, you should be automatically signed in to the ChronicX® for
Cimpl
In this tutorial, you learn how to integrate Cimpl with Azure Active Directory (Azure AD ). Integrating Cimpl with
You can control in Azure AD who has access to Cimpl.
You can enable your users to be automatically signed-in to Cimpl (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Cimpl, you need the following items:
Cimpl single sign-on enabled subscription
Cimpl supports SP initiated SSO
Adding Cimpl from the gallery

To configure the integration of Cimpl into Azure AD, you need to add Cimpl from the gallery to your list of
managed SaaS apps.
To add Cimpl from the gallery, perform the following steps:
4. In the search box, type Cimpl, select Cimpl from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Cimpl based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Cimpl
To configure and test Azure AD single sign-on with Cimpl, you need to complete the following building blocks:
2. Configure Cimpl Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Cimpl test user - to have a counterpart of Britta Simon in Cimpl that is linked to the Azure AD
To configure Azure AD single sign-on with Cimpl, perform the following steps:
1. In the Azure portal, on the Cimpl application integration page, select Single sign-on.
dialog.

https://sso.etelesolv.com/<TENANTNAME>
https://sso.etelesolv.com/<TENANTNAME>
NOTE
These values are not real. Update these values with the actual Sign-On URL and Identifier. Contact Cimpl team at +1
866-982-8250 to get these values.
6. On the Set up Cimpl section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Cimpl Single Sign-On
To configure single sign-on on Cimpl side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to Cimpl support at +1 866-982-8250. They set this setting to have

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Cimpl.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Cimpl.
2. In the applications list, select Cimpl.
Create Cimpl test user
The objective of this section is to create a user called Britta Simon in Cimpl. Work with Cimpl support at +1 866-
982-8250 to add the users in the Cimpl account.
Test single sign-on
When you click the Cimpl tile in the Access Panel, you should be automatically signed in to the Cimpl for which you
Tutorial: Azure Active Directory integration with Cisco
Cloud
In this tutorial, you learn how to integrate Cisco Cloud with Azure Active Directory (Azure AD ). Integrating Cisco
Cloud with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Cisco Cloud.
You can enable your users to be automatically signed-in to Cisco Cloud (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Cisco Cloud, you need the following items:
Cisco Cloud single sign-on enabled subscription
Cisco Cloud supports SP and IDP initiated SSO
Adding Cisco Cloud from the gallery

To configure the integration of Cisco Cloud into Azure AD, you need to add Cisco Cloud from the gallery to your
To add Cisco Cloud from the gallery, perform the following steps:
4. In the search box, type Cisco Cloud, select Cisco Cloud from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Cisco Cloud based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Cisco
Cloud needs to be established.
To configure and test Azure AD single sign-on with Cisco Cloud, you need to complete the following building
blocks:
2. Configure Cisco Cloud Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Cisco Cloud test user - to have a counterpart of Britta Simon in Cisco Cloud that is linked to the Azure
To configure Azure AD single sign-on with Cisco Cloud, perform the following steps:
1. In the Azure portal, on the Cisco Cloud application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type a URL using the following pattern: <subdomain>.cisco.com
https://<subdomain>.cisco.com/sp/ACS.saml2
initiated mode:
https://<subdomain>.cloudapps.cisco.com
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact Cisco
Cloud Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
6. Your Cisco Cloud application expects the SAML assertions in a specific format, which requires you to add
7. In addition to above, Cisco Cloud application expects few more attributes to be passed back in SAML
country user.country
company user.companyname
f. Click Ok
g. Click Save.
Configure Cisco Cloud Single Sign-On
To configure single sign-on on Cisco Cloud side, you need to send the App Federation Metadata Url to Cisco
Cloud support team. They set this setting to have the SAML SSO connection set properly on both sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Cisco Cloud.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Cisco Cloud.
2. In the applications list, select Cisco Cloud.

Create Cisco Cloud test user
In this section, you create a user called Britta Simon in Cisco Cloud. Work with Cisco Cloud support team to add
the users in the Cisco Cloud platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Cisco Cloud tile in the Access Panel, you should be automatically signed in to the Cisco Cloud
Tutorial: Integrate The Cloud Security Fabric with
In this tutorial, you'll learn how to integrate The Cloud Security Fabric with Azure Active Directory (Azure AD ).
When you integrate The Cloud Security Fabric with Azure AD, you can:
Control in Azure AD who has access to The Cloud Security Fabric.
Enable your users to be automatically signed-in to The Cloud Security Fabric with their Azure AD accounts.
Prerequisites
The Cloud Security Fabric single sign-on (SSO ) enabled subscription.
The Cloud Security Fabric supports SP initiated SSO
Adding The Cloud Security Fabric from the gallery

To configure the integration of The Cloud Security Fabric into Azure AD, you need to add The Cloud Security
Fabric from the gallery to your list of managed SaaS apps.
5. In the Add from the gallery section, type The Cloud Security Fabric in the search box.
6. Select The Cloud Security Fabric from results panel and then add the app. Wait a few seconds while the app is

Configure and test Azure AD SSO with The Cloud Security Fabric using a test user called B.Simon. For SSO to
work, you need to establish a link relationship between an Azure AD user and the related user in The Cloud
Security Fabric.
To configure and test Azure AD SSO with The Cloud Security Fabric, complete the following building blocks:
2. Configure The Cloud Security Fabric SSO - to configure the Single Sign-On settings on application side.
5. Create The Cloud Security Fabric test user - to have a counterpart of B.Simon in The Cloud Security Fabric
1. In the Azure portal, on the The Cloud Security Fabric application integration page, find the Manage

a. In the Sign on URL text box, type a URL:
https://platform.cloudlock.com
https://app.cloudlock.com
https://platform.cloudlock.com/gate/saml/sso/<subdomain>
https://app.cloudlock.com/gate/saml/sso/<subdomain>
NOTE
The Identifier value is not real. Update the value with the actual Identifier. Contact The Cloud Security Fabric Client
the Azure portal.
computer.
6. To Modify the Signing options as per your requirement, click Edit button to open SAML Signing
Certificate dialog.
a. Select the Sign SAML response and assertion option for Signing Option.
b. Select the SHA -256 option for Signing Algorithm.
c. Click Save.
7. On the Set up The Cloud Security Fabric section, copy the appropriate URL (s) based on your
requirement.
Configure The Cloud Security Fabric SSO

To configure single sign-on on The Cloud Security Fabric side, you need to send the downloaded Federation
Metadata XML and appropriate copied URLs from Azure portal to The Cloud Security Fabric support team. They
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to The Cloud Security Fabric.
2. In the applications list, select The Cloud Security Fabric.
Create The Cloud Security Fabric test user
In this section, you create a user called B.Simon in The Cloud Security Fabric. Work with The Cloud Security Fabric
support team to add the users in the The Cloud Security Fabric platform. Users must be created and activated
Test SSO
When you click the The Cloud Security Fabric tile in the Access Panel, you should be automatically signed in to the
The Cloud Security Fabric for which you set up SSO. For more information about the Access Panel, see
Tutorial: Azure Active Directory Single sign-on (SSO)
integration with Cisco Webex
In this tutorial, you'll learn how to integrate Cisco Webex with Azure Active Directory (Azure AD ). When you
integrate Cisco Webex with Azure AD, you can:
Control in Azure AD who has access to Cisco Webex.
Enable your users to be automatically signed-in to Cisco Webex with their Azure AD accounts.
Prerequisites
Cisco Webex single sign-on (SSO ) enabled subscription.
In this tutorial, you configure and test Azure AD SSO in a test environment. Cisco Webex supports SP initiated
SSO and supports Automated user provisioning.
Adding Cisco Webex from the gallery

To configure the integration of Cisco Webex into Azure AD, you need to add Cisco Webex from the gallery to your
5. In the Add from the gallery section, type Cisco Webex in the search box.
6. Select Cisco Webex from results panel and then add the app. Wait a few seconds while the app is added to
your tenant.
Configure and test Azure AD single sign-on for Cisco Webex

Configure and test Azure AD SSO with Cisco Webex using a test user called B.Simon. For SSO to work, you need
to establish a link relationship between an Azure AD user and the related user in Cisco Webex.
To configure and test Azure AD SSO with Cisco Webex, complete the following building blocks:
a. Create an Azure AD test user to test Azure AD single sign-on with B.Simon.
b. Assign the Azure AD test user to enable B.Simon to use Azure AD single sign-on.
2. Configure Cisco Webex to configure the SSO settings on application side.
a. Create Cisco Webex test user to have a counterpart of B.Simon in Cisco Webex that is linked to the
1. In the Azure portal, on the Cisco Webex application integration page, find the Manage section and select
Single sign-on.
4. On the Basic SAML Configuration section, upload the downloaded Service Provider metadata file and
configure the application by performing the following steps:
NOTE
You will get the Service Provider Metadata file from the Configure Cisco Webex section, which is explained later in
the tutorial.

c. After successful completion of uploading Service Provider metadata file the Identifier and Reply URL
values get auto populated in Basic SAML Configuration section:
In the Sign on URL textbox, paste the value of Reply URL, which gets autofilled by SP metadata file
upload.
5. Cisco Webex application expects the SAML assertions in a specific format, which requires you to add
6. In addition to above, Cisco Webex application expects few more attributes to be passed back in SAML
uid user.userprincipalname
f. Click Ok
g. Click Save.
computer.
8. On the Set up Cisco Webex section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Cisco Webex.
2. In the applications list, select Cisco Webex.
Configure Cisco Webex

1. Sign in to Cisco Cloud Collaboration Management with your full administrator credentials.
2. Select Settings and under the Authentication section, click Modify.
3. Select Integrate a 3rd-party identity provider. (Advanced) and go to the next screen.
4. On the Import Idp Metadata page, either drag and drop the Azure AD metadata file onto the page or use
the file browser option to locate and upload the Azure AD metadata file. Then, select Require certificate
signed by a certificate authority in Metadata (more secure) and click Next.
5. Select Test SSO Connection, and when a new browser tab opens, authenticate with Azure AD by signing
in.
6. Return to the Cisco Cloud Collaboration Management browser tab. If the test was successful, select This
test was successful. Enable Single Sign-On option and click Next.
Create Cisco Webex test user
In this section, you create a user called B.Simon in Cisco Webex. In this section, you create a user called B.Simon in
Cisco Webex.
1. Go to the Cisco Cloud Collaboration Management with your full administrator credentials.
2. Click Users and then Manage Users.
3. In the Manage User window, select Manually add or modify users and click Next.
4. Select Names and Email address. Then, fill out the textbox as follows:
a. In the First Name textbox, type first name of user like B.
b. In the Last Name textbox, type last name of user like Simon.
c. In the Email address textbox, type email address of user like b.simon@contoso.com.
5. Click the plus sign to add B.Simon. Then, click Next.
6. In the Add Services for Users window, click Save and then Finish.
Test SSO
When you select the Cisco Webex tile in the Access Panel, you should be automatically signed in to the Cisco
Webex for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Try Cisco Webex with Azure AD
Tutorial: Azure Active Directory integration with Cisco
Umbrella
In this tutorial, you learn how to integrate Cisco Umbrella with Azure Active Directory (Azure AD ). Integrating
Cisco Umbrella with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Cisco Umbrella.
You can enable your users to be automatically signed-in to Cisco Umbrella (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Cisco Umbrella, you need the following items:
Cisco Umbrella single sign-on enabled subscription
Cisco Umbrella supports SP and IDP initiated SSO
Adding Cisco Umbrella from the gallery

To configure the integration of Cisco Umbrella into Azure AD, you need to add Cisco Umbrella from the gallery to
To add Cisco Umbrella from the gallery, perform the following steps:
4. In the search box, type Cisco Umbrella, select Cisco Umbrella from result panel then click Add button to

building blocks:
2. Configure Cisco Umbrella Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Cisco Umbrella test user - to have a counterpart of Britta Simon in Cisco Umbrella that is linked to
1. In the Azure portal, on the Cisco Umbrella application integration page, select Single sign-on.
dialog.
a. If you wish to configure the application in SP intiated mode, perform the following steps:
c. In the Sign-on URL textbox, type a URL: https://login.umbrella.com/sso
your computer.
6. On the Set up Cisco Umbrella section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Cisco Umbrella Single Sign-On
1. In a different browser window, sign-on to your Cisco Umbrella company site as administrator.
2. From the left side of menu, click Admin and navigate to Authentication and then click on SAML.
3. Choose Other and click on NEXT.
4. On the Cisco Umbrella Metadata, page, click NEXT.
5. On the Upload Metadata tab, if you had pre-configured SAML, select Click here to change them option
and follow the below steps.
6. In the Option A: Upload XML file, upload the Federation Metadata XML file that you downloaded from
the Azure portal and after uploading metadata the below values get auto populated automatically then click
NEXT.
7. Under Validate SAML Configuration section, click TEST YOUR SAML CONFIGURATION.
8. Click SAVE.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Cisco Umbrella.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Cisco Umbrella.
2. In the applications list, type and select Cisco Umbrella.
Create Cisco Umbrella test user
To enable Azure AD users to log in to Cisco Umbrella, they must be provisioned into Cisco Umbrella.
In the case of Cisco Umbrella, provisioning is a manual task.
1. In a different browser window, sign-on to your Cisco Umbrella company site as administrator.
2. From the left side of menu, click Admin and navigate to Accounts.
3. On the Accounts page, click on Add on the top right side of the page and perform the following steps.
a. In the First Name field, enter the firstname like Britta.

b. In the Last Name field, enter the lastname like simon.
c. From the Choose Delegated Admin Role, select your role.
d. In the Email Address field, enter the emailaddress of user like brittasimon@contoso.com.
e. In the Password field, enter your password.
f. In the Confirm Password field, re-enter your password.
g. Click CREATE.
Test single sign-on
When you click the Cisco Umbrella tile in the Access Panel, you should be automatically signed in to the Cisco
Umbrella for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
integration with Cisco Webex Meetings
In this tutorial, you'll learn how to integrate Cisco Webex Meetings with Azure Active Directory (Azure AD ). When
you integrate Cisco Webex Meetings with Azure AD, you can:
Control in Azure AD who has access to Cisco Webex Meetings.
Enable your users to be automatically signed-in to Cisco Webex Meetings with their Azure AD accounts.
Prerequisites
Cisco Webex Meetings single sign-on (SSO ) enabled subscription.
Cisco Webex Meetings supports SP and IDP initiated SSO
Cisco Webex Meetings supports Just In Time user provisioning
Adding Cisco Webex Meetings from the gallery

To configure the integration of Cisco Webex Meetings into Azure AD, you need to add Cisco Webex Meetings from
5. In the Add from the gallery section, type Cisco Webex Meetings in the search box.
6. Select Cisco Webex Meetings from results panel and then add the app. Wait a few seconds while the app is
Configure and test Azure AD single sign-on for Cisco Webex Meetings
Configure and test Azure AD SSO with Cisco Webex Meetings using a test user called B.Simon. For SSO to work,
you need to establish a link relationship between an Azure AD user and the related user in Cisco Webex Meetings.
To configure and test Azure AD SSO with Cisco Webex Meetings, complete the following building blocks:
2. Configure Cisco Webex Meetings SSO - to configure the single sign-on settings on application side.
a. Create Cisco Webex Meetings test user - to have a counterpart of B.Simon in Cisco Webex Meetings

1. In the Azure portal, on the Cisco Webex Meetings application integration page, find the Manage section
3. On the Set up Single Sign-On with SAML page, you can configure the application in IDP initiated mode
by uploading the Service Provider metadata file as follows:
c. After successful completion of uploading Service Provider metadata file the Identifier and Reply URL
values get auto populated in Basic SAML Configuration section.
NOTE
You will get the Service Provider Metadata file from Configure Cisco Webex Meetings SSO section, which is
4. If you wish to configure the application in SP initiated mode, perform the following steps:
a. On the Basic SAML Configuration section, click the edit/pen icon.
b. In the Sign on URL textbox, type the URL using the following pattern:
https://<customername>.my.webex.com
5. Cisco Webex Meetings application expects the SAML assertions in a specific format, which requires you to
shows the list of default attributes. Click Edit icon to open User Attributes dialog.
6. In addition to above, Cisco Webex Meetings application expects few more attributes to be passed back in
email user.mail
uid user.mail
e. From the Source attribute list, select the attribute value shown for that row from the drop-down list.
f. Click Save.
computer.
8. On the Set up Cisco Webex Meetings section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Cisco Webex Meetings.
2. In the applications list, select Cisco Webex Meetings.
Configure Cisco Webex Meetings SSO

1. Go to https://<customername>.webex.com/admin URL with your administration credentials.
2. Go to Common Site Settings and navigate to SSO Configuration.
3. On the Webex Administration page, perform the following steps:
a. select SAML 2.0 as Federation Protocol.

b. Click on Import SAML Metadata link to upload the metadata file, which you have downloaded from
Azure portal.
c. Click on Export button to download the Service Provider Metadata file and upload it in the Basic SAML
d. In the AuthContextClassRef textbox, type urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified and if
you want to enable the MFA using Azure AD type the two values like
urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport;urn:oasis:names:tc:SAML:2.0:ac:classes:X509
e. Select Auto Account Creation.

NOTE
For enabling just-in-time user provisioning you need to check the Auto Account Creation. In addition to that SAML
token attributes need to be passed in the SAML response.
f. Click Save.
NOTE
This configuration is only for the customers that use Webex UserID in email format.
Create Cisco Webex Meetings test user

The objective of this section is to create a user called B.Simon in Cisco Webex Meetings. Cisco Webex Meetings
supports just-in-time provisioning, which is by default enabled. There is no action item for you in this section. If a
user doesn't already exist in Cisco Webex Meetings, a new one is created when you attempt to access Cisco Webex
Meetings.
Test SSO
When you click the Cisco Webex Meetings tile in the Access Panel, you should be automatically signed in to the
Cisco Webex Meetings for which you set up SSO. For more information about the Access Panel, see Introduction
Try ServiceNow with Azure AD
Tutorial: Azure Active Directory integration with Citrix
NetScaler
In this tutorial, you learn how to integrate Citrix NetScaler with Azure Active Directory (Azure AD ). Integrating
Citrix NetScaler with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Citrix NetScaler.
You can enable your users to be automatically signed-in to Citrix NetScaler (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Citrix NetScaler, you need the following items:
Citrix NetScaler single sign-on enabled subscription
Citrix NetScaler supports SP initiated SSO
Citrix NetScaler supports Just In Time user provisioning
Adding Citrix NetScaler from the gallery

To configure the integration of Citrix NetScaler into Azure AD, you need to add Citrix NetScaler from the gallery to
To add Citrix NetScaler from the gallery, perform the following steps:
4. In the search box, type Citrix NetScaler, select Citrix NetScaler from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with Citrix NetScaler based on a test user called
Citrix NetScaler needs to be established.
To configure and test Azure AD single sign-on with Citrix NetScaler, you need to complete the following building
blocks:
2. Configure Citrix NetScaler Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Citrix NetScaler test user - to have a counterpart of Britta Simon in Citrix NetScaler that is linked to
To configure Azure AD single sign-on with Citrix NetScaler, perform the following steps:
1. In the Azure portal, on the Citrix NetScaler application integration page, select Single sign-on.
dialog.

https://<<Your FQDN>>/CitrixAuthService/AuthService.asmx
b. In the Identifier (Entity ID ) text box, type a URL using the following pattern: https://<<Your FQDN>>
c. In the Reply URL (Assertion Consumer Service URL ) text box, type a URL using the following pattern:
https://<<Your FQDN>>/CitrixAuthService/AuthService.asmx
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Citrix NetScaler
NOTE
In order to get SSO working, these URLs should be accessible from public sites. You need to enable the firewall or
other security settings on Netscaler side to enble Azure AD to post the token on the configured ACS URL.
6. On the Set up Citrix NetScaler section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Citrix NetScaler Single Sign-On
1. In a different web browser window, sign-on to your Citrix NetScaler tenant as an administrator.
2. Make sure that the NetScaler Firmware Version = NS12.1: Build 48.13.nc.
3. On the VPN Virtual Server page, perform the following steps:
a. Set Gateway Settings ICA Only as true.

b. Set Enable Authentication as true.
c. DTLS is optional.
d. Make sure SSLv3 as Disabled.
4. A customized SSL Ciphers Group is created to attain A+ on https://www.ssllabs.com as shown below:
5. On the Configure Authentication SAML Server page, perform the following steps:
a. In the Name textbox, type the name of your server.

b. In the Redirect URL textbox, paste the value of Login URL which you have copied from the Azure portal.
c. In the Single Logout URL textbox, paste the value of Logout URL which you have copied from the
Azure portal.
d. In IDP Certificate Name, click the "+" sign to add the certificate which you have downloaded from the
Azure portal. After it is uploaded please select the certificate from the dropdown.
e. Following more fields need to be set on this page
f. Select Requested Authentication Context as Exact.

g. Select Signature Algorithm as RSA -SHA256.
h. Select Digest Method as SHA256.
i. Check Enforce Username.
j. Click OK
6. To configure the Session Profile, perform the following steps:
a. In the Name textbox, type the name of your session profile.

b. On the Client Experience tab, make the changes as shown in the screenshot below.
c. Continue making the changes on the General tab as shown below and click OK
d. On the Published Applications tab, make the changes as shown in the screenshot below and click OK.
e. On the Security tab, make the changes as shown in the screenshot below and click OK.
7. Make the ICA Connections connecting on Session Reliability Port 2598 as shown in the below screenshot.
8. On the SAML section, add the Servers as shown in the screenshot below.
9. On the SAML section, add the Policies as shown in the screenshot below.
10. On the Global Settings page, go to the Clientless Access section.

11. On the Configuration tab, perform the following steps:
a. Select Allow Domains.

b. In the Domain Name textbox, select the domain.
c. Click OK.
12. Make the StoreFront Settings on the Receiver for Web Sites as shown in the screenshot below:
13. On the Manage Authentication Methods - Corp pop-up, perform the following steps:
a. Select User name and password.
b. Select Pass-through from NetScaler Gateway.
c. Click OK.
14. On the Configure Trusted Domains pop-up, perform the following steps:
a. Select Trusted domains only.

b. Click on Add to add your domain in Trusted domains textbox.
c. Select Default Domain from your Default domain list.
d. Select Show domains list in logon page.
e. Click OK.
15. On the Manage NetScaler Gateways pop-up, perform the following steps:
a. Click on Add to add your NetScaler Gateways in NetScaler Gateways textbox.
b. Click Close.
16. On the StoreFront General Settings tab, perform the following steps:
a. In the Display name textbox type your NetScaler Gateway name.

b. In the NetScaler Gateway URL textbox type your NetScaler Gateway URL.
c. Select Usage or role as Authentication and HDX routing.
d. Click OK.
17. On the StoreFront Secure Ticket Authority tab, perform the following steps:
a. Click on Add button to add your Secure Ticket Authority URL's in the textbox.
b. Select Enable session reliability.
c. Click OK.
18. On the StoreFront Authentication Settings tab, perform the following steps:
a. Select your Version.
b. Select Logon type as Domain.
c. Enter your Callback URL.
d. Click OK.
19. On the StoreFront Deploy Citrix Receiver tab, perform the following steps:
a. Select Deployment option as Use Receiver for HTML5 if local Receiver is unavailable.
b. Click OK.
20. On the Manage Beacons pop-up, perform the following steps:
a. Select the Internal beacon as Use the service URL.
b. Click Add to add your URL's in the External beacons textbox.
c. Click OK.

b. In the User name field type **brittasimon@yourcompanydomain.extension**
d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Citrix NetScaler.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Citrix NetScaler.
2. In the applications list, select Citrix NetScaler.
Create Citrix NetScaler test user
In this section, a user called Britta Simon is created in Citrix NetScaler. Citrix NetScaler supports just-in-time user
exist in Citrix NetScaler, a new one is created after authentication.
NOTE
If you need to create a user manually, you need to contact the Citrix NetScaler Client support team.
Test single sign-on

When you click the Citrix NetScaler tile in the Access Panel, you should be automatically signed in to the Citrix
NetScaler for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Tutorial: Azure Active Directory integration with Citrix
ShareFile
In this tutorial, you learn how to integrate Citrix ShareFile with Azure Active Directory (Azure AD ). Integrating
Citrix ShareFile with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Citrix ShareFile.
You can enable your users to be automatically signed-in to Citrix ShareFile (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Citrix ShareFile, you need the following items:
Citrix ShareFile single sign-on enabled subscription
Citrix ShareFile supports SP initiated SSO
Adding Citrix ShareFile from the gallery

To configure the integration of Citrix ShareFile into Azure AD, you need to add Citrix ShareFile from the gallery to
To add Citrix ShareFile from the gallery, perform the following steps:
4. In the search box, type Citrix ShareFile, select Citrix ShareFile from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with Citrix ShareFile based on a test user called
Citrix ShareFile needs to be established.
To configure and test Azure AD single sign-on with Citrix ShareFile, you need to complete the following building
blocks:
2. Configure Citrix ShareFile Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Citrix ShareFile test user - to have a counterpart of Britta Simon in Citrix ShareFile that is linked to
To configure Azure AD single sign-on with Citrix ShareFile, perform the following steps:
1. In the Azure portal, on the Citrix ShareFile application integration page, select Single sign-on.
dialog.

https://<tenant-name>.sharefile.com/saml/login
b. In the Identifier (Entity ID ) textbox, type a URL using the following pattern:
https://<tenant-name>.sharefile.com
https://<tenant-name>.sharefile.com/saml/info
https://<tenant-name>.sharefile1.com/saml/info
https://<tenant-name>.sharefile1.eu/saml/info
https://<tenant-name>.sharefile.eu/saml/info
https://<tenant-name>.sharefile.com/saml/acs
https://<tenant-name>.sharefile.eu/saml/<URL path>
https://<tenant-name>.sharefile.com/saml/<URL path>
NOTE
These values are not real. Update these values with the actual Sign-On URL, Identifier and Reply URL. Contact Citrix
ShareFile Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
6. On the Set up Citrix ShareFile section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Citrix ShareFile Single Sign-On
1. In a different web browser window, log into your Citrix ShareFile company site as an administrator.
2. In the toolbar on the top, click Admin.
3. In the left navigation pane, select Configure Single Sign-On.
4. On the Single Sign-On/ SAML 2.0 Configuration dialog page under Basic Settings, perform the
following steps:
a. Click Enable SAML.

b. In Your IDP Issuer/ Entity ID textbox, paste the value of Azure Ad Identifier which you have copied
from Azure portal.
c. Click Change next to the X.509 Certificate field and then upload the certificate you downloaded from
the Azure portal.
d. In Login URL textbox, paste the value of Login URL which you have copied from Azure portal.
e. In Logout URL textbox, paste the value of Logout URL which you have copied from Azure portal.
5. Click Save on the Citrix ShareFile management portal.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Citrix ShareFile.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Citrix ShareFile.
2. In the applications list, type and select Citrix ShareFile.

Create Citrix ShareFile test user
In order to enable Azure AD users to log into Citrix ShareFile, they must be provisioned into Citrix ShareFile. In the
case of Citrix ShareFile, provisioning is a manual task.
1. Log in to your Citrix ShareFile tenant.
2. Click Manage Users > Manage Users Home > + Create Employee.
3. On the Basic Information section, perform below steps:
a. In the Email Address textbox, type the email address of Britta Simon as brittasimon@contoso.com.
b. In the First Name textbox, type first name of user as Britta.
c. In the Last Name textbox, type last name of user as Simon.
4. Click Add User.
NOTE
The Azure AD account holder will receive an email and follow a link to confirm their account before it becomes
active.You can use any other Citrix ShareFile user account creation tools or APIs provided by Citrix ShareFile to
Test single sign-on

When you click the Citrix ShareFile tile in the Access Panel, you should be automatically signed in to the Citrix
ShareFile for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Tutorial: Integrate Civic Platform with Azure Active
Directory
In this tutorial, you'll learn how to integrate Civic Platform with Azure Active Directory (Azure AD ). When you
integrate Civic Platform with Azure AD, you can:
Control in Azure AD who has access to Civic Platform.
Enable your users to be automatically signed-in to Civic Platform with their Azure AD accounts.
Prerequisites
Civic Platform single sign-on (SSO ) enabled subscription.
Civic Platform supports SP initiated SSO
Adding Civic Platform from the gallery

To configure the integration of Civic Platform into Azure AD, you need to add Civic Platform from the gallery to
5. In the Add from the gallery section, type Civic Platform in the search box.
6. Select Civic Platform from results panel and then add the app. Wait a few seconds while the app is added to
your tenant.

Configure and test Azure AD SSO with Civic Platform using a test user called B.Simon. For SSO to work, you
need to establish a link relationship between an Azure AD user and the related user in Civic Platform.
To configure and test Azure AD SSO with Civic Platform, complete the following building blocks:
2. Configure Civic Platform SSO - to configure the Single Sign-On settings on application side.
5. Create Civic Platform test user - to have a counterpart of B.Simon in Civic Platform that is linked to the
1. In the Azure portal, on the Civic Platform application integration page, find the Manage section and select
Single sign-on.
a. In the Sign on URL text box, type a URL using the following pattern: https://<SUBDOMAIN>.accela.com
b. In the Identifier (Entity ID ) text box, type a URL: civicplatform.accela.com
NOTE
The Sign on URL value is not real. Update this value with the actual Sign on URL. Contact Civic Platform Client
the Azure portal.
6. Navigate to Azure Active Directory > App registrations in Azure AD, select your application.
7. Copy the Directory (tenant) ID and store it into Notepad.
8. Copy the Application ID and store it into Notepad.
9. Navigate to Azure Active Directory > App registrations in Azure AD, select your application. Select
Certificates & secrets.
10. Select Client secrets -> New client secret.
11. Provide a description of the secret, and a duration. When done, select Add.
NOTE
After saving the client secret, the value of the client secret is displayed. Copy this value because you aren't able to
retrieve the key later.
Configure Civic Platform SSO

1. Open a new web browser window and sign into your Atlassian Cloud company site as an administrator.
2. Click on Standard Choices.
3. Create a standard choice ssoconfig.
4. Search for ssoconfig and submit.
5. Expand SSOCONFIG by clicking on red dot.
6. Provide SSO related configuration information in the following step:

a. In the applicationid field, enter the Application ID value, which you have copied from the Azure
portal.
b. In the clientSecret field, enter the Secret value, which you have copied from the Azure portal.
c. In the directoryId field, enter the Directory (tenant) ID value, which you have copied from the
Azure portal.
d. Enter the idpName. Ex:- Azure .
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Civic Platform.
2. In the applications list, select Civic Platform.
Create Civic Platform test user
In this section, you create a user called B.Simon in Civic Platform. Work with Civic Platform support team to add
the users in the Civic Platform Client support team. Users must be created and activated before you use single
sign-on.
Test SSO
When you click the Civic Platform tile in the Access Panel, you should be automatically signed in to the Civic
Platform for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Clarizen
In this tutorial, you learn how to integrate Clarizen with Azure Active Directory (Azure AD ). Integrating Clarizen
You can control in Azure AD who has access to Clarizen.
You can enable your users to be automatically signed-in to Clarizen (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Clarizen, you need the following items:
Clarizen single sign-on enabled subscription
Clarizen supports IDP initiated SSO
Adding Clarizen from the gallery

To configure the integration of Clarizen into Azure AD, you need to add Clarizen from the gallery to your list of
managed SaaS apps.
To add Clarizen from the gallery, perform the following steps:
4. In the search box, type Clarizen, select Clarizen from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Clarizen based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Clarizen
To configure and test Azure AD single sign-on with Clarizen, you need to complete the following building blocks:
2. Configure Clarizen Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Clarizen test user - to have a counterpart of Britta Simon in Clarizen that is linked to the Azure AD
To configure Azure AD single sign-on with Clarizen, perform the following steps:
1. In the Azure portal, on the Clarizen application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type a value: Clarizen
https://.clarizen.com/Clarizen/Pages/Integrations/SAML/SamlResponse.aspx
NOTE
These are not the real values. You have to use the actual identifier and reply URL. Here we suggest that you use the
unique value of a string as the identifier. To get the actual values, contact the Clarizen support team.
6. On the Set up Clarizen section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Clarizen Single Sign-On
1. In a different web browser window, sign in to your Clarizen company site as an administrator.
2. Click your username, and then click Settings.
3. Click the Global Settings tab. Then, next to Federated Authentication, click edit.
4. In the Federated Authentication dialog box, perform the following steps:

a. Select Enable Federated Authentication.
b. Click Upload to upload your downloaded certificate.
c. In the Sign-in URL box, enter the value of Login URL from the Azure AD application configuration
window.
d. In the Sign-out URL box, enter the value of Logout URL from the Azure AD application configuration
window.
e. Select Use POST.
f. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Clarizen.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Clarizen.
2. In the applications list, select Clarizen.
Create Clarizen test user
The objective of this section is to create a user called Britta Simon in Clarizen.
If you need to create user manually, please perform following steps:
To enable Azure AD users to sign in to Clarizen, you must provision user accounts. In the case of Clarizen,
1. Sign in to your Clarizen company site as an administrator.
2. Click People.
3. Click Invite User.
4. In the Invite People dialog box, perform the following steps:
a. In the Email box, type the email address of the Britta Simon account.
b. Click Invite.
NOTE
becomes active.
Test single sign-on

When you click the Clarizen tile in the Access Panel, you should be automatically signed in to the Clarizen for which
Tutorial: Azure Active Directory integration with Clear
Review
In this tutorial, you learn how to integrate Clear Review with Azure Active Directory (Azure AD ). Integrating Clear
Review with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Clear Review.
You can enable your users to be automatically signed-in to Clear Review (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Clear Review, you need the following items:
Clear Review single sign-on enabled subscription
Clear Review supports SP and IDP initiated SSO
Adding Clear Review from the gallery

To configure the integration of Clear Review into Azure AD, you need to add Clear Review from the gallery to your
To add Clear Review from the gallery, perform the following steps:
4. In the search box, type Clear Review, select Clear Review from result panel then click Add button to add
the application.

In this section, you configure and test Azure AD single sign-on with Clear Review based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Clear
Review needs to be established.
To configure and test Azure AD single sign-on with Clear Review, you need to complete the following building
blocks:
2. Configure Clear Review Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Clear Review test user - to have a counterpart of Britta Simon in Clear Review that is linked to the
To configure Azure AD single sign-on with Clear Review, perform the following steps:
1. In the Azure portal, on the Clear Review application integration page, select Single sign-on.
dialog.
https://<customer name>.clearreview.com/sso/metadata/
https://<customer name>.clearreview.com/sso/acs/
initiated mode:
https://<customer name>.clearreview.com
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact Clear
Review Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
6. Clear Review application expects the SAML assertions in a specific format, which requires you to add
the list of default attributes, where as nameidentifier is mapped with user.userprincipalname. Clear
Review application expects nameidentifier to be mapped with user.mail, so you need to edit the attribute
mapping by clicking on Edit icon and change the attribute mapping.
7. On the User Attributes & Claims dialog, perform the following steps:
a. Click Edit icon on the right of Name identifier value.
b. From the Source attribute list, select the user.mail attribute value for that row.
c. Click Save.
9. On the Set up Clear Review section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Clear Review Single Sign-On
1. To configure single sign-on on Clear Review side, open the Clear Review portal with admin credentials.
2. Select Admin from the left navigation.
3. In the Integrations section at the bottom of the page click the Change button to the right of Single Sign-
On Settings.
4. Perform following steps on Single Sign-On Settings page

a. In the Issuer URL textbox, paste the value of Azure AD Identifier which you have copied from Azure
portal.
b. In the SAML Endpoint textbox, paste the value of Login URL which you have copied from Azure portal.
c. In the SLO Endpoint textbox, paste the value of Logout URL which you have copied from Azure portal.
d. Open the downloaded certificate in notepad and paste the content in the X.509 Certificate textbox.
e. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Clear Review.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Clear Review.
2. In the applications list, select Clear Review.

Create Clear Review test user
In this section, you create a user called Britta Simon in Clear Review. Please work with Clear Review support team
to add the users in the Clear Review platform.
Test single sign-on
When you click the Clear Review tile in the Access Panel, you should be automatically signed in to the Clear Review
ClearCompany
In this tutorial, you learn how to integrate ClearCompany with Azure Active Directory (Azure AD ). Integrating
ClearCompany with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to ClearCompany.
You can enable your users to be automatically signed-in to ClearCompany (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with ClearCompany, you need the following items:
ClearCompany single sign-on enabled subscription
ClearCompany supports SP and IDP initiated SSO
Adding ClearCompany from the gallery

To configure the integration of ClearCompany into Azure AD, you need to add ClearCompany from the gallery to
To add ClearCompany from the gallery, perform the following steps:
4. In the search box, type ClearCompany, select ClearCompany from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with ClearCompany based on a test user called
ClearCompany needs to be established.
To configure and test Azure AD single sign-on with ClearCompany, you need to complete the following building
blocks:
2. Configure ClearCompany Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create ClearCompany test user - to have a counterpart of Britta Simon in ClearCompany that is linked to the
To configure Azure AD single sign-on with ClearCompany, perform the following steps:
1. In the Azure portal, on the ClearCompany application integration page, select Single sign-on.
dialog.
In the Identifier text box, type a URL using the following pattern: https://api.clearcompany.com
initiated mode:
https://<companyname>.clearcompany.com
NOTE
The Sign-on URL value is not real. Update the value with the actual Sign-on URL. Contact ClearCompany Client
the Azure portal.
7. On the Set up ClearCompany section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure ClearCompany Single Sign-On
To configure single sign-on on ClearCompany side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to ClearCompany support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to ClearCompany.
1. In the Azure portal, select Enterprise Applications, select All applications, then select ClearCompany.
2. In the applications list, select ClearCompany.

Create ClearCompany test user
In this section, you create a user called Britta Simon in ClearCompany. Work with ClearCompany support team to
add the users in the ClearCompany platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the ClearCompany tile in the Access Panel, you should be automatically signed in to the
ClearCompany for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Clever
In this tutorial, you learn how to integrate Clever with Azure Active Directory (Azure AD ). Integrating Clever with
You can control in Azure AD who has access to Clever.
You can enable your users to be automatically signed-in to Clever (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Clever, you need the following items:
Clever single sign-on enabled subscription
Clever supports SP initiated SSO
Adding Clever from the gallery

To configure the integration of Clever into Azure AD, you need to add Clever from the gallery to your list of
managed SaaS apps.
To add Clever from the gallery, perform the following steps:
4. In the search box, type Clever, select Clever from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Clever based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Clever
To configure and test Azure AD single sign-on with Clever, you need to complete the following building blocks:
2. Configure Clever Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Clever test user - to have a counterpart of Britta Simon in Clever that is linked to the Azure AD
To configure Azure AD single sign-on with Clever, perform the following steps:
1. In the Azure portal, on the Clever application integration page, select Single sign-on.
dialog.

https://clever.com/in/<companyname>
b. In the Identifier (Entity ID ) text box, type a URL: https://clever.com/oauth/saml/metadata.xml
NOTE
The Sign on URL value is not real. Update the value with the actual Sign on URL. Contact Clever Client support team
portal.
5. Clever application expects the SAML assertions in a specific format. Configure the following claims for this
Attributes dialog.
clever.teacher.credentials.district_username user.userprincipalname
clever.student.credentials.district_username user.userprincipalname
clever.staff.credentials.district_username user.userprincipalname
Firstname user.givenname
Lastname user.surname
f. Click Ok
g. Click Save.
Configure Clever Single Sign-On
1. In a different web browser window, log in to your Clever company site as an administrator.
2. In the toolbar, click Instant Login.
NOTE
Before you can Test single sign-on, You have to contact Clever Client support team to enable Office 365 SSO in the
back end.
3. On the Instant Login page, perform the following steps:

a. Type the Login URL.
NOTE
The Login URL is a custom value. Contact Clever Client support team to get this value.
b. As Identity System, select ADFS.

c. In the Metadata URL textbox, paste App Federation Metadata Url value which you have copied from
the Azure portal.
d. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Clever.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Clever.
2. In the applications list, select Clever.

Create Clever test user
To enable Azure AD users to log in to Clever, they must be provisioned into Clever.
In case of Clever, Work with Clever Client support team to add the users in the Clever platform. Users must be
NOTE
You can use any other Clever user account creation tools or APIs provided by Clever to provision Azure AD user accounts.
Test single sign-on
When you click the Clever tile in the Access Panel, you should be automatically signed in to the Clever for which
Tutorial: Integrate Clever Nelly with Azure Active
Directory
In this tutorial, you'll learn how to integrate Clever Nelly with Azure Active Directory (Azure AD ). When you integrate
Clever Nelly with Azure AD, you can:
Control in Azure AD who has access to Clever Nelly.
Enable your users to be automatically signed-in to Clever Nelly with their Azure AD accounts.
To learn more about SaaS app integration with Azure AD, see What is application access and single sign-on with Azure
Active Directory.
Prerequisites
Clever Nelly single sign-on (SSO ) enabled subscription.
In this tutorial, you configure and test Azure AD SSO in a test environment. Clever Nelly supports SP and IDP initiated
SSO.
Adding Clever Nelly from the gallery

To configure the integration of Clever Nelly into Azure AD, you need to add Clever Nelly from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Clever Nelly in the search box.
6. Select Clever Nelly from results panel and then add the app. Wait a few seconds while the app is added to your tenant.

Configure and test Azure AD SSO with Clever Nelly using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Clever Nelly.
To configure and test Azure AD SSO with Clever Nelly, complete the following building blocks:
2. Configure Clever Nelly SSO - to configure the Single Sign-On settings on application side.
5. Create Clever Nelly test user - to have a counterpart of Britta Simon in Clever Nelly that is linked to the Azure AD
1. In the Azure portal, on the Clever Nelly application integration page, find the Manage section and select Single
sign-on.
3. On the Set up Single Sign-On with SAML page, click the edit/pen icon for Basic SAML Configuration to edit
the settings.
4. On the Basic SAML Configuration section, if you wish to configure the application in IDP initiated mode, enter the
values for the following fields:
a. In the Identifier text box, type a URL:
ENVIRONMENT URL PATTERN
Test https://test.elephantsdontforget.com/plato
Production https://secure.elephantsdontforget.com/plato
b. In the Reply URL text box, type a URL:
Test https://test.elephantsdontforget.com/plato/callback?
client_name=SAML2Client
Production https://secure.elephantsdontforget.com/plato/callback?
client_name=SAML2Client
5. Click Set additional URLs and perform the following step if you wish to configure the application in SP initiated
mode:
In the Sign-on URL text box, type a URL:
Test https://test.elephantsdontforget.com/plato/sso/microsoft/index.xhtml
Production https://secure.elephantsdontforget.com/plato/sso/microsoft/index.xhtml
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact Clever Nelly Client
support team to get these values. You can also refer to the patterns shown in the Basic SAML Configuration section in the
Azure portal.
6. On the Set up Single Sign-On with SAML page, In the SAML Signing Certificate section, click copy button to
copy App Federation Metadata Url and save it on your computer.
Configure Clever Nelly SSO

To configure single sign-on on Clever Nelly side, you need to send the App Federation Metadata Url to Clever Nelly
b. In the User name field, enter the username@companydomain.extension. For example, B.Simon@contoso.com .
c. Select the Show password check box, and then write down the value that's displayed in the Password box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Clever Nelly.
2. In the applications list, select Clever Nelly.
5. In the Users and groups dialog, select B.Simon from the Users list, then click the Select button at the bottom of the
screen.
6. If you're expecting any role value in the SAML assertion, in the Select Role dialog, select the appropriate role for the
user from the list and then click the Select button at the bottom of the screen.
Create Clever Nelly test user
In this section, you create a user called Britta Simon in Clever Nelly. Work with Clever Nelly support team to add the users
in the Clever Nelly platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the Clever Nelly tile in the Access Panel, you should be automatically signed in to the Clever Nelly for which
ClickTime
In this tutorial, you learn how to integrate ClickTime with Azure Active Directory (Azure AD ). Integrating ClickTime
You can control in Azure AD who has access to ClickTime.
You can enable your users to be automatically signed-in to ClickTime (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with ClickTime, you need the following items:
ClickTime single sign-on enabled subscription
ClickTime supports IDP initiated SSO
Adding ClickTime from the gallery

To configure the integration of ClickTime into Azure AD, you need to add ClickTime from the gallery to your list of
managed SaaS apps.
To add ClickTime from the gallery, perform the following steps:
4. In the search box, type ClickTime, select ClickTime from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with ClickTime based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in ClickTime
To configure and test Azure AD single sign-on with ClickTime, you need to complete the following building blocks:
2. Configure ClickTime Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create ClickTime test user - to have a counterpart of Britta Simon in ClickTime that is linked to the Azure AD
To configure Azure AD single sign-on with ClickTime, perform the following steps:
1. In the Azure portal, on the ClickTime application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type a URL: https://app.clicktime.com/sp/
https://app.clicktime.com/Login/
https://app.clicktime.com/App/Login/Consume.aspx
6. On the Set up ClickTime section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure ClickTime Single Sign-On
1. In a different web browser window, log into your ClickTime company site as an administrator.
2. In the toolbar on the top, click Preferences, and then click Security Settings.
3. In the Single Sign-On Preferences configuration section, perform the following steps:
a. Select Allow sign-in using Single Sign-On (SSO ) with Azure AD.
b. In the Identity Provider Endpoint textbox, paste Login URL which you have copied from Azure portal.
c. Open the base-64 encoded certificate downloaded from Azure portal in Notepad, copy the content,
and then paste it into the X.509 Certificate textbox.
d. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to ClickTime.
1. In the Azure portal, select Enterprise Applications, select All applications, then select ClickTime.
2. In the applications list, select ClickTime.

Create ClickTime test user
In order to enable Azure AD users to log into ClickTime, they must be provisioned into ClickTime.
In the case of ClickTime, provisioning is a manual task.
NOTE
You can use any other ClickTime user account creation tools or APIs provided by ClickTime to provision Azure AD user
accounts.
1. Log in to your ClickTime tenant.
2. In the toolbar on the top, click Company, and then click People.
3. Click Add Person.
4. In the New Person section, perform the following steps:
a. In the full name textbox, type full name of user like Britta Simon.
b. In the email address textbox, type the email of user like brittasimon@contoso.com.
NOTE
If you want to, you can set additional properties of the new person object.
c. Click Save.
Test single sign-on
When you click the ClickTime tile in the Access Panel, you should be automatically signed in to the ClickTime for
ClickUp Productivity Platform
In this tutorial, you learn how to integrate ClickUp Productivity Platform with Azure Active Directory (Azure AD ).
Integrating ClickUp Productivity Platform with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to ClickUp Productivity Platform.
You can enable your users to be automatically signed-in to ClickUp Productivity Platform (Single Sign-On) with
you begin.
Prerequisites
To configure Azure AD integration with ClickUp Productivity Platform, you need the following items:
ClickUp Productivity Platform single sign-on enabled subscription
ClickUp Productivity Platform supports SP initiated SSO
Adding ClickUp Productivity Platform from the gallery

To configure the integration of ClickUp Productivity Platform into Azure AD, you need to add ClickUp Productivity
Platform from the gallery to your list of managed SaaS apps.
To add ClickUp Productivity Platform from the gallery, perform the following steps:
4. In the search box, type ClickUp Productivity Platform, select ClickUp Productivity Platform from

In this section, you configure and test Azure AD single sign-on with ClickUp Productivity Platform based on a test
user in ClickUp Productivity Platform needs to be established.
To configure and test Azure AD single sign-on with ClickUp Productivity Platform, you need to complete the
2. Configure ClickUp Productivity Platform Single Sign-On - to configure the Single Sign-On settings on
application side.
5. Create ClickUp Productivity Platform test user - to have a counterpart of Britta Simon in ClickUp
Productivity Platform that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with ClickUp Productivity Platform, perform the following steps:
1. In the Azure portal, on the ClickUp Productivity Platform application integration page, select Single
sign-on.
dialog.

a. In the Sign on URL text box, type a URL: https://app.clickup.com/login/sso
https://api.clickup.com/v1/team/<team_id>/microsoft
NOTE
The Identifier value is not real. Update this value with the actual Identifier, which is explained later in this tutorial.
Configure ClickUp Productivity Platform Single Sign-On

1. In a different web browser window, sign-on to your ClickUp Productivity Platform tenant as an
administrator.
2. Click on the User profile and select Settings.
3. Select Microsoft, under Single Sign-On (SSO ) Provider.
4. On the Configure Microsoft Single Sign On page, perform the following steps:
a. Click Copy to copy the Entity ID value and paste it into the Identifier (Entity ID ) textbox in the Basic
b. In the Azure Federation Metadata URL textbox, paste the App Federation Metadata Url value, which
you have copied from the Azure portal and then click Save.
5. To complete the setup, click Authenticate With Microsoft to complete setup and authenticate with
microsoft account.


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to ClickUp Productivity
Platform.
1. In the Azure portal, select Enterprise Applications, select All applications, then select ClickUp
Productivity Platform.
2. In the applications list, select ClickUp Productivity Platform.

Create ClickUp Productivity Platform test user
1. In a different web browser window, sign-on to your ClickUp Productivity Platform tenant as an
administrator.
2. Click on the User profile and select Users.
3. Enter the email address of the user in the textbox and click Invite.
NOTE
The user will get the notification and they must accept the invitation to activate the account.
Test single sign-on

When you click the ClickUp Productivity Platform tile in the Access Panel, you should be automatically signed in to
the ClickUp Productivity Platform for which you set up SSO. For more information about the Access Panel, see
Cloud Management Portal for Microsoft Azure
In this tutorial, you learn how to integrate Cloud Management Portal for Microsoft Azure with Azure Active
Directory (Azure AD ). Integrating Cloud Management Portal for Microsoft Azure with Azure AD provides you with
the following benefits:
You can control in Azure AD who has access to Cloud Management Portal for Microsoft Azure.
You can enable your users to be automatically signed-in to Cloud Management Portal for Microsoft Azure
(Single Sign-On) with their Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Cloud Management Portal for Microsoft Azure, you need the following
items:
Cloud Management Portal for Microsoft Azure single sign-on enabled subscription
Cloud Management Portal for Microsoft Azure supports SP initiated SSO
Adding Cloud Management Portal for Microsoft Azure from the gallery
To configure the integration of Cloud Management Portal for Microsoft Azure into Azure AD, you need to add
Cloud Management Portal for Microsoft Azure from the gallery to your list of managed SaaS apps.
To add Cloud Management Portal for Microsoft Azure from the gallery, perform the following steps:
4. In the search box, type Cloud Management Portal for Microsoft Azure, select Cloud Management
Portal for Microsoft Azure from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Cloud Management Portal for Microsoft Azure
based on a test user called Britta Simon. For single sign-on to work, a link relationship between an Azure AD user
and the related user in Cloud Management Portal for Microsoft Azure needs to be established.
To configure and test Azure AD single sign-on with Cloud Management Portal for Microsoft Azure, you need to
complete the following building blocks:
2. Configure Cloud Management Portal for Microsoft Azure Single Sign-On - to configure the Single Sign-
On settings on application side.
5. Create Cloud Management Portal for Microsoft Azure test user - to have a counterpart of Britta Simon in
Cloud Management Portal for Microsoft Azure that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with Cloud Management Portal for Microsoft Azure, perform the following
steps:
1. In the Azure portal, on the Cloud Management Portal for Microsoft Azure application integration page,
dialog.

https://portal.newsignature.com/<instancename>
https://portal.igcm.com/<instancename>
https://<subdomain>.igcm.com
https://<subdomain>.newsignature.com
https://<subdomain>.igcm.com/<instancename>
https://<subdomain>.newsignature.com
https://<subdomain>.newsignature.com/<instancename>
NOTE
These values are not real. Update these values with the actual Sign-On URL, Identifier and Reply URL. Contact Cloud
Management Portal for Microsoft Azure Client support team to get these values. You can also refer to the patterns
6. On the Set up Cloud Management Portal for Microsoft Azure section, copy the appropriate URL (s) as
a. Login URL
c. Logout URL
Configure Cloud Management Portal for Microsoft Azure Single Sign-On
To configure single sign-on on Cloud Management Portal for Microsoft Azure side, you need to send the
downloaded Certificate (Base64) and appropriate copied URLs from Azure portal to Cloud Management Portal
for Microsoft Azure support team. They set this setting to have the SAML SSO connection set properly on both
sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Cloud Management
Portal for Microsoft Azure.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Cloud
Management Portal for Microsoft Azure.
2. In the applications list, select Cloud Management Portal for Microsoft Azure.
Create Cloud Management Portal for Microsoft Azure test user
In this section, you create a user called Britta Simon in Cloud Management Portal for Microsoft Azure. Work
with Cloud Management Portal for Microsoft Azure support team to add the users in the Cloud Management
Portal for Microsoft Azure platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Cloud Management Portal for Microsoft Azure tile in the Access Panel, you should be
automatically signed in to the Cloud Management Portal for Microsoft Azure for which you set up SSO. For more
integration with Cloudmore
In this tutorial, you'll learn how to integrate Cloudmore with Azure Active Directory (Azure AD ). When you
integrate Cloudmore with Azure AD, you can:
Control in Azure AD who has access to Cloudmore.
Enable your users to be automatically signed-in to Cloudmore with their Azure AD accounts.
Prerequisites
Cloudmore single sign-on (SSO ) enabled subscription.
Cloudmore supports SP and IDP initiated SSO
Adding Cloudmore from the gallery

To configure the integration of Cloudmore into Azure AD, you need to add Cloudmore from the gallery to your list
5. In the Add from the gallery section, type Cloudmore in the search box.
6. Select Cloudmore from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Cloudmore

Configure and test Azure AD SSO with Cloudmore using a test user called B.Simon. For SSO to work, you need
to establish a link relationship between an Azure AD user and the related user in Cloudmore.
To configure and test Azure AD SSO with Cloudmore, complete the following building blocks:
2. Configure Cloudmore SSO - to configure the single sign-on settings on application side.
Create Cloudmore test user - to have a counterpart of B.Simon in Cloudmore that is linked to the

1. In the Azure portal, on the Cloudmore application integration page, find the Manage section and select
single sign-on.
edit the settings.
initiated mode:
In the Sign-on URL text box, type a URL: https://www.cloudmore.com
6. Click Save.
7. Cloudmore application expects the SAML assertions in a specific format, which requires you to add custom
default attributes.
8. In addition to above, Cloudmore application expects few more attributes to be passed back in SAML
your requirements.
Test_name user.companyname
Mail user.userprincipalname

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Cloudmore.
2. In the applications list, select Cloudmore.
Configure Cloudmore SSO

To configure single sign-on on Cloudmore side, you need to send the App Federation Metadata Url to
Cloudmore support team. They set this setting to have the SAML SSO connection set properly on both sides.
Create Cloudmore test user
In this section, you create a user called B.Simon in Cloudmore. Work with Cloudmore support team to add the
users in the Cloudmore platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the Cloudmore tile in the Access Panel, you should be automatically signed in to the Cloudmore for
Try Cloudmore with Azure AD
CloudPassage
In this tutorial, you learn how to integrate CloudPassage with Azure Active Directory (Azure AD ). Integrating
CloudPassage with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to CloudPassage.
You can enable your users to be automatically signed-in to CloudPassage (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with CloudPassage, you need the following items:
CloudPassage single sign-on enabled subscription
CloudPassage supports SP initiated SSO
Adding CloudPassage from the gallery

To configure the integration of CloudPassage into Azure AD, you need to add CloudPassage from the gallery to
To add CloudPassage from the gallery, perform the following steps:
4. In the search box, type CloudPassage, select CloudPassage from result panel then click Add button to add
the application.

In this section, you configure and test Azure AD single sign-on with CloudPassage based on a test user called
CloudPassage needs to be established.
To configure and test Azure AD single sign-on with CloudPassage, you need to complete the following building
blocks:
2. Configure CloudPassage Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create CloudPassage test user - to have a counterpart of Britta Simon in CloudPassage that is linked to the
To configure Azure AD single sign-on with CloudPassage, perform the following steps:
1. In the Azure portal, on the CloudPassage application integration page, select Single sign-on.
dialog.

https://portal.cloudpassage.com/saml/init/accountid
https://portal.cloudpassage.com/saml/consume/accountid . You can get your value for this attribute by clicking
SSO Setup documentation in the Single Sign-on Settings section of your CloudPassage portal.
NOTE
These values are not real. Update these values with the actual Sign-On URL and Reply URL. Contact CloudPassage
5. CloudPassage application expects the SAML assertions in a specific format. Configure the following claims
email user.mail
f. Click Ok
g. Click Save.
8. On the Set up CloudPassage section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure CloudPassage Single Sign-On
1. In a different browser window, sign-on to your CloudPassage company site as administrator.
2. In the menu on the top, click Settings, and then click Site Administration.
3. Click the Authentication Settings tab.
4. In the Single Sign-on Settings section, perform the following steps:

a. Select Enable Single sign-on(SSO )(SSO Setup Documentation) checkbox.
b. Paste Azure Ad Identifier into the SAML issuer URL textbox.
c. Paste Login URL into the SAML endpoint URL textbox.
d. Paste Logout URL into the Logout landing page textbox.
e. Open your downloaded certificate in notepad, copy the content of downloaded certificate into your
clipboard, and then paste it into the x 509 certificate textbox.
f. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to CloudPassage.
1. In the Azure portal, select Enterprise Applications, select All applications, then select CloudPassage.
2. In the applications list, select CloudPassage.

Create CloudPassage test user
The objective of this section is to create a user called Britta Simon in CloudPassage.
To create a user called Britta Simon in CloudPassage, perform the following steps:
1. Sign-on to your CloudPassage company site as an administrator.
2. In the toolbar on the top, click Settings, and then click Site Administration.
3. Click the Users tab, and then click Add New User.
4. In the Add New User section, perform the following steps:
a. In the First Name textbox, type Britta.

b. In the Last Name textbox, type Simon.
c. In the Username textbox, the Email textbox and the Retype Email textbox, type Britta's user name in
Azure AD.
d. As Access Type, select Enable Halo Portal Access.
e. Click Add.
Test single sign-on
When you click the CloudPassage tile in the Access Panel, you should be automatically signed in to the
CloudPassage for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Cloud Service PICCO
In this tutorial, you learn how to integrate Cloud Service PICCO with Azure Active Directory (Azure AD ).
Integrating Cloud Service PICCO with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Cloud Service PICCO.
You can enable your users to be automatically signed-in to Cloud Service PICCO (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Cloud Service PICCO, you need the following items:
Cloud Service PICCO single sign-on enabled subscription
Cloud Service PICCO supports SP initiated SSO
Cloud Service PICCO supports Just In Time user provisioning
Adding Cloud Service PICCO from the gallery

To configure the integration of Cloud Service PICCO into Azure AD, you need to add Cloud Service PICCO from
To add Cloud Service PICCO from the gallery, perform the following steps:
4. In the search box, type Cloud Service PICCO, select Cloud Service PICCO from result panel then click

In this section, you configure and test Azure AD single sign-on with Cloud Service PICCO based on a test user
in Cloud Service PICCO needs to be established.
To configure and test Azure AD single sign-on with Cloud Service PICCO, you need to complete the following
building blocks:
2. Configure Cloud Service PICCO Single Sign-On - to configure the Single Sign-On settings on application
side.
4. Create Cloud Service PICCO test user - to have a counterpart of Britta Simon in Cloud Service PICCO that is
To configure Azure AD single sign-on with Cloud Service PICCO, perform the following steps:
1. In the Azure portal, on the Cloud Service PICCO application integration page, select Single sign-on.
dialog.

https://.cloudservicepicco.com/app
b. In the Identifier box, type a URL using the following pattern: .cloudservicepicco.com
https://.cloudservicepicco.com/app
NOTE
These values are not real. Update these values with the actual Sign-On URL, Identifier and Reply URL. Contact Cloud
Service PICCO Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
Configure Cloud Service PICCO Single Sign-On

To configure single sign-on on Cloud Service PICCO side, you need to send the App Federation Metadata Url
to Cloud Service PICCO support team. They set this setting to have the SAML SSO connection set properly on
both sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Cloud Service PICCO.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Cloud Service
PICCO.
2. In the applications list, select Cloud Service PICCO.
Create Cloud Service PICCO test user
In this section, a user called Britta Simon is created in Cloud Service PICCO. Cloud Service PICCO supports just-in-
already exist in Cloud Service PICCO, a new one is created after authentication.
Test single sign-on
When you click the Cloud Service PICCO tile in the Access Panel, you should be automatically signed in to the
Cloud Service PICCO for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
integration with Cobalt
In this tutorial, you'll learn how to integrate Cobalt with Azure Active Directory (Azure AD ). When you integrate
Cobalt with Azure AD, you can:
Control in Azure AD who has access to Cobalt.
Enable your users to be automatically signed-in to Cobalt with their Azure AD accounts.
Prerequisites
Cobalt single sign-on (SSO ) enabled subscription.
Cobalt supports SP initiated SSO
NOTE
Adding Cobalt from the gallery

To configure the integration of Cobalt into Azure AD, you need to add Cobalt from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Cobalt in the search box.
6. Select Cobalt from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Cobalt

Configure and test Azure AD SSO with Cobalt using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Cobalt.
To configure and test Azure AD SSO with Cobalt, complete the following building blocks:
2. Configure Cobalt SSO - to configure the single sign-on settings on application side.
a. Create Cobalt test user - to have a counterpart of B.Simon in Cobalt that is linked to the Azure AD

1. In the Azure portal, on the Cobalt application integration page, find the Manage section and select single
sign-on.
edit the settings.
https://brightside-prod-<INSTANCENAME>.cobaltdl.com
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact Cobalt Client support team to get the
5. Cobalt application expects the SAML assertions in a specific format, which requires you to add custom
default attributes.
6. In addition to above, Cobalt application expects few more attributes to be passed back in SAML response
requirement.
Mail user.mail
Othermail user.othermail
8. On the Set up Cobalt section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Cobalt.
2. In the applications list, select Cobalt.
Configure Cobalt SSO

To configure single sign-on on Cobalt side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to Cobalt support team. They set this setting to have the SAML SSO
Create Cobalt test user
In this section, you create a user called B.Simon in Cobalt. Work with Cobalt support team to add the users in the
Cobalt platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the Cobalt tile in the Access Panel, you should be automatically signed in to the Cobalt for which
Try Cobalt with Azure AD
Tutorial: Integrate Cognidox with Azure Active
Directory
In this tutorial, you'll learn how to integrate Cognidox with Azure Active Directory (Azure AD ). When you integrate
Cognidox with Azure AD, you can:
Control in Azure AD who has access to Cognidox.
Enable your users to be automatically signed-in to Cognidox with their Azure AD accounts.
Prerequisites
Cognidox single sign-on (SSO ) enabled subscription.
Cognidox supports SP and IDP initiated SSO
Cognidox supports Just In Time user provisioning
Adding Cognidox from the gallery

To configure the integration of Cognidox into Azure AD, you need to add Cognidox from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Cognidox in the search box.
6. Select Cognidox from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.

Configure and test Azure AD SSO with Cognidox using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Cognidox.
To configure and test Azure AD SSO with Cognidox, complete the following building blocks:
2. Configure Cognidox SSO - to configure the Single Sign-On settings on application side.
5. Create Cognidox test user - to have a counterpart of B.Simon in Cognidox that is linked to the Azure AD
1. In the Azure portal, on the Cognidox application integration page, find the Manage section and select
Single sign-on.
a. In the Identifier text box, type a URL using the following pattern: urn:net.cdox.<YOURCOMPANY>
https://<YOURCOMPANY>.cdox.net/auth/postResponse
initiated mode:
In the Sign-on URL text box, type a URL using the following pattern: https://<YOURCOMPANY>.cdox.net/
NOTE
Cognidox Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
6. Cognidox application expects the SAML assertions in a specific format, which requires you to add custom
7. In addition to above, Cognidox application expects few more attributes to be passed back in SAML
NAME NAMESPACE TRANSFORMATION PARAMETER 1
wanshort http://appinux.com/windo ExtractMailPrefix() user.userprincipalname

wsaccountname2
c. In the Namespace textbox, type the namespace shown for that row.
d. Select Source as Transformation.
e. From the Transformation list, type the value shown for that row.
f. From the Parameter 1 list, type the value shown for that row.
g. Click Save.
computer.
9. On the Set up Cognidox section, copy the appropriate URL (s) based on your requirement.
Configure Cognidox SSO

To configure single sign-on on Cognidox side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to Cognidox support team. They set this setting to have the SAML
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Cognidox.
2. In the applications list, select Cognidox.
Create Cognidox test user
In this section, a user called B.Simon is created in Cognidox. Cognidox supports just-in-time user provisioning,
Cognidox, a new one is created after authentication.
Test SSO
When you click the Cognidox tile in the Access Panel, you should be automatically signed in to the Cognidox for
Collaborative Innovation
In this tutorial, you learn how to integrate Collaborative Innovation with Azure Active Directory (Azure AD ).
Integrating Collaborative Innovation with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Collaborative Innovation.
You can enable your users to be automatically signed-in to Collaborative Innovation (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Collaborative Innovation, you need the following items:
Collaborative Innovation single sign-on enabled subscription
Collaborative Innovation supports SP initiated SSO
Collaborative Innovation supports just in time user provisioning
Adding Collaborative Innovation from the gallery

To configure the integration of Collaborative Innovation into Azure AD, you need to add Collaborative Innovation
To add Collaborative Innovation from the gallery, perform the following steps:
4. In the search box, type Collaborative Innovation, select Collaborative Innovation from result panel

In this section, you configure and test Azure AD single sign-on with Collaborative Innovation based on a test user
in Collaborative Innovation needs to be established.
To configure and test Azure AD single sign-on with Collaborative Innovation, you need to complete the following
building blocks:
2. Configure Collaborative Innovation Single Sign-On - to configure the Single Sign-On settings on
application side.
5. Create Collaborative Innovation test user - to have a counterpart of Britta Simon in Collaborative
Innovation that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with Collaborative Innovation, perform the following steps:
1. In the Azure portal, on the Collaborative Innovation application integration page, select Single sign-on.
dialog.

https://<instancename>.foundry.<companyname>.com/
https://<instancename>.foundry.<companyname>.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Collaborative
Innovation Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
5. Collaborative Innovation application expects the SAML assertions in a specific format. Configure the
givenname user.givenname
surname user.surname
emailaddress user.userprincipalname
f. Click Ok
g. Click Save.
8. On the Set up Collaborative Innovation section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Collaborative Innovation Single Sign-On
To configure single sign-on on Collaborative Innovation side, you need to send the downloaded Federation
Metadata XML and appropriate copied URLs from Azure portal to Collaborative Innovation support team. They

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Collaborative Innovation.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Collaborative
Innovation.
2. In the applications list, select Collaborative Innovation.

Create Collaborative Innovation test user
To enable Azure AD users to log in to Collaborative Innovation, they must be provisioned into Collaborative
Innovation.
In case of this application provisioning is automatic as the application supports just in time user provisioning. So
there is no need to perform any steps here.
Test single sign-on
When you click the Collaborative Innovation tile in the Access Panel, you should be automatically signed in to the
Collaborative Innovation for which you set up SSO. For more information about the Access Panel, see Introduction
In this tutorial, you learn how to integrate Comeet Recruiting Software with Azure Active Directory (Azure AD ).
Integrating Comeet Recruiting Software with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Comeet Recruiting Software.
You can enable your users to be automatically signed-in to Comeet Recruiting Software (Single Sign-On) with
you begin.
Prerequisites
To configure Azure AD integration with Comeet Recruiting Software, you need the following items:
Comeet Recruiting Software single sign-on enabled subscription
Comeet Recruiting Software supports SP and IDP initiated SSO
Adding Comeet Recruiting Software from the gallery

To configure the integration of Comeet Recruiting Software into Azure AD, you need to add Comeet Recruiting
Software from the gallery to your list of managed SaaS apps.
To add Comeet Recruiting Software from the gallery, perform the following steps:
4. In the search box, type Comeet Recruiting Software, select Comeet Recruiting Software from result

In this section, you configure and test Azure AD single sign-on with Comeet Recruiting Software based on a test
user in Comeet Recruiting Software needs to be established.
To configure and test Azure AD single sign-on with Comeet Recruiting Software, you need to complete the
2. Configure Comeet Recruiting Software Single Sign-On - to configure the Single Sign-On settings on
application side.
5. Create Comeet Recruiting Software test user - to have a counterpart of Britta Simon in Comeet Recruiting
Software that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with Comeet Recruiting Software, perform the following steps:
1. In the Azure portal, on the Comeet Recruiting Software application integration page, select Single sign-
on.
dialog.
https://app.comeet.co/adfs_auth/acs/<UNIQUEID>/
https://app.comeet.co/adfs_auth/acs/<UNIQUEID>/
NOTE
These values are not real. Update these values with the actual Identifier, and Reply URL. Contact Comeet Recruiting
Software Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
initiated mode:
In the Sign-on URL text box, type a URL: https://app.comeet.co
6. Comeet Recruiting Software application expects the SAML assertions in a specific format. Configure the
nameidentifier user.mail
comeet_id user.userprincipalname
f. Click Ok
g. Click Save.
9. On the Set up Comeet Recruiting Software section, copy the appropriate URL (s) as per your
requirement.
a. Login URL
c. Logout URL
Configure Comeet Recruiting Software Single Sign-On
To configure single sign-on on Comeet Recruiting Software side, you need to send the downloaded Federation
Metadata XML and appropriate copied URLs from Azure portal to Comeet Recruiting Software support team.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Comeet Recruiting
Software.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Comeet
Recruiting Software.
2. In the applications list, select Comeet Recruiting Software.

Create Comeet Recruiting Software test user
In this section, you create a user called Britta Simon in Comeet Recruiting Software. Work with Comeet Recruiting
Software support team to add the users in the Comeet Recruiting Software platform. Users must be created and
Test single sign-on
When you click the Comeet Recruiting Software tile in the Access Panel, you should be automatically signed in to
the Comeet Recruiting Software for which you set up SSO. For more information about the Access Panel, see
Comm100 Live Chat
In this tutorial, you learn how to integrate Comm100 Live Chat with Azure Active Directory (Azure AD ). Integrating
Comm100 Live Chat with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Comm100 Live Chat.
You can enable your users to be automatically signed-in to Comm100 Live Chat (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Comm100 Live Chat, you need the following items:
Comm100 Live Chat single sign-on enabled subscription
Comm100 Live Chat supports SP initiated SSO
Adding Comm100 Live Chat from the gallery

To configure the integration of Comm100 Live Chat into Azure AD, you need to add Comm100 Live Chat from the
To add Comm100 Live Chat from the gallery, perform the following steps:
4. In the search box, type Comm100 Live Chat, select Comm100 Live Chat from result panel then click Add

In this section, you configure and test Azure AD single sign-on with Comm100 Live Chat based on a test user
in Comm100 Live Chat needs to be established.
To configure and test Azure AD single sign-on with Comm100 Live Chat, you need to complete the following
building blocks:
2. Configure Comm100 Live Chat Single Sign-On - to configure the Single Sign-On settings on application
side.
5. Create Comm100 Live Chat test user - to have a counterpart of Britta Simon in Comm100 Live Chat that is
To configure Azure AD single sign-on with Comm100 Live Chat, perform the following steps:
1. In the Azure portal, on the Comm100 Live Chat application integration page, select Single sign-on.
dialog.

https://<SUBDOMAIN>.comm100.com/AdminManage/LoginSSO.aspx?siteId=<SITEID>
NOTE
The Sign-on URL value is not real. You will update the Sign-on URL value with the actual Sign-on URL, which is
5. Comm100 Live Chat application expects the SAML assertions in a specific format. Configure the following
claims for this application. You can manage the values of these attributes from the User Attributes section
on application integration page. On the Set up Single Sign-On with SAML page, click Edit button to
open User Attributes dialog.
email user.mail
f. Click Ok
g. Click Save.
8. On the Set up Comm100 Live Chat section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Comm100 Live Chat Single Sign-On
1. In a different web browser window, login to Comm100 Live Chat as a Security Administrator.
2. On the top right side of the page, click My Account.
3. From the left side of menu, click Security and then click Agent Single Sign-On.
4. On the Agent Single Sign-On page, perform the following steps:

a. Copy the first highlighted link and paste it in Sign-on URL textbox in Comm100 Live Chat Domain
and URLs section on Azure portal.
b. In the SAML SSO URL textbox, paste the value of Login URL, which you have copied from the Azure
portal.
c. In the Remote Logout URL textbox, paste the value of Logout URL, which you have copied from the
Azure portal.
d. Click Choose a File to upload the base-64 encoded certificate that you have downloaded from the Azure
portal, into the Certificate.
e. Click Save Changes

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Comm100 Live Chat.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Comm100 Live
Chat.
2. In the applications list, select Comm100 Live Chat.

Create Comm100 Live Chat test user
To enable Azure AD users to log in to Comm100 Live Chat, they must be provisioned into Comm100 Live Chat. In
Comm100 Live Chat, provisioning is a manual task.
1. Log in to Comm100 Live Chat as a Security Administrator.
2. On the top right side of the page, click My Account.
3. From the left side of menu, click Agents and then click New Agent.
4. On the New Agent page, perform the following steps:
a. a. In Email text box, enter the email of user like Brittasimon@contoso.com.

b. In First Name text box, enter the first name of user like Britta.
c. In Last Name text box, enter the last name of user like simon.
d. In the Display Name textbox, enter the display name of user like Britta simon
e. In the Password textbox, type your password.
f. Click Save.
Test single sign-on
When you click the Comm100 Live Chat tile in the Access Panel, you should be automatically signed in to the
Comm100 Live Chat for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
Communifire
In this tutorial, you learn how to integrate Communifire with Azure Active Directory (Azure AD ). Integrating
Communifire with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Communifire.
You can enable your users to be automatically signed-in to Communifire (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Communifire, you need the following items:
Communifire single sign-on enabled subscription
Communifire supports SP and IDP initiated SSO
Communifire supports Just In Time user provisioning
Adding Communifire from the gallery

To configure the integration of Communifire into Azure AD, you need to add Communifire from the gallery to your
To add Communifire from the gallery, perform the following steps:
4. In the search box, type Communifire, select Communifire from result panel then click Add button to add
the application.

In this section, you configure and test Azure AD single sign-on with Communifire based on a test user called Britta
Communifire needs to be established.
To configure and test Azure AD single sign-on with Communifire, you need to complete the following building
blocks:
2. Configure Communifire Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Communifire test user - to have a counterpart of Britta Simon in Communifire that is linked to the
To configure Azure AD single sign-on with Communifire, perform the following steps:
1. In the Azure portal, on the Communifire application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type a URL using the following pattern: https://<subdomain>.communifire.com
https://<subdomain>.communifire.com/SAML/AssertionConsumerService.aspx
initiated mode:
https://<subdomain>.communifire.com/login
NOTE
Communifire Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
7. In the SAML Signing Certificate section, click Edit button to open SAML Signing Certificate dialog and
perform the following step.
a. Select Sign SAML response and assertion from the Signing Option.
b. Click Save
8. On the Set up Communifire section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Communifire Single Sign-On
To configure single sign-on on Communifire side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to Communifire support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Communifire.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Communifire.
2. In the applications list, select Communifire.
Create Communifire test user
The objective of this section is to create a user called Britta Simon in Communifire. Communifire supports just-in-
time provisioning, which is by default enabled. A new user is created after saving the profile details during an
attempt to access Communifire if it doesn't exist yet.
NOTE
If you need to create a user manually, Contact Communifire support team.
Test single sign-on

When you click the Communifire tile in the Access Panel, you should be automatically signed in to the
Communifire for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
CompetencyIQ
In this tutorial, you learn how to integrate CompetencyIQ with Azure Active Directory (Azure AD ). Integrating
CompetencyIQ with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to CompetencyIQ.
You can enable your users to be automatically signed-in to CompetencyIQ (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with CompetencyIQ, you need the following items:
CompetencyIQ single sign-on enabled subscription
CompetencyIQ supports SP initiated SSO
Adding CompetencyIQ from the gallery

To configure the integration of CompetencyIQ into Azure AD, you need to add CompetencyIQ from the gallery to
To add CompetencyIQ from the gallery, perform the following steps:
4. In the search box, type CompetencyIQ, select CompetencyIQ from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with CompetencyIQ based on a test user called
CompetencyIQ needs to be established.
To configure and test Azure AD single sign-on with CompetencyIQ, you need to complete the following building
blocks:
2. Configure CompetencyIQ Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create CompetencyIQ test user - to have a counterpart of Britta Simon in CompetencyIQ that is linked to the
To configure Azure AD single sign-on with CompetencyIQ, perform the following steps:
1. In the Azure portal, on the CompetencyIQ application integration page, select Single sign-on.
dialog.

https://<customer>.competencyiq.com/
b. In the Identifier (Entity ID ) text box, type a URL: https://www.competencyiq.com/
NOTE
The Sign on URL value is not real. Update the value with the actual Sign on URL. Contact CompetencyIQ Client
the Azure portal.
6. On the Set up CompetencyIQ section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure CompetencyIQ Single Sign-On
To configure single sign-on on CompetencyIQ side, you need to send the downloaded Federation Metadata
XML and appropriate copied URLs from Azure portal to CompetencyIQ support team. They set this setting to

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to CompetencyIQ.
1. In the Azure portal, select Enterprise Applications, select All applications, then select CompetencyIQ.
2. In the applications list, select CompetencyIQ.
Create CompetencyIQ test user
In this section, you create a user called Britta Simon in CompetencyIQ. Work with CompetencyIQ support team to
add the users in the CompetencyIQ platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the CompetencyIQ tile in the Access Panel, you should be automatically signed in to the
CompetencyIQ for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Compliance ELF
In this tutorial, you learn how to integrate Compliance ELF with Azure Active Directory (Azure AD ). Integrating
Compliance ELF with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Compliance ELF.
You can enable your users to be automatically signed-in to Compliance ELF (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Compliance ELF, you need the following items:
Compliance ELF single sign-on enabled subscription
Compliance ELF supports SP and IDP initiated SSO
Adding Compliance ELF from the gallery

To configure the integration of Compliance ELF into Azure AD, you need to add Compliance ELF from the gallery
To add Compliance ELF from the gallery, perform the following steps:
4. In the search box, type Compliance ELF, select Compliance ELF from result panel then click Add button

In this section, you configure and test Azure AD single sign-on with Compliance ELF based on a test user called
Compliance ELF needs to be established.
To configure and test Azure AD single sign-on with Compliance ELF, you need to complete the following building
blocks:
2. Configure Compliance ELF Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Compliance ELF test user - to have a counterpart of Britta Simon in Compliance ELF that is linked to
To configure Azure AD single sign-on with Compliance ELF, perform the following steps:
1. In the Azure portal, on the Compliance ELF application integration page, select Single sign-on.
dialog.
In the Identifier text box, type a URL: https://sso.cordium.com
initiated mode:
https://<subdomain>.complianceelf.com
NOTE
The Sign on URL value is not real. Update the value with the actual Sign on URL. Contact Compliance ELF Client
the Azure portal.
Configure Compliance ELF Single Sign-On

To configure single sign-on on Compliance ELF side, you need to send the App Federation Metadata Url to
Compliance ELF support team. They set this setting to have the SAML SSO connection set properly on both sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Compliance ELF.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Compliance ELF.
2. In the applications list, select Compliance ELF.
Create Compliance ELF test user
In this section, you create a user called Britta Simon in Compliance ELF. Work with Compliance ELF support team
to add the users in the Compliance ELF platform. Users must be created and activated before you use single sign-
on.
Test single sign-on
When you click the Compliance ELF tile in the Access Panel, you should be automatically signed in to the
Compliance ELF for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
integration with Concur
In this tutorial, you'll learn how to integrate Concur with Azure Active Directory (Azure AD ). When you integrate
Concur with Azure AD, you can:
Control in Azure AD who has access to Concur.
Enable your users to be automatically signed-in to Concur with their Azure AD accounts.
Prerequisites
Concur single sign-on (SSO ) enabled subscription.
Concur supports SP initiated SSO
Concur supports Just In Time user provisioning
Adding Concur from the gallery

To configure the integration of Concur into Azure AD, you need to add Concur from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Concur in the search box.
6. Select Concur from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Concur

Configure and test Azure AD SSO with Concur using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Concur.
To configure and test Azure AD SSO with Concur, complete the following building blocks:
2. Configure Concur SSO - to configure the Single Sign-On settings on application side.
a. Create Concur test user - to have a counterpart of B.Simon in Concur that is linked to the Azure AD

1. In the Azure portal, on the Concur application integration page, find the Manage section and select Single
sign-on.

https://www.concursolutions.com/UI/SSO/<OrganizationId>
https://<customer-domain>.concursolutions.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Concur Client
computer.
6. On the Set up Concur section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Concur.
2. In the applications list, select Concur.
Configure Concur SSO

To configure single sign-on on Concur side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to Concur support team. They set this setting to have the SAML SSO
NOTE
The configuration of your Concur subscription for federated SSO via SAML is a separate task, which you must contact Concur
Client support team to perform.
Create Concur test user

In this section, a user called B.Simon is created in Concur. Concur supports just-in-time user provisioning, which is
enabled by default. There is no action item for you in this section. If a user doesn't already exist in Concur, a new
Test SSO
When you click the Concur tile in the Access Panel, you should be automatically signed in to the Concur for which
Try Concur with Azure AD
integration with Concur Travel and Expense
In this tutorial, you'll learn how to integrate Concur Travel and Expense with Azure Active Directory (Azure AD ).
When you integrate Concur Travel and Expense with Azure AD, you can:
Control in Azure AD who has access to Concur Travel and Expense.
Enable your users to be automatically signed-in to Concur Travel and Expense with their Azure AD accounts.
Prerequisites
Concur Travel and Expense subscription.
A "Company Administrator" role under your Concur user account. You can test if you have the right access by
going to Concur SSO Self-Service Tool. If you do not have the access, please contact Concur support or
implementation project manager.
In this tutorial, you configure and test Azure AD SSO.
Concur Travel and Expense supports IDP and SP initiated SSO
Concur Travel and Expense supports testing SSO in both production and implementation environment
NOTE
Identifier of this application is a fixed string value for each of the three regions: US, EMEA, and China. So only one instance
can be configured for each region in one tenant.
Adding Concur Travel and Expense from the gallery

To configure the integration of Concur Travel and Expense into Azure AD, you need to add Concur Travel and
Expense from the gallery to your list of managed SaaS apps.
5. In the Add from the gallery section, type Concur Travel and Expense in the search box.
6. Select Concur Travel and Expense from results panel and then add the app. Wait a few seconds while the app
is added to your tenant.
Configure and test Azure AD single sign-on for Concur Travel and
Expense
Configure and test Azure AD SSO with Concur Travel and Expense using a test user called B.Simon. For SSO to
work, you need to establish a link relationship between an Azure AD user and the related user in Concur Travel and
Expense.
To configure and test Azure AD SSO with Concur Travel and Expense, complete the following building blocks:
2. Configure Concur Travel and Expense SSO - to configure the single sign-on settings on application side.
a. Create Concur Travel and Expense test user - to have a counterpart of B.Simon in Concur Travel and
Expense that is linked to the Azure AD representation of user.

1. In the Azure portal, on the Concur Travel and Expense application integration page, find the Manage
edit the settings.
the Save button.
NOTE
Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) are region specific. Please select based on the
datacenter of your Concur entity. If you do not know the datacenter of your Concur entity, please contact Concur
support.
5. On the Set up Single Sign-On with SAML page, click the edit/pen icon for User Attribute to edit the
settings. The Unique User Identifier needs to match Concur user login_id. Usually, you should change
user.userprincipalname to user.mail.
Federation Metadata XML and select Download to download the metadata and save it on your
computer.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Concur Travel and Expense.
2. In the applications list, select Concur Travel and Expense.
Configure Concur Travel and Expense SSO

1. To configure single sign-on on Concur Travel and Expense side, you need to upload the downloaded
Federation Metadata XML to Concur SSO Self-Service Tool and login with an account with "Company
Administrator" role.
2. Click Add.
3. Enter a custom name for your IdP, for example "Azure AD (US )".
4. Click Upload XML File and attach Federation Metadata XML you downloaded previously.
5. Click Add Metadata to save the change.
Create Concur Travel and Expense test user
In this section, you create a user called B.Simon in Concur Travel and Expense. Work with Concur support team to
add the users in the Concur Travel and Expense platform. Users must be created and activated before you use
single sign-on.
NOTE
B.Simon's Concur login id needs to match B.Simon's unique identifier at Azure AD. For example, if B.Simon's Azure AD unique
identifer is B.Simon@contoso.com . B.Simon's Concur login id needs to be B.Simon@contoso.com as well.
Configure Concur Mobile SSO

To enable Concur mobile SSO, you need to give Concur support team User access URL. Follow steps below to get
User access URL from Azure AD:
1. Go to Enterprise applications
2. Click Concur Travel and Expense
3. Click Properties
4. Copy User access URL and give this URL to Concur support
NOTE
Self-Service option to configure SSO is not available so work with Concur support team to enable mobile SSO.
Test SSO
When you click the Concur Travel and Expense tile in the Access Panel, you should be automatically signed in to the
Concur Travel and Expense for which you set up SSO. For more information about the Access Panel, see
Try Concur Travel and Expense with Azure AD
Condeco
In this tutorial, you learn how to integrate Condeco with Azure Active Directory (Azure AD ). Integrating Condeco
You can control in Azure AD who has access to Condeco.
You can enable your users to be automatically signed-in to Condeco (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Condeco, you need the following items:
Condeco single sign-on enabled subscription
Condeco supports SP initiated SSO
Condeco supports Just In Time user provisioning
Adding Condeco from the gallery

To configure the integration of Condeco into Azure AD, you need to add Condeco from the gallery to your list of
managed SaaS apps.
To add Condeco from the gallery, perform the following steps:
4. In the search box, type Condeco, select Condeco from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Condeco based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Condeco
To configure and test Azure AD single sign-on with Condeco, you need to complete the following building blocks:
2. Configure Condeco Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Condeco test user - to have a counterpart of Britta Simon in Condeco that is linked to the Azure AD
To configure Azure AD single sign-on with Condeco, perform the following steps:
1. In the Azure portal, on the Condeco application integration page, select Single sign-on.
dialog.

https://<companyname>.condecosoftware.com
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact Condeco Client support team to get the
6. On the Set up Condeco section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Condeco Single Sign-On
To configure single sign-on on Condeco side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to Condeco support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Condeco.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Condeco.
2. In the applications list, select Condeco.
Create Condeco test user
The objective of this section is to create a user called Britta Simon in Condeco. Condeco supports just-in-time
provisioning, which is by default enabled.
There is no action item for you in this section. A new user is created during an attempt to access Condeco if it
doesn't exist yet.
NOTE
If you need to create a user manually, you need to contact the Condeco support team.
Test single sign-on

When you click the Condeco tile in the Access Panel, you should be automatically signed in to the Condeco for
Confirmit Horizons
In this tutorial, you learn how to integrate Confirmit Horizons with Azure Active Directory (Azure AD ). Integrating
Confirmit Horizons with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Confirmit Horizons.
You can enable your users to be automatically signed-in to Confirmit Horizons (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Confirmit Horizons, you need the following items:
Confirmit Horizons single sign-on enabled subscription
Confirmit Horizons supports SP and IDP initiated SSO
Confirmit Horizons supports Just In Time user provisioning
Adding Confirmit Horizons from the gallery

To configure the integration of Confirmit Horizons into Azure AD, you need to add Confirmit Horizons from the
To add Confirmit Horizons from the gallery, perform the following steps:
4. In the search box, type Confirmit Horizons, select Confirmit Horizons from result panel then click Add

In this section, you configure and test Azure AD single sign-on with Confirmit Horizons based on a test user called
Confirmit Horizons needs to be established.
To configure and test Azure AD single sign-on with Confirmit Horizons, you need to complete the following
building blocks:
2. Configure Confirmit Horizons Single Sign-On - to configure the Single Sign-On settings on application
side.
5. Create Confirmit Horizons test user - to have a counterpart of Britta Simon in Confirmit Horizons that is
To configure Azure AD single sign-on with Confirmit Horizons, perform the following steps:
1. In the Azure portal, on the Confirmit Horizons application integration page, select Single sign-on.
dialog.
https://<SUBDOMAIN>.confirmit.com/identity/AuthServices/<UNIQUEID>
https://<SUBDOMAIN>.confirmit.com.au/identity/AuthServices/<UNIQUEID>
https://<SUBDOMAIN>.confirmit.ca/identity/AuthServices/<UNIQUEID>
https://<SUBDOMAIN>.confirmit.hk/identity/AuthServices/<UNIQUEID>
https://sso.us.confirmit.com/<UNIQUEID>
https://<SUBDOMAIN>.confirmit.com/identity/AuthServices/<UNIQUEID>/acs
https://<SUBDOMAIN>.confirmit.com.au/identity/AuthServices/<UNIQUEID>/acs
https://<SUBDOMAIN>.confirmit.ca/identity/AuthServices/<UNIQUEID>/acs
https://<SUBDOMAIN>.confirmit.hk/identity/AuthServices/<UNIQUEID>/acs
https://sso.us.confirmit.com/<UNIQUEID>/saml/acs
initiated mode:
https://<SUBDOMAIN>.confirmit.com/identity/<UNIQUEID>
https://<SUBDOMAIN>.confirmit.com.au/identity/<UNIQUEID>
https://<SUBDOMAIN>.confirmit.ca/identity/<UNIQUEID>
https://<SUBDOMAIN>.confirmit.hk/identity/<UNIQUEID>
https://sso.us.confirmit.com/<UNIQUEID>
NOTE
Confirmit Horizons Client support team to get these values. You can also refer to the patterns shown in the Basic
Configure Confirmit Horizons Single Sign-On

To configure single sign-on on Confirmit Horizons side, you need to send the App Federation Metadata Url to
Confirmit Horizons support team. They set this setting to have the SAML SSO connection set properly on both
sides.

b. In the User name field, type **brittasimon@yourcompanydomain.extension**
d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Confirmit Horizons.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Confirmit
Horizons.
2. In the applications list, select Confirmit Horizons.

Create Confirmit Horizons test user
In this section, a user called Britta Simon is created in Confirmit Horizons. Confirmit Horizons supports just-in-
already exist in Confirmit Horizons, a new one is created after authentication.
Test single sign-on
When you click the Confirmit Horizons tile in the Access Panel, you should be automatically signed in to the
Confirmit Horizons for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
integration with Confluence SAML SSO by Microsoft
In this tutorial, you'll learn how to integrate Confluence SAML SSO by Microsoft with Azure Active Directory
(Azure AD ). When you integrate Confluence SAML SSO by Microsoft with Azure AD, you can:
Control in Azure AD who has access to Confluence SAML SSO by Microsoft.
Enable your users to be automatically signed-in to Confluence SAML SSO by Microsoft with their Azure AD
accounts.
Description:
Use your Microsoft Azure Active Directory account with Atlassian Confluence server to enable single sign-on. This
way all your organization users can use the Azure AD credentials to sign in into the Confluence application. This
plugin uses SAML 2.0 for federation.
Prerequisites
To configure Azure AD integration with Confluence SAML SSO by Microsoft, you need the following items:
An Azure AD subscription
Confluence server application installed on a Windows 64-bit server (on-premises or on the cloud IaaS
infrastructure)
Confluence server is HTTPS enabled
Note the supported versions for Confluence Plugin are mentioned in below section.
Confluence server is reachable on internet particularly to Azure AD Login page for authentication and should
able to receive the token from Azure AD
Admin credentials are set up in Confluence
WebSudo is disabled in Confluence
Test user created in the Confluence server application
NOTE
To test the steps in this tutorial, we do not recommend using a production environment of Confluence. Test the integration
first in development or staging environment of the application and then use the production environment.

Confluence SAML SSO by Microsoft single sign-on (SSO ) enabled subscription.
Supported versions of Confluence

As of now, following versions of Confluence are supported:
Confluence: 6.0.1
Confluence: 6.1.1
Confluence: 6.2.1
Confluence: 6.3.4
Confluence: 6.4.0
Confluence: 6.5.0
Confluence: 6.6.2
Confluence: 6.7.0
Confluence: 6.8.1
Confluence: 6.9.0
Confluence: 6.10.0
Confluence: 6.10.3
Confluence: 6.11.0
Confluence: 6.12.0
Confluence: 6.13.5
Confluence: 6.15.3
Confluence: 6.15.4
Confluence: 6.15.8
NOTE
Please note that our Confluence Plugin also works on Ubuntu Version 16.04
Confluence SAML SSO by Microsoft supports SP initiated SSO
Adding Confluence SAML SSO by Microsoft from the gallery

To configure the integration of Confluence SAML SSO by Microsoft into Azure AD, you need to add Confluence
SAML SSO by Microsoft from the gallery to your list of managed SaaS apps.
5. In the Add from the gallery section, type Confluence SAML SSO by Microsoft in the search box.
6. Select Confluence SAML SSO by Microsoft from results panel and then add the app. Wait a few seconds
while the app is added to your tenant.
Configure and test Azure AD single sign-on for Confluence SAML SSO
by Microsoft
Configure and test Azure AD SSO with Confluence SAML SSO by Microsoft using a test user called B.Simon. For
SSO to work, you need to establish a link relationship between an Azure AD user and the related user in
Confluence SAML SSO by Microsoft.
To configure and test Azure AD SSO with Confluence SAML SSO by Microsoft, complete the following building
blocks:
2. Configure Confluence SAML SSO by Microsoft SSO - to configure the single sign-on settings on
application side.
a. Create Confluence SAML SSO by Microsoft test user - to have a counterpart of B.Simon in
Confluence SAML SSO by Microsoft that is linked to the Azure AD representation of user.

1. In the Azure portal, on the Confluence SAML SSO by Microsoft application integration page, find the
edit the settings.
https://<domain:port>/plugins/servlet/saml/auth
b. In the Identifier box, type a URL using the following pattern: https://<domain:port>/
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL, and Sign-On URL. Port is optional
in case it’s a named URL. These values are received during the configuration of Confluence plugin, which is explained
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Confluence SAML SSO by
Microsoft.
2. In the applications list, select Confluence SAML SSO by Microsoft.
Configure Confluence SAML SSO by Microsoft SSO

1. In a different web browser window, sign in to your Confluence instance as an administrator.
2. Hover on cog and click the Add-ons.
3. Download the plugin from Microsoft Download Center. Manually upload the plugin provided by Microsoft
using Upload add-on menu. The download of plugin is covered under Microsoft Service Agreement.
4. For running the Confluence reverse proxy scenario or load balancer scenario perform the following steps:
NOTE
You should be configuring the server first with the below instructions and then install the plugin.
a. Add below attribute in connector port in server.xml file of JIRA server application.
scheme="https" proxyName="<subdomain.domain.com>" proxyPort="<proxy_port>" secure="true"
b. Change Base URL in System Settings according to proxy/load balancer.
5. Once the plugin is installed, it appears in User Installed add-ons section of Manage Add-on section. Click
Configure to configure the new plugin.
6. Perform following steps on configuration page:

TIP
Ensure that there is only one certificate mapped against the app so that there is no error in resolving the metadata. If
there are multiple certificates, admin gets an error upon resolving the metadata.
a. In the Metadata URL textbox, paste App Federation Metadata Url value which you have copied
from the Azure portal and click the Resolve button. It reads the IdP metadata URL and populates all
the fields information.
b. Copy the Identifier, Reply URL and Sign on URL values and paste them in Identifier, Reply URL
and Sign on URL textboxes respectively in Basic SAML Configuration section on Azure portal.
c. In Login Button Name type the name of button your organization wants the users to see on login
screen.
d. In Login Button Description type the description of button your organization wants the users to
see on login screen.
e. In SAML User ID Locations, select either User ID is in the NameIdentifier element of the
Subject statement or User ID is in an Attribute element. This ID has to be the Confluence user
ID. If the user ID is not matched, then system will not allow users to sign in.
NOTE
Default SAML User ID location is Name Identifier. You can change this to an attribute option and enter the
appropriate attribute name.
f. If you select User ID is in an Attribute element option, then in Attribute name textbox type the
name of the attribute where User ID is expected.
g. If you are using the federated domain (like ADFS etc.) with Azure AD, then click on the Enable
Home Realm Discovery option and configure the Domain Name.
h. In Domain Name type the domain name here in case of the ADFS -based login.
i. Check Enable Single Sign out if you wish to sign out from Azure AD when a user signs out from
Confluence.
j. Enable Force Azure Login checkbox, if you wish to sign in through Azure AD credentials only.
NOTE
To enable the default login form for admin login on the login page when the force azure login is enabled, add
the query parameter in the browser URL. https://<domain:port>/login.action?force_azure_login=false
k. Click Save button to save the settings.
NOTE
For more information about installation and troubleshooting, visit MS Confluence SSO Connector Admin
Guide. There is also an FAQ for your assistance.
Create Confluence SAML SSO by Microsoft test user
To enable Azure AD users to sign in to Confluence on-premises server, they must be provisioned into Confluence
SAML SSO by Microsoft. For Confluence SAML SSO by Microsoft, provisioning is a manual task.
1. Sign in to your Confluence on-premises server as an administrator.
2. Hover on cog and click the User management.
3. Under Users section, click Add users tab. On the Add a User dialog page, perform the following steps:
a. In the Username textbox, type the email of user like B.Simon.

b. In the Full Name textbox, type the full name of user like B.Simon.
c. In the Email textbox, type the email address of user like B.Simon@contoso.com.
d. In the Password textbox, type the password for B.Simon.
e. Click Confirm Password reenter the password.
f. Click Add button.
Test SSO
When you click the Confluence SAML SSO by Microsoft tile in the Access Panel, you should be automatically
signed in to the Confluence SAML SSO by Microsoft for which you set up SSO. For more information about the
Access Panel, see Introduction to the Access Panel.
Try Confluence SAML SSO by Microsoft with Azure AD
Consent2Go
In this tutorial, you learn how to integrate Consent2Go with Azure Active Directory (Azure AD ). Integrating
Consent2Go with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Consent2Go.
You can enable your users to be automatically signed-in to Consent2Go (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Consent2Go, you need the following items:
Consent2Go single sign-on enabled subscription
Consent2Go supports SP initiated SSO
Adding Consent2Go from the gallery

To configure the integration of Consent2Go into Azure AD, you need to add Consent2Go from the gallery to your
To add Consent2Go from the gallery, perform the following steps:
4. In the search box, type Consent2Go, select Consent2Go from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Consent2Go based on a test user called Britta
Consent2Go needs to be established.
To configure and test Azure AD single sign-on with Consent2Go, you need to complete the following building
blocks:
2. Configure Consent2Go Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Consent2Go test user - to have a counterpart of Britta Simon in Consent2Go that is linked to the
To configure Azure AD single sign-on with Consent2Go, perform the following steps:
1. In the Azure portal, on the Consent2Go application integration page, select Single sign-on.
dialog.

In the Sign-on URL text box, type a URL: https://www.mcbschools.com/Login
Configure Consent2Go Single Sign-On

To configure single sign-on on Consent2Go side, you need to send the App Federation Metadata Url to
Consent2Go support team. They set this setting to have the SAML SSO connection set properly on both sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Consent2Go.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Consent2Go.
2. In the applications list, select Consent2Go.

Create Consent2Go test user
In this section, you create a user called Britta Simon in Consent2Go. Work with Consent2Go support team to add
the users in the Consent2Go platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Consent2Go tile in the Access Panel, you should be automatically signed in to the Consent2Go
integration with Contentful
In this tutorial, you'll learn how to integrate Contentful with Azure Active Directory (Azure AD ). When you
integrate Contentful with Azure AD, you can:
Control in Azure AD who has access to Contentful.
Enable your users to be automatically signed-in to Contentful with their Azure AD accounts.
Prerequisites
Contentful single sign-on (SSO ) enabled subscription.
Contentful supports SP and IDP initiated SSO
Contentful supports Just In Time user provisioning
NOTE
The identifier of this application is a fixed string value. Only one instance can be configured in one tenant.
Adding Contentful from the gallery

To configure the integration of Contentful into Azure AD, you need to add Contentful from the gallery to your list
2. In the left navigation pane, select the Azure Active Directory service.
4. To add a new application, select New application.
5. In the Add from the gallery section, type Contentful in the search box.
6. Select Contentful in the results, and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Contentful

Configure and test Azure AD SSO with Contentful using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Contentful.
To configure and test Azure AD SSO with Contentful, complete the following building blocks:
2. Configure Contentful SSO - to configure the single sign-on settings on application side.
Create Contentful test user - to have a counterpart of B.Simon in Contentful that is linked to the Azure

1. In the Azure portal, on the Contentful application integration page, find the Manage section and select
single sign-on.
edit the settings.
4. In the Basic SAML Configuration section, if you want to configure the application in IDP initiated mode,
In the Reply URL text box, copy the ACS (Assertion Consumer Service) URL from the SSO setup page
in Contentful. It will look like this: https://be.contentful.com/sso/<organization_id>/consume
5. Click Set additional URLs and perform the following step if you want to configure the application in SP
initiated mode:
In the Sign-on URL text box, copy the same ACS (Assertion Consumer Service) URL. It will look like
this: https://be.contentful.com/sso/<organization_id>/login
NOTE
These values are not real. Update these values with the actual Reply URL and Sign-On URL by copying the ACS
(Assertion Consumer Service) URL from the SSO setup page in Contentful.
7. In the Set up Contentful section, copy the login URL to configure Contentful SSO.

1. In the left pane in the Azure portal, select Azure Active Directory, select Users, and then select All users.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Contentful.
2. In the applications list, select Contentful.
3. On the app's overview page, find the Manage section and select Users and groups.
4. Select Add user, then select Users and groups in the Add Assignment dialog box.
5. In the Users and groups dialog box, select B.Simon from the Users list, then click the Select button at the
bottom of the page.
6. If you're expecting any role value in the SAML assertion, in the Select Role dialog box, select the
appropriate role for the user from the list and then click the Select button at the bottom of the page.
7. In the Add Assignment dialog box, click the Assign button.
Configure Contentful SSO

Follow these steps to configure single sign-on on the Contentful side.
1. In Contentful, navigate to the SSO setup page in Organization Settings.
2. Click on Set up SSO.
3. Copy and paste the login URL from the Set up Contentful section in Azure AD.
4. Copy and paste the certificate from the Base64 certificate file you downloaded from Azure AD.
5. Set up an SSO name for SP -initiated login.
6. Click on Enable SSO.
If that doesn't work, reach out to the Contentful support team.
Create Contentful test user
In this section, a user called B.Simon is created in Contentful. Contentful supports just-in-time user provisioning,
Contentful, a new one is created after authentication.
Test SSO
When you click the Contentful tile in the Access Panel, you should be automatically signed in to the Contentful for
Try Contentful with Azure AD
integration with ContractWorks
In this tutorial, you'll learn how to integrate ContractWorks with Azure Active Directory (Azure AD ). When you
integrate ContractWorks with Azure AD, you can:
Control in Azure AD who has access to ContractWorks.
Enable your users to be automatically signed-in to ContractWorks with their Azure AD accounts.
Prerequisites
ContractWorks single sign-on (SSO ) enabled subscription.
ContractWorks supports SP and IDP initiated SSO
Adding ContractWorks from the gallery

To configure the integration of ContractWorks into Azure AD, you need to add ContractWorks from the gallery to
5. In the Add from the gallery section, type ContractWorks in the search box.
6. Select ContractWorks from results panel and then add the app. Wait a few seconds while the app is added to
your tenant.
Configure and test Azure AD single sign-on for ContractWorks

Configure and test Azure AD SSO with ContractWorks using a test user called B.Simon. For SSO to work, you
need to establish a link relationship between an Azure AD user and the related user in ContractWorks.
To configure and test Azure AD SSO with ContractWorks, complete the following building blocks:
2. Configure ContractWorks SSO - to configure the single sign-on settings on application side.
a. Create ContractWorks test user - to have a counterpart of B.Simon in ContractWorks that is linked to

1. In the Azure portal, on the ContractWorks application integration page, find the Manage section and
edit the settings.
In the Identifier text box, type a URL: https://login.securedocs.com/saml/metadata

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to ContractWorks.
2. In the applications list, select ContractWorks.
Configure ContractWorks SSO

To configure single sign-on on ContractWorks side, you need to send the App Federation Metadata Url to
ContractWorks support team. They set this setting to have the SAML SSO connection set properly on both sides.
Create ContractWorks test user
In this section, you create a user called B.Simon in ContractWorks. Work with ContractWorks support team to add
the users in the ContractWorks platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the ContractWorks tile in the Access Panel, you should be automatically signed in to the
ContractWorks for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Try ContractWorks with Azure AD
Tutorial: Integrate Continuity Control with Azure
Active Directory
In this tutorial, you'll learn how to integrate Continuity Control (Control) with Azure Active Directory (Azure AD ).
When you integrate Control with Azure AD, you can:
Manage in Azure AD who has access to Control.
Enable your users to be automatically signed-in to Control with their Azure AD accounts.
Prerequisites
A Control single sign-on (SSO ) enabled subscription.
In this tutorial, you configure and test Azure AD SSO in a test environment. Control supports SP initiated SSO.
Adding Control from the gallery

To configure the integration of Control into Azure AD, you need to add Control from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Control in the search box.
6. Select Control from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.

Configure and test Azure AD SSO with Control using a test user called Britta Simon. For SSO to work, you need
to establish a link relationship between an Azure AD user and the related user in Control.
To configure and test Azure AD SSO with Control, complete the following building blocks:
2. Configure Control SSO - to configure the Single Sign-On settings on application side.
5. Create Control test user - to have a counterpart of Britta Simon in Control that is linked to the Azure AD
1. In the Azure portal, on the Control application integration page, find the Manage section and select Single
sign-on.
4. On the Basic SAML Configuration page, enter the values for the following field:
https://<SUBDOMAIN>.continuity.net/auth/saml
NOTE
The value is not real. Update the value with the correct subdomain. Your SSO subdomain can be configured at
Control Authentication Strategies. You can also refer to the patterns shown in the Basic SAML Configuration
6. In the SAML Signing Certificate section, copy the Thumbprint and save it on your computer.
7. On the Set up Control section, copy the Login URL and save it on your computer.
Configure Control SSO

To configure single sign-on on the Control side, you need to update the single sign-on authentication settings at
Control Authentication Strategies. Update SAML SSO URL with the Login URL and Certificate Fingerprint
with the Thumbprint value from the Azure portal.
box.
d. Click Create.
In this section, you'll enable Britta Simon to use Azure single sign-on by granting access to Control.
2. In the applications list, select Control.
Create Control test user
In this section, you create a user called Britta Simon in Control. Work with Control support team to add the users in
the Control platform. Use Britta Simon's Azure AD User name to populate her Identity Provider User ID in
Control. Users must be created, and their Identity Provider User ID set, in Control before they can use single
sign-on.
Test SSO
When you select the Control tile in the Access Panel, you should be automatically signed in to the Control for
Convene
In this tutorial, you learn how to integrate Convene with Azure Active Directory (Azure AD ). Integrating Convene
You can control in Azure AD who has access to Convene.
You can enable your users to be automatically signed-in to Convene (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Convene, you need the following items:
Convene single sign-on enabled subscription
Convene supports SP initiated SSO
Convene supports Just In Time user provisioning
Adding Convene from the gallery

To configure the integration of Convene into Azure AD, you need to add Convene from the gallery to your list of
managed SaaS apps.
To add Convene from the gallery, perform the following steps:
4. In the search box, type Convene, select Convene from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Convene based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Convene
To configure and test Azure AD single sign-on with Convene, you need to complete the following building blocks:
2. Configure Convene Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Convene test user - to have a counterpart of Britta Simon in Convene that is linked to the Azure AD
To configure Azure AD single sign-on with Convene, perform the following steps:
1. In the Azure portal, on the Convene application integration page, select Single sign-on.
dialog.
https://portal.convene.me.uk/saml/acs/<UID>
initiated mode:
In the Sign-on URL text box, type a URL: https://portal.convene.me.uk/login
NOTE
The Reply URL value is not real. Update the value with the actual Reply URL. Contact Convene Client support team to
6. Convene application expects the SAML assertions in a specific format. Configure the following claims for
nameidentifier user.mail
f. Click Ok
g. Click Save.
9. On the Set up Convene section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Convene Single Sign-On
To configure single sign-on on Convene side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to Convene support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Convene.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Convene.
2. In the applications list, select Convene.
Create Convene test user
In this section, a user called Britta Simon is created in Convene. Convene supports just-in-time user
exist in Convene, a new one is created after authentication.
NOTE
If you need to create a user manually, contact Convene support team.
Test single sign-on

When you click the Convene tile in the Access Panel, you should be automatically signed in to the Convene for
Convercent
In this tutorial, you learn how to integrate Convercent with Azure Active Directory (Azure AD ). Integrating
Convercent with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Convercent.
You can enable your users to be automatically signed-in to Convercent (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Convercent, you need the following items:
Convercent single sign-on enabled subscription
Convercent supports SP and IDP initiated SSO
Adding Convercent from the gallery

To configure the integration of Convercent into Azure AD, you need to add Convercent from the gallery to your list
To add Convercent from the gallery, perform the following steps:
4. In the search box, type Convercent, select Convercent from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Convercent based on a test user called Britta
Simon For single sign-on to work, a link relationship between an Azure AD user and the related user in
Convercent needs to be established.
To configure and test Azure AD single sign-on with Convercent, you need to complete the following building
blocks:
2. Configure Convercent Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Convercent test user - to have a counterpart of Britta Simon in Convercent that is linked to the Azure
To configure Azure AD single sign-on with Convercent, perform the following steps:
1. In the Azure portal, on the Convercent application integration page, select Single sign-on.
dialog.
In the Identifier text box, type a URL using the following pattern: https://<instancename>.convercent.com/
5. Click Set additional URLs and perform the following steps if you wish to configure the application in SP
initiated mode:
https://<instancename>.convercent.com/
b. In the Relay State text box, type a URL using the following pattern:
https://<instancename>.convercent.com/
NOTE
These values are not real. Update these values with the actual Identifier, Sign-On URL and Relay State. Contact
Convercent Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
7. On the Set up Convercent section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Convercent Single Sign-On
To configure single sign-on on Convercent side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to Convercent support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Convercent.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Convercent.
2. In the applications list, select Convercent.
Create Convercent test user
In this section, you create a user called Britta Simon in Convercent. Work with Convercent support team to add the
users in the Convercent platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Convercent tile in the Access Panel, you should be automatically signed in to the Convercent
Coralogix
In this tutorial, you learn how to integrate Coralogix with Azure Active Directory (Azure AD ). Integrating Coralogix
You can control in Azure AD who has access to Coralogix.
You can enable your users to be automatically signed in to Coralogix (single sign-on) with their Azure AD
accounts.
You can manage your accounts in one central location: the Azure portal.
For more information about SaaS app integration with Azure AD, see What is application access and single sign-
on with Azure Active Directory. If you don't have an Azure subscription, create a free account before you begin.
Prerequisites
To configure Azure AD integration with Coralogix, you need the following items:
An Azure AD subscription. If you don't have an Azure AD environment, you can get a one-month trial.
A Coralogix single-sign-on enabled subscription.
Coralogix supports SP -initiated SSO.
Add Coralogix from the gallery

To configure the integration of Coralogix into Azure AD, first add Coralogix from the gallery to your list of
managed SaaS apps.
To add Coralogix from the gallery, take the following steps:
1. In the Azure portal, in the left pane, select the Azure Active Directory icon.

3. To add a new application, select the New application button at the top of the dialog box.
4. In the search box, enter Coralogix. Select Coralogix from the results pane, and then select the Add button

In this section, you configure and test Azure AD single sign-on with Coralogix based on a test user called Britta
Simon. For single sign-on to work, you need to establish a link between an Azure AD user and the related user in
Coralogix.
To configure and test Azure AD single sign-on with Coralogix, first complete the following building blocks:
1. Configure Azure AD single sign-on to enable your users to use this feature.
2. Configure Coralogix single sign-on to configure the single sign-on settings on the application side.
5. Create a Coralogix test user to have a counterpart of Britta Simon in Coralogix that is linked to the Azure AD
To configure Azure AD single sign-on with Coralogix, take the following steps:
1. In the Azure portal, on the Coralogix application integration page, select Single sign-on.
2. In the Select a Single sign-on method dialog box, select SAML to enable single sign-on.
3. On the Set up Single Sign-On with SAML page, select the Edit icon to open the Basic SAML
4. In the Basic SAML Configuration dialog box, take the following steps:
a. In the Sign on URL box, enter a URL with the following pattern: https://<SUBDOMAIN>.coralogix.com
b. In the Identifier (Entity ID ) text box, enter a URL, such as:

https://api.coralogix.com/saml/metadata.xml
or
https://aws-client-prod.coralogix.com/saml/metadata.xml
NOTE
The sign-on URL value isn't real. Update the value with the actual sign-on URL. Contact the Coralogix Client support
team to get the value. You can also refer to the patterns in the Basic SAML Configuration section in the Azure
portal.
5. The Coralogix application expects the SAML assertions in a specific format. Configure the following claims
for this application. You can manage the values of these attributes from the User Attributes section on the
application integration page. On the Set up Single Sign-On with SAML page, select the Edit button to
open the User Attributes dialog box.
6. In the User Claims section in the User Attributes dialog box, edit the claims by using the Edit icon. You
can also add the claims by using Add new claim to configure the SAML token attribute as shown in the
previous image. Then take the following steps:
a. Select the Edit icon to open the Manage user claims dialog box.
b. From the Choose name identifier format list, select Email address.
c. From the Source attribute list, select user.mail.
d. Select Save.
7. On the Set up Single Sign-On with SAML page, in the SAML Signing Certificate section, select
Download to download the Federation Metadata XML from the given options according to your
requirements. Then save it on your computer.
8. In the Set up Coralogix section, copy the appropriate URL (s).

a. Login URL
c. Logout URL
Configure Coralogix single sign-on
To configure single sign-on on the Coralogix side, send the downloaded Federation Metadata XML and copied
URLs from the Azure portal to the Coralogix support team. They ensure that the SAML SSO connection is set
properly on both sides.
2. At the top of the screen, select New user.
3. In the User dialog box, take the following steps.

b. In the User name field, enter "brittasimon@yourcompanydomain.extension." For example, in this case,
you might enter "brittasimon@contoso.com."
c. Select the Show password check box, and then note the value that's displayed in the Password box.
d. Select Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Coralogix.
1. In the Azure portal, select Enterprise Applications, select All applications, and then select Coralogix.
2. In the applications list, select Coralogix.

4. Select the Add user button. Then select Users and groups in the Add Assignment dialog box.
5. In the Users and groups dialog box, select Britta Simon in the users list. Then click the Select button at
the bottom of the screen.
6. If you're expecting a role value in the SAML assertion, in the Select Role dialog box, select the appropriate
role for the user from the list. Then click the Select button at the bottom of the screen.
7. In the Add Assignment dialog box, select the Assign button.
Create a Coralogix test user
In this section, you create a user called Britta Simon in Coralogix. Work with the Coralogix support team to add the
users in the Coralogix platform. You must create and activate users before you use single sign-on.
Test single sign-on
In this section, you test your Azure AD single sign-on configuration by using the MyApps portal.
When you select the Coralogix tile in the MyApps portal, you should be automatically signed in to Coralogix. For
more information about the MyApps portal, see What is the MyApps portal?.
List of tutorials on how to integrate SaaS apps with Azure Active Directory
integration with Cornerstone OnDemand
In this tutorial, you'll learn how to integrate Cornerstone OnDemand with Azure Active Directory (Azure AD ).
When you integrate Cornerstone OnDemand with Azure AD, you can:
Control in Azure AD who has access to Cornerstone OnDemand.
Enable your users to be automatically signed-in to Cornerstone OnDemand with their Azure AD accounts.
Prerequisites
Cornerstone OnDemand single sign-on (SSO ) enabled subscription.
Cornerstone OnDemand supports SP initiated SSO
Cornerstone OnDemand supports Automated user provisioning
Adding Cornerstone OnDemand from the gallery

To configure the integration of Cornerstone OnDemand into Azure AD, you need to add Cornerstone OnDemand
5. In the Add from the gallery section, type Cornerstone OnDemand in the search box.
6. Select Cornerstone OnDemand from results panel and then add the app. Wait a few seconds while the app is
Configure and test Azure AD single sign-on for Cornerstone

OnDemand
Configure and test Azure AD SSO with Cornerstone OnDemand using a test user called B.Simon. For SSO to
work, you need to establish a link relationship between an Azure AD user and the related user in Cornerstone
OnDemand.
To configure and test Azure AD SSO with Cornerstone OnDemand, complete the following building blocks:
2. Configure Cornerstone OnDemand SSO - to configure the Single Sign-On settings on application side.
a. Create Cornerstone OnDemand test user - to have a counterpart of B.Simon in Cornerstone
OnDemand that is linked to the Azure AD representation of user.

1. In the Azure portal, on the Cornerstone OnDemand application integration page, find the Manage

a. In the Sign on URL text box, type a URL using the following pattern: https://<company>.csod.com
https://<company>.csod.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Cornerstone
OnDemand Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
6. On the Set up Cornerstone OnDemand section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Cornerstone OnDemand.
2. In the applications list, select Cornerstone OnDemand.
Configure Cornerstone OnDemand SSO

To configure single sign-on on Cornerstone OnDemand side, you need to send the downloaded Certificate
(Base64) and appropriate copied URLs from Azure portal to Cornerstone OnDemand support team. They set this
Create Cornerstone OnDemand test user
The objective of this section is to create a user called B.Simon in Cornerstone OnDemand. Cornerstone
OnDemand supports automatic user provisioning, which is by default enabled. You can find more details here on
how to configure automatic user provisioning.
To configure user provisioning, send the information (e.g.: Name, Email) about the Azure AD user you want to
provision to the Cornerstone OnDemand support team.
NOTE
You can use any other Cornerstone OnDemand user account creation tools or APIs provided by Cornerstone OnDemand to
Test SSO
When you click the Cornerstone OnDemand tile in the Access Panel, you should be automatically signed in to the
Cornerstone OnDemand for which you set up SSO. For more information about the Access Panel, see Introduction
Try Cornerstone OnDemand with Azure AD
Corptax
In this tutorial, you learn how to integrate Corptax with Azure Active Directory (Azure AD ). Integrating Corptax
You can control in Azure AD who has access to Corptax.
You can enable your users to be automatically signed-in to Corptax (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Corptax, you need the following items:
Corptax single sign-on enabled subscription
Corptax supports SP initiated SSO
Adding Corptax from the gallery

To configure the integration of Corptax into Azure AD, you need to add Corptax from the gallery to your list of
managed SaaS apps.
To add Corptax from the gallery, perform the following steps:
4. In the search box, type Corptax, select Corptax from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Corptax based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Corptax
To configure and test Azure AD single sign-on with Corptax, you need to complete the following building blocks:
2. Configure Corptax Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Corptax test user - to have a counterpart of Britta Simon in Corptax that is linked to the Azure AD
To configure Azure AD single sign-on with Corptax, perform the following steps:
1. In the Azure portal, on the Corptax application integration page, select Single sign-on.
dialog.

In the Sign-on URL text box, type a URL: https://asp.corptax.com
5. On the Set up Single Sign-On with SAML page, In the SAML Signing Certificate section, click
Download to download Federation Metadata XML and save it on your computer.
Configure Corptax Single Sign-On

To configure single sign-on on Corptax side, you need to send the downloaded Federation Metadata XML to
Corptax support team. They set this setting to have the SAML SSO connection set properly on both sides.

b. In the User name field, type brittasimon\@yourcompanydomain.extension
d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Corptax.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Corptax.
2. In the applications list, type and select Corptax.

Create Corptax test user
In this section, you create a user called Britta Simon in Corptax. Work with Corptax support team to add the users
in the Corptax platform. Users must be created and activated before you use single sign-on.
Test single sign-on
In this section, you test your Azure AD single sign-on configuration using the Access Panel. When you click the
Corptax tile in the Access Panel, you should be redirected to the below Corptax page-
In Environment text box, type your appropriate environment, you should be automatically signed in to the
Corptax for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Tutorial: Integrate Costpoint with Azure Active
Directory
In this tutorial, you'll learn how to integrate Costpoint with Azure Active Directory (Azure AD ). When you integrate
Costpoint with Azure AD, you can:
Control in Azure AD who has access to Costpoint.
Enable your users to be automatically signed-in to Costpoint with their Azure AD accounts.
Prerequisites
A Costpoint single sign-on (SSO ) enabled subscription.
In this tutorial, you will configure and test Azure AD SSO in a test environment. Costpoint supports SP and IDP
initiated SSO.
Generate Costpoint metadata

Costpoint SAML SSO configuration is explained in the DeltekCostpoint711Security.pdf guide. Download this
guide from the Deltek Costpoint support site and refer to the SAML Single Sign-on Setup > Configure SAML
Single Sign-on between Costpoint and Microsoft Azure section. Follow the instructions and generate a
Costpoint SP Federation Metadata XML file.
Add Costpoint from the gallery

To integrate Costpoint with Azure AD, first add Costpoint to your list of managed SaaS apps from the gallery in the
Azure portal:
2. In the left navigation pane, select the Azure Active Directory service.
3. Select Enterprise Applications > All Applications.
5. In the Add from the gallery section, enter Costpoint in the search box.
6. In the results list, select Costpoint, and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sgn-on

Configure and test Azure AD SSO with Costpoint by using a test user named B.Simon. For SSO to work, you
need to establish a link relationship between an Azure AD user and the related user in Costpoint.
To configure and test Azure AD SSO with Costpoint, complete the following building blocks:
2. Configure Costpoint to configure the SAML SSO settings on application side.
3. Create an Azure AD test user to test Azure AD single sign-on with B.Simon.
4. Assign the Azure AD test user to enable B.Simon to use Azure AD single sign-on.
5. Create a Costpoint test user to have a counterpart of B.Simon in Costpoint that is linked to the Azure AD
Follow these steps to enable Azure AD SSO in the Azure portal:
1. On the Costpoint application integration page, select Single sign-on.
2. In the Basic SAML Configuration section, if you have the Service Provider metadata file, complete these
steps:
NOTE
You get the Service Provider metadata file in Generate Costpoint metadata. How to use the file is explained later in
the tutorial.
a. Select the Upload metadata file button, then select the Costpoint SP Federation Metadata XML
file previously generated by Costpoint, and then select the Add button to upload the file.
b. When the metadata file is successfully uploaded, the Identifier and Reply URL values are auto
populated in the Costpoint section.
NOTE
If the Identifier and Reply URL values are not auto polulated, enter the values manually according to your
requirement. Verify that Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) are
correctly set, and that ACS URL is a valid Costpoint URL that ends with /LoginServlet.cps.
c. Select Set additional URLs. For Relay State, enter a value using the following pattern:
system=[your system] (for example, system=DELTEKCP ).
Copy icon to copy the App Federation Metadata Url and save it to Notepad.
Configure Costpoint
1. Return to Costpoint Configuration Utility. In the IdP Federation Metadata XML text box, paste the
contents of the App Federation Metadata Url file.
2. Continue the instructions from the DeltekCostpoint711Security.pdf guide to finish the Costpoint SAML
setup.
The objective of this section is to create a test user in the Azure portal named B.Simon.
1. In the Azure portal, in the left pane, select Azure Active Directory > Users > All users.
2. Select New user.

3. In the User properties, complete these steps:
a. In the Name field, enter B.Simon.

b. In the User name field, enter b.simon\@yourcompanydomain.extension (for example,
B.Simon@contoso.com).
c. Select the Show Password check box, and then write down the value that's displayed in the
Password field.
d. Select Create.
In this section, you enable B.Simon to use Azure single sign-on by granting B.Simon access to Costpoint.
1. In the Azure portal, select Enterprise Applications > All applications.
2. In the applications list, select Costpoint.
3. In the Manage section of the app's overview page, select Users and groups.
4. Select Add user. In the Add Assignment dialog box, select Users and groups.
5. In the Users and groups dialog box, In the Users list, select B.Simon. Then, choose Select.
appropriate role for the user from the list, and then choose Select.
Create a Costpoint test user
In this section, you create a user in Costpoint. Assume the user id is B.SIMON and the user's name is B.Simon.
Work with the Costpoint Client support team to add the user in the Costpoint platform. The user must be created
and activated before they can use single sign-on.
After the user is created, the user's Authentication Method selection must be Active Directory, the SAML
Single Sign-on check box must be selected, and the user name from Azure Active Directory must be Active
Directory or Certificate ID (shown in the following screenshot).
Test SSO
When you select the Costpoint tile in the Access Panel, you should be automatically signed in to the Costpoint
application because you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
List of tutorials to integrate SaaS apps with Azure Active Directory
Coupa
In this tutorial, you learn how to integrate Coupa with Azure Active Directory (Azure AD ). Integrating Coupa with
You can control in Azure AD who has access to Coupa.
You can enable your users to be automatically signed-in to Coupa (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Coupa, you need the following items:
Coupa single sign-on enabled subscription
Coupa supports SP initiated SSO
Adding Coupa from the gallery

To configure the integration of Coupa into Azure AD, you need to add Coupa from the gallery to your list of
managed SaaS apps.
To add Coupa from the gallery, perform the following steps:
4. In the search box, type Coupa, select Coupa from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Coupa based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Coupa
To configure and test Azure AD single sign-on with Coupa, you need to complete the following building blocks:
2. Configure Coupa Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Coupa test user - to have a counterpart of Britta Simon in Coupa that is linked to the Azure AD
To configure Azure AD single sign-on with Coupa, perform the following steps:
1. In the Azure portal, on the Coupa application integration page, select Single sign-on.
dialog.

https://<companyname>.coupahost.com
NOTE
The Sign-on URL value is not real. Update this value with the actual Sign-On URL. Contact Coupa Client support
team to get this value.
b. In the Identifier box, type a URL:
ENVIRONMENT URL
Sandbox sso-stg1.coupahost.com
Production sso-prd1.coupahost.com
c. In the Reply URL text box, type a URL:
ENVIRONMENT URL
Sandbox https://sso-stg1.coupahost.com/sp/ACS.saml2
Production https://sso-prd1.coupahost.com/sp/ACS.saml2
6. On the Set up Coupa section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Coupa Single Sign-On
1. Sign on to your Coupa company site as an administrator.
2. Go to Setup > Security Control.
3. In the Log in using Coupa credentials section, perform the following steps:
a. Select Log in using SAML.
b. Click Browse to upload the metadata downloaded from the Azure portal.
c. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Coupa.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Coupa.
2. In the applications list, select Coupa.

Create Coupa test user
In order to enable Azure AD users to log into Coupa, they must be provisioned into Coupa.
In the case of Coupa, provisioning is a manual task.
1. Log in to your Coupa company site as administrator.
2. In the menu on the top, click Setup, and then click Users.
3. Click Create.
4. In the User Create section, perform the following steps:
a. Type the Login, First name, Last Name, Single Sign-On ID, Email attributes of a valid Azure Active
Directory account you want to provision into the related textboxes.
b. Click Create.
NOTE
The Azure Active Directory account holder will get an email with a link to confirm the account before it becomes
active.
NOTE
You can use any other Coupa user account creation tools or APIs provided by Coupa to provision Azure AD user accounts.
Test single sign-on

When you click the Coupa tile in the Access Panel, you should be automatically signed in to the Coupa for which
Tutorial: Integrate CPQSync by Cincom with Azure
Active Directory
In this tutorial, you'll learn how to integrate CPQSync by Cincom with Azure Active Directory (Azure AD ). When
you integrate CPQSync by Cincom with Azure AD, you can:
Control in Azure AD who has access to CPQSync by Cincom.
Enable your users to be automatically signed-in to CPQSync by Cincom with their Azure AD accounts.
Prerequisites
CPQSync by Cincom single sign-on (SSO ) enabled subscription.
CPQSync by Cincom supports SP and IDP initiated SSO
Adding CPQSync by Cincom from the gallery

To configure the integration of CPQSync by Cincom into Azure AD, you need to add CPQSync by Cincom from the
5. In the Add from the gallery section, type CPQSync by Cincom in the search box.
6. Select CPQSync by Cincom from results panel and then add the app. Wait a few seconds while the app is
Configure and test Azure AD single sign-on for CPQSync by Cincom

Configure and test Azure AD SSO with CPQSync by Cincom using a test user called B.Simon. For SSO to work,
you need to establish a link relationship between an Azure AD user and the related user in CPQSync by Cincom.
To configure and test Azure AD SSO with CPQSync by Cincom, complete the following building blocks:
2. Configure CPQSync by Cincom SSO - to configure the Single Sign-On settings on application side.
a. Create CPQSync by Cincom test user - to have a counterpart of B.Simon in CPQSync by Cincom that

1. In the Azure portal, on the CPQSync by Cincom application integration page, find the Manage section
and select Single sign-on.
https://cincom.oktapreview.com/sso/saml2/<CUSTOMURL>
https://cincom.okta.com/sso/saml2/<CUSTOMDOMAIN>
initiated mode:
In the Sign-on URL text box, type a URL: https://cincom.okta.com/
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact CPQSync by Cincom
7. On the Set up CPQSync by Cincom section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to CPQSync by Cincom.
2. In the applications list, select CPQSync by Cincom.
Configure CPQSync by Cincom SSO

To configure single sign-on on CPQSync by Cincom side, you need to send the downloaded Certificate (Raw)
and appropriate copied URLs from Azure portal to CPQSync by Cincom support team. They set this setting to
Create CPQSync by Cincom test user
In this section, you create a user called B.Simon in CPQSync by Cincom. Work with CPQSync by Cincom support
team to add the users in the CPQSync by Cincom platform. Users must be created and activated before you use
single sign-on.
Test SSO
When you click the CPQSync by Cincom tile in the Access Panel, you should be automatically signed in to the
CPQSync by Cincom for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
Tutorial: Azure Active Directory integration with CS
Stars
In this tutorial, you learn how to integrate CS Stars with Azure Active Directory (Azure AD ). Integrating CS Stars
You can control in Azure AD who has access to CS Stars.
You can enable your users to be automatically signed-in to CS Stars (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with CS Stars, you need the following items:
CS Stars single sign-on enabled subscription
CS Stars supports SP initiated SSO
Adding CS Stars from the gallery

To configure the integration of CS Stars into Azure AD, you need to add CS Stars from the gallery to your list of
managed SaaS apps.
To add CS Stars from the gallery, perform the following steps:
4. In the search box, type CS Stars, select CS Stars from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with CS Stars based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in CS Stars
To configure and test Azure AD single sign-on with CS Stars, you need to complete the following building blocks:
2. Configure CS Stars Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create CS Stars test user - to have a counterpart of Britta Simon in CS Stars that is linked to the Azure AD
To configure Azure AD single sign-on with CS Stars, perform the following steps:
1. In the Azure portal, on the CS Stars application integration page, select Single sign-on.
dialog.

https://<subdomain>.csstars.com/enterprise/default.cmdx?ssoclient=<uniqueid>
https://<subdomain>.csstars.com/enterprise/
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact CS Stars Client
6. On the Set up CS Stars section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure CS Stars Single Sign-On
To configure single sign-on on CS Stars side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to CS Stars support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to CS Stars.
1. In the Azure portal, select Enterprise Applications, select All applications, then select CS Stars.
2. In the applications list, select CS Stars.
Create CS Stars test user
In this section, you create a user called Britta Simon in CS Stars. Work with CS Stars support team to add the users
in the CS Stars platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the CS Stars tile in the Access Panel, you should be automatically signed in to the CS Stars for
integration with CyberArk SAML Authentication
In this tutorial, you'll learn how to integrate CyberArk SAML Authentication with Azure Active Directory (Azure
AD ). When you integrate CyberArk SAML Authentication with Azure AD, you can:
Control in Azure AD who has access to CyberArk SAML Authentication.
Enable your users to be automatically signed-in to CyberArk SAML Authentication with their Azure AD
accounts.
Prerequisites
CyberArk SAML Authentication single sign-on (SSO ) enabled subscription.
CyberArk SAML Authentication supports SP and IDP initiated SSO
Adding CyberArk SAML Authentication from the gallery

To configure the integration of CyberArk SAML Authentication into Azure AD, you need to add CyberArk SAML
Authentication from the gallery to your list of managed SaaS apps.
5. In the Add from the gallery section, type CyberArk SAML Authentication in the search box.
6. Select CyberArk SAML Authentication from results panel and then add the app. Wait a few seconds while
Configure and test Azure AD single sign-on for CyberArk SAML

Authentication
Configure and test Azure AD SSO with CyberArk SAML Authentication using a test user called B.Simon. For SSO
to work, you need to establish a link relationship between an Azure AD user and the related user in CyberArk
SAML Authentication.
To configure and test Azure AD SSO with CyberArk SAML Authentication, complete the following building blocks:
2. Configure CyberArk SAML Authentication SSO - to configure the single sign-on settings on application
side.
Create CyberArk SAML Authentication test user - to have a counterpart of B.Simon in CyberArk
SAML Authentication that is linked to the Azure AD representation of user.

1. In the Azure portal, on the CyberArk SAML Authentication application integration page, find the
edit the settings.
https://<PVWA DNS or IP>/passwordvault/api/auth/saml/logon
initiated mode:
https://<PVWA DNS or IP>/PasswordVault/v10/logon/saml
NOTE
These values are not real. Update these values with the actual Reply URL and Sign-On URL. Contact CyberArk SAML
Authentication Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
7. On the Set up CyberArk SAML Authentication section, copy the appropriate URL (s) based on your
requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to CyberArk SAML
Authentication.
2. In the applications list, select CyberArk SAML Authentication.
Configure CyberArk SAML Authentication SSO

To configure single sign-on on CyberArk SAML Authentication side, you need to send the downloaded
Certificate (Base64) and appropriate copied URLs from Azure portal to CyberArk SAML Authentication support
Create CyberArk SAML Authentication test user
In this section, you create a user called B.Simon in CyberArk SAML Authentication. Work with CyberArk SAML
Authentication support team to add the users in the CyberArk SAML Authentication platform. Users must be
Test SSO
When you click the CyberArk SAML Authentication tile in the Access Panel, you should be automatically signed in
to the CyberArk SAML Authentication for which you set up SSO. For more information about the Access Panel,
Try CyberArk SAML Authentication with Azure AD
CylancePROTECT
In this tutorial, you learn how to integrate CylancePROTECT with Azure Active Directory (Azure AD ). Integrating
CylancePROTECT with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to CylancePROTECT.
You can enable your users to be automatically signed-in to CylancePROTECT (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with CylancePROTECT, you need the following items:
CylancePROTECT single sign-on enabled subscription
CylancePROTECT supports IDP initiated SSO
Adding CylancePROTECT from the gallery

To configure the integration of CylancePROTECT into Azure AD, you need to add CylancePROTECT from the
To add CylancePROTECT from the gallery, perform the following steps:
4. In the search box, type CylancePROTECT, select CylancePROTECT from result panel then click Add

In this section, you configure and test Azure AD single sign-on with CylancePROTECT based on a test user called
CylancePROTECT needs to be established.
To configure and test Azure AD single sign-on with CylancePROTECT, you need to complete the following building
blocks:
2. Configure CylancePROTECT Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create CylancePROTECT test user - to have a counterpart of Britta Simon in CylancePROTECT that is linked
To configure Azure AD single sign-on with CylancePROTECT, perform the following steps:
1. In the Azure portal, on the CylancePROTECT application integration page, select Single sign-on.
dialog.
dialog.
a. In the Identifier textbox, type the URL:
REGION URL VALUE
Asia-Pacific Northeast (APNE1) https://login-

apne1.cylance.com/EnterpriseLogin/ConsumeSaml
Asia-Pacific Southeast (AU) https://login-

au.cylance.com/EnterpriseLogin/ConsumeSaml
Europe Central (EUC1) https://login-

euc1.cylance.com/EnterpriseLogin/ConsumeSaml
North America https://login.cylance.com/EnterpriseLogin/ConsumeSaml
South America (SAE1) https://login-

sae1.cylance.com/EnterpriseLogin/ConsumeSaml
b. In the Reply URL textbox, type the URL:
REGION URL VALUE
Asia-Pacific Northeast (APNE1) https://login-

apne1.cylance.com/EnterpriseLogin/ConsumeSaml
Asia-Pacific Southeast (AU) https://login-

au.cylance.com/EnterpriseLogin/ConsumeSaml
Europe Central (EUC1) https://login-

euc1.cylance.com/EnterpriseLogin/ConsumeSaml
North America https://login.cylance.com/EnterpriseLogin/ConsumeSaml
South America (SAE1) https://login-

sae1.cylance.com/EnterpriseLogin/ConsumeSaml
6. On the Set up CylancePROTECT section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure CylancePROTECT Single Sign-On
To configure single sign-on on CylancePROTECT side, you need to send the downloaded Certificate (Base64)
and appropriate copied URLs from Azure portal to console administrator. They set this setting to have the SAML

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to CylancePROTECT.
1. In the Azure portal, select Enterprise Applications, select All applications, then select
CylancePROTECT.
2. In the applications list, select CylancePROTECT.

Create CylancePROTECT test user
In this section, you create a user called Britta Simon in CylancePROTECT. Work with console administrator to add
the users in the CylancePROTECT platform. The Azure Active Directory account holder will receive an email and
follow a link to confirm their account before it becomes active.
Test single sign-on
When you click the CylancePROTECT tile in the Access Panel, you should be automatically signed in to the
CylancePROTECT for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
DATABASICS
In this tutorial, you learn how to integrate DATABASICS with Azure Active Directory (Azure AD ). Integrating
DATABASICS with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to DATABASICS.
You can enable your users to be automatically signed-in to DATABASICS (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with DATABASICS, you need the following items:
DATABASICS single sign-on enabled subscription
DATABASICS supports SP initiated SSO
Adding DATABASICS from the gallery

To configure the integration of DATABASICS into Azure AD, you need to add DATABASICS from the gallery to
To add DATABASICS from the gallery, perform the following steps:
4. In the search box, type DATABASICS, select DATABASICS from result panel then click Add button to add
the application.

In this section, you configure and test Azure AD single sign-on with DATABASICS based on a test user called
DATABASICS needs to be established.
To configure and test Azure AD single sign-on with DATABASICS, you need to complete the following building
blocks:
2. Configure DATABASICS Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create DATABASICS test user - to have a counterpart of Britta Simon in DATABASICS that is linked to the
To configure Azure AD single sign-on with DATABASICS, perform the following steps:
1. In the Azure portal, on the DATABASICS application integration page, select Single sign-on.
dialog.

https://<sitenumber>.data-basics.net/<clientname>/saml_sso.jsp
b. In the Identifier (Entity ID ) text box, type a value: DATA-BASICS_SP
NOTE
The Sign on URL value is not real. Update the value with the actual Sign on URL. Contact DATABASICS Client support
Azure portal.
6. On the Set up DATABASICS section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure DATABASICS Single Sign-On
To configure single sign-on on DATABASICS side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to DATABASICS support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to DATABASICS.
1. In the Azure portal, select Enterprise Applications, select All applications, then select DATABASICS.
2. In the applications list, select DATABASICS.
Create DATABASICS test user
In this section, you create a user called Britta Simon in DATABASICS. Work with DATABASICS support team to add
the users in the DATABASICS platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the DATABASICS tile in the Access Panel, you should be automatically signed in to the
DATABASICS for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Datahug
In this tutorial, you learn how to integrate Datahug with Azure Active Directory (Azure AD ). Integrating Datahug
You can control in Azure AD who has access to Datahug.
You can enable your users to be automatically signed-in to Datahug (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Datahug, you need the following items:
Datahug single sign-on enabled subscription
Datahug supports SP and IDP initiated SSO
Adding Datahug from the gallery

To configure the integration of Datahug into Azure AD, you need to add Datahug from the gallery to your list of
managed SaaS apps.
To add Datahug from the gallery, perform the following steps:
4. In the search box, type Datahug, select Datahug from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Datahug based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Datahug
To configure and test Azure AD single sign-on with Datahug, you need to complete the following building blocks:
2. Configure Datahug Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Datahug test user - to have a counterpart of Britta Simon in Datahug that is linked to the Azure AD
To configure Azure AD single sign-on with Datahug, perform the following steps:
1. In the Azure portal, on the Datahug application integration page, select Single sign-on.
dialog.
https://apps.datahug.com/identity/<uniqueID>
https://apps.datahug.com/identity/<uniqueID>/acs
initiated mode:
In the Sign-on URL text box, type a URL: https://apps.datahug.com/
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact Datahug Client
perform the following steps.
a. Select Sign SAML assertion from the Signing Option.
b. Select SHA -1 from the Signing Algorithm.
c. Click Save
8. On the Set up Datahug section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Datahug Single Sign-On
To configure single sign-on on Datahug side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to Datahug support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Datahug.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Datahug.
2. In the applications list, select Datahug.
Create Datahug test user
To enable Azure AD users to sign in to Datahug, they must be provisioned into Datahug.
When Datahug, provisioning is a manual task.
1. Sign in to your Datahug company site as an administrator.
2. Hover over the cog in the top right-hand corner and click Settings
3. Choose People and click the Add Users tab
4. Type the email of the person you would like to create an account for and click Add.
NOTE
You can send registration mail to user by selecting Send welcome email checkbox. If you are creating an account for
Salesforce do not send the welcome email.
Test single sign-on

When you click the Datahug tile in the Access Panel, you should be automatically signed in to the Datahug for
Dealpath
In this tutorial, you learn how to integrate Dealpath with Azure Active Directory (Azure AD ). Integrating Dealpath
You can control in Azure AD who has access to Dealpath.
You can enable your users to be automatically signed-in to Dealpath (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Dealpath, you need the following items:
Dealpath single sign-on enabled subscription
Dealpath supports SP initiated SSO
Adding Dealpath from the gallery

To configure the integration of Dealpath into Azure AD, you need to add Dealpath from the gallery to your list of
managed SaaS apps.
To add Dealpath from the gallery, perform the following steps:
4. In the search box, type Dealpath, select Dealpath from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Dealpath based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Dealpath
To configure and test Azure AD single sign-on with Dealpath, you need to complete the following building blocks:
2. Configure Dealpath Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Dealpath test user - to have a counterpart of Britta Simon in Dealpath that is linked to the Azure AD
To configure Azure AD single sign-on with Dealpath, perform the following steps:
1. In the Azure portal, on the Dealpath application integration page, select Single sign-on.
dialog.

a. In the Sign on URL text box, type a URL: https://app.dealpath.com/account/login
https://api.dealpath.com/saml/metadata/<ID>
NOTE
The Identifier value is not real. Update the value with the actual Identifier. Contact Dealpath Client support team to
get these values. You can also refer to the patterns shown in the Basic SAML Configuration section in the Azure
portal.
6. On the Set up Dealpath section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Dealpath Single Sign-On
1. In a different web browser window, sign in to Dealpath as an Administrator.
2. In the top right, click Admin Tools and navigate to Integrations, then in SAML 2.0 Authentication
section click Update Settings:
3. In the Set up SAML 2.0 authentication page, perform the following steps:
a. In the SAML SSO URL textbox, paste the value of Login URL, which you have copied from Azure portal.
b. In the Identity Provider Issuer textbox, paste the value of Azure Ad Identifier, which you have copied
from Azure portal.
c. Copy the content of the downloaded certificate(Base64) file in notepad, and then paste it into the Public
d. Click Update settings.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Dealpath.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Dealpath.
2. In the applications list, select Dealpath.
Create Dealpath test user
In this section, you create a user called Britta Simon in Dealpath. Work with Dealpath Client support team to add
the users in the Dealpath platform. Users must be created and activated before you use single sign-on
Test single sign-on
When you click the Dealpath tile in the Access Panel, you should be automatically signed in to the Dealpath for
Degreed
In this tutorial, you learn how to integrate Degreed with Azure Active Directory (Azure AD ). Integrating Degreed
You can control in Azure AD who has access to Degreed.
You can enable your users to be automatically signed-in to Degreed (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Degreed, you need the following items:
Degreed single sign-on enabled subscription
Degreed supports SP initiated SSO
Degreed supports Just In Time user provisioning
Adding Degreed from the gallery

To configure the integration of Degreed into Azure AD, you need to add Degreed from the gallery to your list of
managed SaaS apps.
To add Degreed from the gallery, perform the following steps:
4. In the search box, type Degreed, select Degreed from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Degreed based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Degreed
To configure and test Azure AD single sign-on with Degreed, you need to complete the following building blocks:
2. Configure Degreed Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Degreed test user - to have a counterpart of Britta Simon in Degreed that is linked to the Azure AD
To configure Azure AD single sign-on with Degreed, perform the following steps:
1. In the Azure portal, on the Degreed application integration page, select Single sign-on.
dialog.

https://degreed.com/?orgsso=<company code>
https://degreed.com/<instancename>
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Degreed Client
6. On the Set up Degreed section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Degreed Single Sign-On
To configure single sign-on on Degreed side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to Degreed support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Degreed.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Degreed.
2. In the applications list, select Degreed.
Create Degreed test user
The objective of this section is to create a user called Britta Simon in Degreed. Degreed supports just-in-time
There is no action item for you in this section. A new user is created during an attempt to access Degreed if it
doesn't exist yet.
NOTE
If you need to create a user manually, you need to contact the Degreed support team.
Test single sign-on

When you click the Degreed tile in the Access Panel, you should be automatically signed in to the Degreed for
Deputy
In this tutorial, you learn how to integrate Deputy with Azure Active Directory (Azure AD ). Integrating Deputy with
You can control in Azure AD who has access to Deputy.
You can enable your users to be automatically signed-in to Deputy (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Deputy, you need the following items:
Deputy single sign-on enabled subscription
Deputy supports SP and IDP initiated SSO
Adding Deputy from the gallery

To configure the integration of Deputy into Azure AD, you need to add Deputy from the gallery to your list of
managed SaaS apps.
To add Deputy from the gallery, perform the following steps:
4. In the search box, type Deputy, select Deputy from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Deputy based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Deputy
To configure and test Azure AD single sign-on with Deputy, you need to complete the following building blocks:
2. Configure Deputy Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Deputy test user - to have a counterpart of Britta Simon in Deputy that is linked to the Azure AD
To configure Azure AD single sign-on with Deputy, perform the following steps:
1. In the Azure portal, on the Deputy application integration page, select Single sign-on.
dialog.
https://<subdomain>.<region>.au.deputy.com
https://<subdomain>.<region>.ent-au.deputy.com
https://<subdomain>.<region>.na.deputy.com
https://<subdomain>.<region>.ent-na.deputy.com
https://<subdomain>.<region>.eu.deputy.com
https://<subdomain>.<region>.ent-eu.deputy.com
https://<subdomain>.<region>.as.deputy.com
https://<subdomain>.<region>.ent-as.deputy.com
https://<subdomain>.<region>.la.deputy.com
https://<subdomain>.<region>.ent-la.deputy.com
https://<subdomain>.<region>.af.deputy.com
https://<subdomain>.<region>.ent-af.deputy.com
https://<subdomain>.<region>.an.deputy.com
https://<subdomain>.<region>.ent-an.deputy.com
https://<subdomain>.<region>.deputy.com
https://<subdomain>.<region>.au.deputy.com/exec/devapp/samlacs
https://<subdomain>.<region>.ent-au.deputy.com/exec/devapp/samlacs
https://<subdomain>.<region>.na.deputy.com/exec/devapp/samlacs
https://<subdomain>.<region>.ent-na.deputy.com/exec/devapp/samlacs
https://<subdomain>.<region>.eu.deputy.com/exec/devapp/samlacs
https://<subdomain>.<region>.ent-eu.deputy.com/exec/devapp/samlacs
https://<subdomain>.<region>.as.deputy.com/exec/devapp/samlacs.
https://<subdomain>.<region>.ent-as.deputy.com/exec/devapp/samlacs
https://<subdomain>.<region>.la.deputy.com/exec/devapp/samlacs
https://<subdomain>.<region>.ent-la.deputy.com/exec/devapp/samlacs
https://<subdomain>.<region>.af.deputy.com/exec/devapp/samlacs
https://<subdomain>.<region>.ent-af.deputy.com/exec/devapp/samlacs
https://<subdomain>.<region>.an.deputy.com/exec/devapp/samlacs
https://<subdomain>.<region>.ent-an.deputy.com/exec/devapp/samlacs
https://<subdomain>.<region>.deputy.com/exec/devapp/samlacs
initiated mode:
https://<your-subdomain>.<region>.deputy.com
NOTE
Deputy region suffix is optional, or it should use one of these: au | na | eu |as |la |af |an |ent-au |ent-na |ent-eu |ent-as |
ent-la | ent-af | ent-an
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact Deputy
7. On the Set up Deputy section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Deputy Single Sign-On
1. Navigate to the following URL:https://(your-subdomain).deputy.com/exec/config/system_config. Go to
Security Settings and click Edit.
2. On this Security Settings page, perform below steps.
a. Enable Social Login.

b. Open your Base64 encoded certificate downloaded from Azure portal in notepad, copy the content of it
into your clipboard, and then paste it to the OpenSSL Certificate textbox.
c. In the SAML SSO URL textbox, type
https://<your subdomain>.deputy.com/exec/devapp/samlacs?dpLoginTo=<saml sso url>
d. In the SAML SSO URL textbox, replace <your subdomain> with your subdomain.
e. In the SAML SSO URL textbox, replace <saml sso url> with the Login URL you have copied from the
Azure portal.
f. Click Save Settings.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Deputy.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Deputy.
2. In the applications list, select Deputy.
Create Deputy test user
To enable Azure AD users to log in to Deputy, they must be provisioned into Deputy. In case of Deputy,
1. Log in to your Deputy company site as an administrator.
2. On the top navigation pane, click People.
3. Click the Add People button and click Add a single person.
4. Perform the following steps and click Save & Invite.

a. In the Name textbox, type name of the user like BrittaSimon.
b. In the Email textbox, type the email address of an Azure AD account you want to provision.
c. In the Work at textbox, type the business name.
d. Click Save & Invite button.
5. The Azure AD account holder receives an email and follows a link to confirm their account before it
becomes active. You can use any other Deputy user account creation tools or APIs provided by Deputy to
Test single sign-on
When you click the Deputy tile in the Access Panel, you should be automatically signed in to the Deputy for which
Tutorial: Integrate Deskradar with Azure Active
Directory
In this tutorial, you'll learn how to integrate Deskradar with Azure Active Directory (Azure AD ). When you
integrate Deskradar with Azure AD, you can:
Control in Azure AD who has access to Deskradar.
Enable your users to be automatically signed-in to Deskradar with their Azure AD accounts.
Prerequisites
Deskradar single sign-on (SSO ) enabled subscription.
In this tutorial, you configure and test Azure AD SSO in a test environment. Deskradar supports SP and IDP
initiated SSO.
Adding Deskradar from the gallery

To configure the integration of Deskradar into Azure AD, you need to add Deskradar from the gallery to your list
5. In the Add from the gallery section, type Deskradar in the search box.
6. Select Deskradar from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.

Configure and test Azure AD SSO with Deskradar using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Deskradar.
To configure and test Azure AD SSO with Deskradar, complete the following building blocks:
2. Configure Deskradar SSO - to configure the Single Sign-On settings on application side.
5. Create Deskradar test user - to have a counterpart of Britta Simon in Deskradar that is linked to the Azure
1. In the Azure portal, on the Deskradar application integration page, find the Manage section and select
Single sign-on.
a. In the Identifier text box, type a URL using the following pattern: https://YOURDOMAIN.deskradar.cloud
https://YOURDOMAIN.deskradar.cloud/auth/sso/saml/consume
initiated mode:
https://YOURDOMAIN.deskradar.cloud/auth/sso/saml/login
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Replace
YOURDOMAIN with your Deskradar instance domain. Contact Deskradar Client support team to get these values.
You can also refer to the patterns shown in the Basic SAML Configuration section in the Azure portal.
6. Deskradar application expects the SAML assertions in a specific format. Configure the following claims for
Email user.userprincipalname
f. Click Ok.
g. Click Save.
9. On the Set up Deskradar section, copy the appropriate URL (s) based on your requirement.
Configure Deskradar SSO

1. To automate the configuration within Deskradar, you need to install My Apps Secure Sign-in browser
2. After adding extension to the browser, click on Setup Deskradar will direct you to the Deskradar
application. From there, provide the admin credentials to sign into Deskradar. The browser extension will
3. If you want to setup Deskradar manually, open a new web browser window and sign into your Deskradar
4. Open Team panel by clicking the icon in the Sidebar.
5. Switch to Authentication tab.
6. On the SAML 2.0 tab, perform the following steps:
a. Enable SAML authentication method.

b. In the SAML SSO URL textbox, enter the Login URL value, which you have copied from the Azure
portal.
c. In the Identity Provider Issuer textbox, enter the Azure AD Identifier value, which you have copied
7. Open the downloaded Certificate (Base64) file with a text editor and copy and paste its content into
Public Certificate field in Deskradar.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Deskradar.
2. In the applications list, select Deskradar.
Create Deskradar test user
In this section, you create a user called Britta Simon in Deskradar. Work with Deskradar Client support team to
add the users in the Deskradar platform. Users must be created and activated before you use single sign-on.
Test SSO
When you select the Deskradar tile in the Access Panel, you should be automatically signed in to the Deskradar for
DigiCert
In this tutorial, you learn how to integrate DigiCert with Azure Active Directory (Azure AD ). Integrating DigiCert
You can control in Azure AD who has access to DigiCert.
You can enable your users to be automatically signed-in to DigiCert (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with DigiCert, you need the following items:
DigiCert single sign-on enabled subscription
DigiCert supports IDP initiated SSO
Adding DigiCert from the gallery

To configure the integration of DigiCert into Azure AD, you need to add DigiCert from the gallery to your list of
managed SaaS apps.
To add DigiCert from the gallery, perform the following steps:
4. In the search box, type DigiCert, select DigiCert from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with DigiCert based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in DigiCert
To configure and test Azure AD single sign-on with DigiCert, you need to complete the following building blocks:
2. Configure DigiCert Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create DigiCert test user - to have a counterpart of Britta Simon in DigiCert that is linked to the Azure AD
To configure Azure AD single sign-on with DigiCert, perform the following steps:
1. In the Azure portal, on the DigiCert application integration page, select Single sign-on.
dialog.

In the Identifier text box, type a URL: https://www.digicert.com/sso
5. DigiCert application expects the SAML assertions in a specific format. Configure the following claims for
nameidentifier user.userprincipalname
company < companycode >
digicertrole CanAccessCertCentral
NOTE
The value of company attribute is not real. Update this value with actual company code. To get the value of
company attribute contact DigiCert support team.
f. Click Ok
g. Click Save.
8. On the Set up DigiCert section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure DigiCert Single Sign-On
To configure single sign-on on DigiCert side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to DigiCert support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to DigiCert.
1. In the Azure portal, select Enterprise Applications, select All applications, then select DigiCert.
2. In the applications list, select DigiCert.
Create DigiCert test user
In this section, you create a user called Britta Simon in DigiCert. Work with DigiCert support team to add the users
in the DigiCert platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the DigiCert tile in the Access Panel, you should be automatically signed in to the DigiCert for
Tutorial: Azure Active Directory integration with direct
In this tutorial, you learn how to integrate direct with Azure Active Directory (Azure AD ). Integrating direct with
You can control in Azure AD who has access to direct.
You can enable your users to be automatically signed-in to direct (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with direct, you need the following items:
direct single sign-on enabled subscription
direct supports SP and IDP initiated SSO
Adding direct from the gallery

To configure the integration of direct into Azure AD, you need to add direct from the gallery to your list of
managed SaaS apps.
To add direct from the gallery, perform the following steps:
4. In the search box, type direct, select direct from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with direct based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in direct
To configure and test Azure AD single sign-on with direct, you need to complete the following building blocks:
2. Configure direct Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create direct test user - to have a counterpart of Britta Simon in direct that is linked to the Azure AD
To configure Azure AD single sign-on with direct, perform the following steps:
1. In the Azure portal, on the direct application integration page, select Single sign-on.
dialog.
In the Identifier text box, type a URL: https://direct4b.com/
initiated mode:
In the Sign-on URL text box, type a URL: https://direct4b.com/sso
7. On the Set up direct section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure direct Single Sign-On
To configure single sign-on on direct side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to direct support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to direct.
1. In the Azure portal, select Enterprise Applications, select All applications, then select direct.
2. In the applications list, select direct.
Create direct test user
In this section, you create a user called Britta Simon in direct. Work with direct support team to add the users in the
direct platform. Users must be created and activated before you use single sign-on.
Test single sign-on
1. If you wish to test in IDP Initiated Mode:
When you click the direct tile in the Access Panel, you should get automatically signed-on to your direct
application.
2. If you wish to test in SP Initiated Mode:
a. Click on the direct tile in the Access Panel and you will be redirected to the application sign-on page.
b. Input your subdomain in the textbox displayed and press '次へ (Next)' and you should get automatically
signed-on to your direct application .
When you click the direct tile in the Access Panel, you should be automatically signed in to the direct for which you
Directions on Microsoft
In this tutorial, you learn how to integrate Directions on Microsoft with Azure Active Directory (Azure AD ).
Integrating Directions on Microsoft with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Directions on Microsoft.
You can enable your users to be automatically signed-in to Directions on Microsoft (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Directions on Microsoft, you need the following items:
Directions on Microsoft single sign-on enabled subscription
Directions on Microsoft supports SP initiated SSO
Adding Directions on Microsoft from the gallery

To configure the integration of Directions on Microsoft into Azure AD, you need to add Directions on Microsoft
To add Directions on Microsoft from the gallery, perform the following steps:
4. In the search box, type Directions on Microsoft, select Directions on Microsoft from result panel then

In this section, you configure and test Azure AD single sign-on with Directions on Microsoft based on a test user
in Directions on Microsoft needs to be established.
To configure and test Azure AD single sign-on with Directions on Microsoft, you need to complete the following
building blocks:
2. Configure Directions on Microsoft Single Sign-On - to configure the Single Sign-On settings on
application side.
5. Create Directions on Microsoft test user - to have a counterpart of Britta Simon in Directions on Microsoft
To configure Azure AD single sign-on with Directions on Microsoft, perform the following steps:
1. In the Azure portal, on the Directions on Microsoft application integration page, select Single sign-on.
dialog.

https://www.directionsonmicrosoft.com/user/login
https://<subdomain>.devcloud.acquia-sites.com/<companyname>
https://rhelmdirectionsonmicrosoftcomtest.devcloud.acquia-sites.com/simplesaml/<companyname>
https://www.directionsonmicrosoft.com/simplesaml/<companyname>
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Directions on
Microsoft Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
6. On the Set up Directions on Microsoft section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Directions on Microsoft Single Sign-On
To configure single sign-on on Directions on Microsoft side, you need to send the downloaded Metadata XML
to Directions on Microsoft support team. To enable the Directions on Microsoft support team to locate your
federated site membership, include your company information in your email.
NOTE
Single sign-on for Directions on Microsoft needs to be enabled by the Directions on Microsoft Client support team. You will
receive a notification when single sign-on has been enabled.


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Directions on Microsoft.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Directions on
Microsoft.
2. In the applications list, select Directions on Microsoft.

Create Directions on Microsoft test user
There is no action item for you to configure user provisioning to Directions on Microsoft.
When an assigned user tries to log in to Directions on Microsoft using the access panel, Directions on Microsoft
checks whether the user exists. If there is no user account available yet, it is automatically created by Directions on
Microsoft.
Test single sign-on
When you click the Directions on Microsoft tile in the Access Panel, you should be automatically signed in to the
Directions on Microsoft for which you set up SSO. For more information about the Access Panel, see Introduction
integration with Discovery Benefits SSO
In this tutorial, you'll learn how to integrate Discovery Benefits SSO with Azure Active Directory (Azure AD ). When
you integrate Discovery Benefits SSO with Azure AD, you can:
Control in Azure AD who has access to Discovery Benefits SSO.
Enable your users to be automatically signed-in to Discovery Benefits SSO with their Azure AD accounts.
Prerequisites
Discovery Benefits SSO single sign-on (SSO ) enabled subscription.
Discovery Benefits SSO supports IDP initiated SSO
NOTE
Adding Discovery Benefits SSO from the gallery

To configure the integration of Discovery Benefits SSO into Azure AD, you need to add Discovery Benefits SSO
5. In the Add from the gallery section, type Discovery Benefits SSO in the search box.
6. Select Discovery Benefits SSO from results panel and then add the app. Wait a few seconds while the app is
Configure and test Azure AD single sign-on for Discovery Benefits SSO
Configure and test Azure AD SSO with Discovery Benefits SSO using a test user called B.Simon. For SSO to
work, you need to establish a link relationship between an Azure AD user and the related user in Discovery
Benefits SSO.
To configure and test Azure AD SSO with Discovery Benefits SSO, complete the following building blocks:
2. Configure Discovery Benefits SSO SSO - to configure the single sign-on settings on application side.
a. Create Discovery Benefits SSO test user - to have a counterpart of B.Simon in Discovery Benefits
SSO that is linked to the Azure AD representation of user.

1. In the Azure portal, on the Discovery Benefits SSO application integration page, find the Manage section
edit the settings.
the Save button.
5. Discovery Benefits SSO application expects the SAML assertions in a specific format, which requires you to
a. Click on Edit icon to open the Unique User Identifier (Name ID ) dialog.
b. Click on Edit icon to open the Manage transformation dialog.
c. In the Transformation textbox, type the ToUppercase() shown for that row.
d. In the Parameter 1 textbox, type the parameter like <Name Identifier value> .
e. Click Add.
NOTE
Discovery Benefits SSO requires a fixed string value to be passed in Unique User Identifier (Name ID) field to get
this integration working. Azure AD currently doesn't support this feature so as a work around, you can use ToUpper
or ToLower transformations of NameID to set a fixed string value as shown above in the screenshot.
f. We have auto-populated the additional claims which are required for SSO configuration ( SSOInstance and
SSOID ). Use the Edit icon to map the values as per your organization.
7. On the Set up Discovery Benefits SSO section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Discovery Benefits SSO.
2. In the applications list, select Discovery Benefits SSO.
Configure Discovery Benefits SSO SSO

To configure single sign-on on Discovery Benefits SSO side, you need to send the downloaded Certificate
(Base64) and appropriate copied URLs from Azure portal to Discovery Benefits SSO support team. They set this
Create Discovery Benefits SSO test user
In this section, you create a user called Britta Simon in Discovery Benefits SSO. Work with Discovery Benefits SSO
support team to add the users in the Discovery Benefits SSO platform. Users must be created and activated before
Test SSO
When you click the Discovery Benefits SSO tile in the Access Panel, you should be automatically signed in to the
Discovery Benefits SSO for which you set up SSO. For more information about the Access Panel, see Introduction
Try Discovery Benefits SSO with Azure AD
Tutorial: Integrate Displayr with Azure Active
Directory
In this tutorial, you'll learn how to integrate Displayr with Azure Active Directory (Azure AD ). When you integrate
Displayr with Azure AD, you can:
Control in Azure AD who has access to Displayr.
Enable your users to be automatically signed-in to Displayr with their Azure AD accounts.
Prerequisites
Displayr single sign-on (SSO ) enabled subscription.
In this tutorial, you configure and test Azure AD SSO in a test environment. Displayr supports SP initiated SSO.
Adding Displayr from the gallery

To configure the integration of Displayr into Azure AD, you need to add Displayr from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Displayr in the search box.
6. Select Displayr from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.

Configure and test Azure AD SSO with Displayr using a test user called Britta Simon. For SSO to work, you need
to establish a link relationship between an Azure AD user and the related user in Displayr.
To configure and test Azure AD SSO with Displayr, complete the following building blocks:
2. Configure Displayr to configure the SSO settings on application side.
5. Create Displayr test user to have a counterpart of Britta Simon in Displayr that is linked to the Azure AD
1. In the Azure portal, on the Displayr application integration page, find the Manage section and select
Single sign-on.
3. On the Set-up Single Sign-On with SAML page, click the edit/pen icon for Basic SAML Configuration

a. In the Sign-on URL text box, type a URL using the following pattern: https://<YOURDOMAIN>.displayr.com
b. In the Identifier (Entity ID ) text box, type a URL using the following pattern: <YOURDOMAIN>.displayr.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Displayr Client
support team to get these values. You can also refer to the patterns shown in the Basic SAML Configuration section
in the Azure portal.
5. On the Set-up Single Sign-On with SAML page, in the SAML Signing Certificate section, find
6. Displayr application expects the SAML assertions in a specific format, which requires you to add custom
7. In addition to above, Displayr application expects few more attributes to be passed back in SAML response.
In the User Attributes & Claims section on the Group Claims (Preview) dialog, perform the following
steps:

d. Check Customize the name of the group claim.
e. Check Emit groups as role claims.
f. Click Save.
8. On the Set-up Displayr section, copy the appropriate URL (s) based on your requirement.
Configure Displayr
1. To automate the configuration within Displayr, you need to install My Apps Secure Sign-in browser
2. After adding extension to the browser, click on Setup Displayr will direct you to the Displayr application.
From there, provide the admin credentials to sign into Displayr. The browser extension will automatically
3. If you want to set up Displayr manually, open a new web browser window and sign into your Displayr
4. Click on Settings then navigate to Account.
5. Switch to Settings from the top menu and scroll down the page for clicking Configure Single Sign On
(SAML ).
6. On the Single Sign On (SAML ) page, perform the following steps:
a. Check the Enable Single Sign On (SAML ) box.

b. Copy the actual Identifier value from the Basic SAML Configuration section of Azure AD and paste it
into the Issuer text box.
c. In the Login URL text box, paste the value of Login URL, which you have copied from Azure portal.
d. In the Logout URL text box, paste the value of Logout URL, which you have copied from Azure portal.
e. Open the Certificate (Base64) in Notepad, copy its content and paste it into the Certificate text box.
f. Group mappings are optional.
g. Click Save.
.
box.
d. Click Create.
In this section, you'll enable Britta Simon to use Azure single sign-on by granting access to Displayr.
2. In the applications list, select Displayr.
Create Displayr test user
To enable Azure AD users, sign in to Displayr, they must be provisioned into Displayr. In Displayr, provisioning is a
manual task.
1. Sign in to Displayr as an Administrator.
2. Click on Settings then navigate to Account.
3. Switch to Settings from the top menu and scroll down the page, until Users section then click on New
User.
4. On the New User page, perform the following steps:
a. In Name text box, enter the name of user like Brittasimon.

b. In Email text box, enter the email of user like Brittasimon@contoso.com .
c. Select your appropriate Group membership.
d. Click Save.
Test SSO
When you select the Displayr tile in the Access Panel, you should be automatically signed in to the Displayr for
Tutorial: Integrate dmarcian with Azure Active
Directory
In this tutorial, you'll learn how to integrate dmarcian with Azure Active Directory (Azure AD ). When you integrate
dmarcian with Azure AD, you can:
Control in Azure AD who has access to dmarcian.
Enable your users to be automatically signed-in to dmarcian with their Azure AD accounts.
Prerequisites
dmarcian single sign-on (SSO ) enabled subscription.
dmarcian supports SP and IDP initiated SSO
Adding dmarcian from the gallery

To configure the integration of dmarcian into Azure AD, you need to add dmarcian from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type dmarcian in the search box.
6. Select dmarcian from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.

Configure and test Azure AD SSO with dmarcian using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in dmarcian.
To configure and test Azure AD SSO with dmarcian, complete the following building blocks:
2. Configure dmarcian SSO - to configure the Single Sign-On settings on application side.
5. Create dmarcian test user - to have a counterpart of B.Simon in dmarcian that is linked to the Azure AD
1. In the Azure portal, on the dmarcian application integration page, find the Manage section and select
Single sign-on.
https://us.dmarcian.com/sso/saml/<ACCOUNT_ID>/sp.xml
https://dmarcian-eu.com/sso/saml/<ACCOUNT_ID>/sp.xml
https://dmarcian-ap.com/sso/saml/<ACCOUNT_ID>/sp.xml
https://us.dmarcian.com/login/<ACCOUNT_ID>/handle/
https://dmarcian-eu.com/login/<ACCOUNT_ID>/handle/
https://dmarcian-ap.com/login/<ACCOUNT_ID>/handle/
initiated mode:
https://us.dmarcian.com/login/<ACCOUNT_ID>
https://dmarcian-eu.com/login/<ACCOUNT_ID>
https://dmarciam-ap.com/login/<ACCOUNT_ID>
NOTE
These values are not real. You will update these values with the actual Identifier, Reply URL and Sign-On URL which is
Configure dmarcian SSO

1. To automate the configuration within dmarcian, you need to install My Apps Secure Sign-in browser
2. After adding extension to the browser, click on Setup dmarcian will direct you to the dmarcian application.
From there, provide the admin credentials to sign into dmarcian. The browser extension will automatically
3. If you want to setup dmarcian manually, open a new web browser window and sign into your dmarcian
4. Click on Profile on the top-right corner and navigate to Preferences.
5. Scroll down and click on Single Sign-On section, then click on Configure.
6. On the SAML Single Sign-On page set the Status as Enabled and perform the following steps:
Under Add dmarcian to your Identity Provider section, click COPY to copy the Assertion
Consumer Service URL for your instance and paste it in Reply URL textbox in Basic SAML
Under Add dmarcian to your Identity Provider section, click COPY to copy the Entity ID for
your instance and paste it in Identifier textbox in Basic SAML Configuration section on Azure
portal.
Under Set up Authentication section, in the Identity Provider Metadata textbox paste the App
Federation Metadata Url, which you have copied from Azure portal.
Under Set up Authentication section, in the Attribute Statements textbox paste the url
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
Under Set up Login URL section, copy the Login URL for your instance and paste it in Sign-on
URL textbox in Basic SAML Configuration section on Azure portal.
NOTE
You can modify the Login URL according to your organization.
Click Save.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to dmarcian.
2. In the applications list, select dmarcian.
Create dmarcian test user
To enable Azure AD users to sign in to dmarcian, they must be provisioned into dmarcian. In dmarcian,
1. Sign in to dmarcian as a Security Administrator.
2. Click on Profile on the top right-corner and navigate to Manage Users.
3. On the right side of SSO Users section, click on Add New User.
4. On the Add New User popup, perform the following steps:

a. In the New User Email textbox, enter the email of user like brittasimon@contoso.com.
b. If you want to give admin rights to the user, select Make User an Admin.
c. Click Add User.
Test SSO
When you click the dmarcian tile in the Access Panel, you should be automatically signed in to the dmarcian for
integration with DocuSign
In this tutorial, you'll learn how to integrate DocuSign with Microsoft Azure Active Directory (Azure AD ). When
you integrate DocuSign with Azure AD, you can:
Use Azure AD to control who has access to DocuSign.
Enable automatic sign-in to DocuSign for your users through their Azure AD accounts.
Manage your accounts in one central location: the Azure portal.
To learn more about software as a service (SaaS ) app integration with Azure AD, see Single sign-on to applications
in Azure AD.
Prerequisites
A DocuSign subscription that's single sign-on (SSO ) enabled.
In this tutorial, you'll configure and test Azure AD SSO in a test environment to verify that:
DocuSign supports service provider (SP )-initiated SSO.
DocuSign supports just-in-time user provisioning.
DocuSign supports automatic user provisioning.
Adding DocuSign from the gallery

To configure the integration of DocuSign into Azure AD, you must add DocuSign from the gallery to your list of
managed SaaS apps:
1. Sign in to the Azure portal by using a work or school account, or by using a personal Microsoft account.
2. In the navigation pane on the left, select the Azure Active Directory service.
3. Go to Enterprise Applications and then select All Applications.
5. In the Add from the gallery section, type DocuSign in the search box.
6. Select DocuSign from the results panel and then add the app. Wait a few seconds while the app is added to
your tenant.
Configure and test Azure AD single sign-on for DocuSign

Configure and test Azure AD SSO with DocuSign by using a test user named B.Simon. For SSO to work, you
must establish a link relationship between an Azure AD user and the corresponding user in DocuSign.
To configure and test Azure AD SSO with DocuSign, complete the following building blocks:
1. Configure Azure AD SSO so that your users can use this feature.
2. Configure DocuSign SSO to configure the single sign-on settings on the application side.
3. Create a DocuSign test user to generate a counterpart of B.Simon in DocuSign that's linked to the Azure AD
representation of the user.
4. Test SSO to verify that the configuration works.

To enable Azure AD SSO in the Azure portal, follow these steps:
1. In the Azure portal, on the DocuSign application integration page, find the Manage section, and then
3. On the Set up single sign-on with SAML page, select the pen icon for Basic SAML Configuration to
edit the settings.
4. In the Basic SAML Configuration section, follow these steps:

a. In the Sign on URL box, enter a URL using the following pattern:
https://<subdomain>.docusign.com/organizations/<OrganizationID>/saml2/login/sp/<IDPID>
b. In the Identifier (Entity ID ) box, enter a URL using the following pattern:
https://<subdomain>.docusign.com/organizations/<OrganizationID>/saml2
NOTE
These bracketed values are placeholders. Replace them with the values in the actual sign-on URL and Identifier. These
details are explained in the "View SAML 2.0 Endpoints" section later in this tutorial.
Certificate (Base64). Select Download to download the certificate and save it on your computer.
6. In the Set up DocuSign section, copy the appropriate URL (or URLs) based on your requirements.

In this section, you'll create a test user named B.Simon in the Azure portal.
1. In the left pane of the Azure portal, select Azure Active Directory, select Users, and then select All users.
2. At the top of the screen, select New user.
a. In the Name field, enter B.Simon.
b. In the User name field, enter <username>@<companydomain>.<extension> . For example:
c. Select the Show password check box, and then make note of the value that's displayed in the Password
box.
d. Select Create.
In this section, you'll grant B.Simon access to DocuSign so that this user can use Azure single sign-on.
2. In the applications list, select DocuSign.
3. On the app's overview page, find the Manage section and select Users and groups.
4. Select Add user, and then in the Add Assignment dialog box, select Users and groups.
5. In the Users and groups dialog box, select B.Simon from the Users list, and then press the Select button
role for the user from the list and then press the Select button at the bottom of the screen.
Configure DocuSign SSO

1. To automate the configuration in DocuSign, you must install the My Apps Secure Sign-in browser extension
by selecting Install the extension.
2. After you add the extension to the browser, select Setup DocuSign. You're directed to the DocuSign
application. From there, provide the admin credentials to sign in to DocuSign. The browser extension
automatically configures the application and automates steps 3 through 5.
3. If you want to set up DocuSign manually, open a new web browser window and sign in to your DocuSign
company site as an administrator.
4. In the upper-right corner of the page, select the profile logo, and then select Go to Admin.
5. On your domain solutions page, select Domains.

6. In the Domains section, select CLAIM DOMAIN.
7. In the Claim a Domain dialog box, in the Domain Name box, type your company domain, and then select
CLAIM. Make sure you verify the domain and that its status is active.
8. On the domain solutions page, select Identity Providers.
9. In the Identity Providers section, select ADD IDENTITY PROVIDER.

10. On the Identity Provider Settings page, follow these steps:
a. In the Name box, type a unique name for your configuration. Don't use spaces.
b. In the Identity Provider Issuer box, paste the Azure AD Identifier value, which you copied from the
Azure portal.
c. In the Identity Provider Login URL box, paste the Login URL value, which you copied from Azure
portal.
d. In the Identity Provider Logout URL box, paste the value of Logout URL, which you copied from
Azure portal.
e. Select Sign AuthN request.
f. For Send AuthN request by, select POST.
g. For Send logout request by, select GET.
h. In the Custom Attribute Mapping section, select ADD NEW MAPPING.
i. Choose the field you want to map to the Azure AD claim. In this example, the emailaddress claim is
mapped with the value of http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress . That's the
default claim name from Azure AD for the email claim. Select SAVE.
NOTE
Use the appropriate User identifier to map the user from Azure AD to DocuSign user mapping. Select the proper
field, and enter the appropriate value based on your organization settings.
j. In the Identity Provider Certificates section, select ADD CERTIFICATE, upload the certificate you
downloaded from Azure AD portal, and select SAVE.
k. In the Identity Providers section, select ACTIONS, and then select Endpoints.
l. In the View SAML 2.0 Endpoints section of the DocuSign admin portal, follow these steps:
a. Copy the Service Provider Issuer URL, and then paste it into the Identifier box in Basic SAML
b. Copy the Service Provider Login URL, and then paste it into the Sign On URL box in Basic
c. Select Close.
Create DocuSign test user

In this section, a user named B.Simon is created in DocuSign. DocuSign supports just-in-time user provisioning,
DocuSign, a new one is created after authentication.
NOTE
If you need to create a user manually, contact the DocuSign support team.
Test SSO
In this section, you test your Azure AD single sign-on configuration by using the Access Panel.
When you select the DocuSign tile in the Access Panel, you should be automatically signed in to the DocuSign
instance for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Tutorials about how to integrate SaaS apps with Azure AD
What is application access and single sign-on in Azure AD?
What is Conditional Access in Azure AD?
Try DocuSign with Azure AD
integration with Check Point CloudGuard Dome9 Arc
In this tutorial, you'll learn how to integrate Check Point CloudGuard Dome9 Arc with Azure Active Directory
(Azure AD ). When you integrate Check Point CloudGuard Dome9 Arc with Azure AD, you can:
Control in Azure AD who has access to Check Point CloudGuard Dome9 Arc.
Enable your users to be automatically signed-in to Check Point CloudGuard Dome9 Arc with their Azure AD
accounts.
Prerequisites
Check Point CloudGuard Dome9 Arc single sign-on (SSO ) enabled subscription.
Check Point CloudGuard Dome9 Arc supports SP and IDP initiated SSO
NOTE
Adding Check Point CloudGuard Dome9 Arc from the gallery

To configure the integration of Check Point CloudGuard Dome9 Arc into Azure AD, you need to add Check Point
CloudGuard Dome9 Arc from the gallery to your list of managed SaaS apps.
5. In the Add from the gallery section, type Check Point CloudGuard Dome9 Arc in the search box.
6. Select Check Point CloudGuard Dome9 Arc from results panel and then add the app. Wait a few seconds
Configure and test Azure AD single sign-on for Check Point

CloudGuard Dome9 Arc
Configure and test Azure AD SSO with Check Point CloudGuard Dome9 Arc using a test user called B.Simon. For
SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Check
Point CloudGuard Dome9 Arc.
To configure and test Azure AD SSO with Check Point CloudGuard Dome9 Arc, complete the following building
blocks:
2. Configure Check Point CloudGuard Dome9 Arc SSO - to configure the single sign-on settings on
application side.
a. Create Check Point CloudGuard Dome9 Arc test user - to have a counterpart of B.Simon in Check
Point CloudGuard Dome9 Arc that is linked to the Azure AD representation of user.

1. In the Azure portal, on the Check Point CloudGuard Dome9 Arc application integration page, find the
edit the settings.
a. In the Identifier text box, type a URL: https://secure.dome9.com/
https://secure.dome9.com/sso/saml/<yourcompanyname>
initiated mode:
https://secure.dome9.com/sso/saml/<yourcompanyname>
NOTE
These values are not real. Update these values with the actual Reply URL and Sign-on URL. You will get the
<company name> value from the Configure Check Point CloudGuard Dome9 Arc SSO section, which is explained
later in the tutorial. You can also refer to the patterns shown in the Basic SAML Configuration section in the Azure
portal.
6. Check Point CloudGuard Dome9 Arc application expects the SAML assertions in a specific format, which
7. In addition to above, Check Point CloudGuard Dome9 Arc application expects few more attributes to be
passed back in SAML response which are shown below. These attributes are also pre populated but you can
review them as per your requirement.
memberof user.assignedroles
NOTE
Click here to know how to create roles in Azure AD.
9. On the Set up Check Point CloudGuard Dome9 Arc section, copy the appropriate URL (s) based on your
requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Check Point CloudGuard
Dome9 Arc.
2. In the applications list, select Check Point CloudGuard Dome9 Arc.
Configure Check Point CloudGuard Dome9 Arc SSO

1. To automate the configuration within Check Point CloudGuard Dome9 Arc, you need to install My Apps
Secure Sign-in browser extension by clicking Install the extension.
2. After adding extension to the browser, click on Setup Check Point CloudGuard Dome9 Arc will direct
you to the Check Point CloudGuard Dome9 Arc application. From there, provide the admin credentials to
sign into Check Point CloudGuard Dome9 Arc. The browser extension will automatically configure the
application for you and automate steps 3-6.
3. If you want to setup Check Point CloudGuard Dome9 Arc manually, open a new web browser window and
sign into your Check Point CloudGuard Dome9 Arc company site as an administrator and perform the
following steps:
4. Click on the Profile Settings on the right top corner and then click Account Settings.
5. Navigate to SSO and then click ENABLE.

6. In the SSO Configuration section, perform the following steps:
a. Enter company name in the Account ID textbox. This value is to be used in the Reply and Sign on URL
mentioned in Basic SAML Configuration section of Azure portal.
b. In the Issuer textbox, paste the value of Azure AD Identifier, which you have copied form the Azure
portal.
c. In the Idp endpoint url textbox, paste the value of Login URL, which you have copied form the Azure
portal.
d. Open your downloaded Base64 encoded certificate in notepad, copy the content of it into your clipboard,
and then paste it to the X.509 certificate textbox.
e. Click Save.
Create Check Point CloudGuard Dome9 Arc test user
To enable Azure AD users to sign in to Check Point CloudGuard Dome9 Arc, they must be provisioned into
application. Check Point CloudGuard Dome9 Arc supports just-in-time provisioning but for that to work properly,
user have to select particular Role and assign the same to the user.
NOTE
For Role creation and other details contact Check Point CloudGuard Dome9 Arc Client support team.
To provision a user account manually, perform the following steps:

1. Sign in to your Check Point CloudGuard Dome9 Arc company site as an administrator.
2. Click on the Users & Roles and then click Users.
3. Click ADD USER.
4. In the Create User section, perform the following steps:
a. In the Email textbox, type the email of user like B.Simon@contoso.com.

b. In the First Name textbox, type first name of the user like B.
c. In the Last Name textbox, type last name of the user like Simon.
d. Make SSO User as On.
e. Click CREATE.
Test SSO
When you click the Check Point CloudGuard Dome9 Arc tile in the Access Panel, you should be automatically
signed in to the Check Point CloudGuard Dome9 Arc for which you set up SSO. For more information about the
Try Check Point CloudGuard Dome9 Arc with Azure AD
integration with Domo
In this tutorial, you'll learn how to integrate Domo with Azure Active Directory (Azure AD ). When you integrate
Domo with Azure AD, you can:
Control in Azure AD who has access to Domo.
Enable your users to be automatically signed-in to Domo with their Azure AD accounts.
Prerequisites
Domo single sign-on (SSO ) enabled subscription.
Domo supports SP initiated SSO
Domo supports Just In Time user provisioning
Adding Domo from the gallery

To configure the integration of Domo into Azure AD, you need to add Domo from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Domo in the search box.
6. Select Domo from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Domo

Configure and test Azure AD SSO with Domo using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Domo.
To configure and test Azure AD SSO with Domo, complete the following building blocks:
2. Configure Domo SSO - to configure the single sign-on settings on application side.
a. Create Domo test user - to have a counterpart of B.Simon in Domo that is linked to the Azure AD

1. In the Azure portal, on the Domo application integration page, find the Manage section and select single
sign-on.
edit the settings.
a. In the Sign on URL text box, type a URL using the following pattern: https://<companyname>.domo.com
https://<companyname>.domo.com
https://<companyname>.beta.domo.com
https://<companyname>.demo.domo.com
https://<companyname>.dev.domo.com
https://<companyname>.fastage1.domo.com
https://<companyname>.frdev.domo.com
https://<companyname>.gastage.domo.com
https://<companyname>.load.domo.com
https://<companyname>.local.domo.com
https://<companyname>.qa.domo.com
https://<companyname>.stage.domo.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Domo Client
6. On the Set up Domo section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Domo.
2. In the applications list, select Domo.
Configure Domo SSO

To configure single sign-on on Domo side, please navigate to Domo's Knowledge Base article found here, and
follow the instructions.
Create Domo test user
In this section, a user called B.Simon is created in Domo. Domo supports just-in-time user provisioning, which is
enabled by default. There is no action item for you in this section. If a user doesn't already exist in Domo, a new one
Test SSO
When you click the Domo tile in the Access Panel, you should be automatically signed in to the Domo for which
Try Domo with Azure AD
Dossier
In this tutorial, you learn how to integrate Dossier with Azure Active Directory (Azure AD ). Integrating Dossier with
You can control in Azure AD who has access to Dossier.
You can enable your users to be automatically signed-in to Dossier (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Dossier, you need the following items:
Dossier single sign-on enabled subscription
Dossier supports SP initiated SSO
Adding Dossier from the gallery

To configure the integration of Dossier into Azure AD, you need to add Dossier from the gallery to your list of
managed SaaS apps.
To add Dossier from the gallery, perform the following steps:
4. In the search box, type Dossier, select Dossier from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Dossier based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Dossier
To configure and test Azure AD single sign-on with Dossier, you need to complete the following building blocks:
2. Configure Dossier Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Dossier test user - to have a counterpart of Britta Simon in Dossier that is linked to the Azure AD
To configure Azure AD single sign-on with Dossier, perform the following steps:
1. In the Azure portal, on the Dossier application integration page, select Single sign-on.
dialog.

https://<SUBDOMAIN>.dossiersystems.com/azuresso/account/SignIn
https://dossier.<CLIENTDOMAINNAME>/azuresso/account/SignIn
b. In the Identifier (Entity ID ) text box, type a URL using the following pattern: Dossier/<CLIENTNAME>
NOTE
For identifier value it should be in the format of Dossier/<CLIENTNAME> or any user personalized value.
https://<SUBDOMAIN>.dossiersystems.com/azuresso
https://dossier.<CLIENTDOMAINNAME>/azuresso
NOTE
These values are not real. Update these values with the actual Sign on URL, Identifier and Reply URL. Contact Dossier
5. On the Set up Single Sign-On with SAML page, in the SAML Signing Certificate section, click the copy
button to copy App Federation Metadata Url from the given options as per your requirement and save it
on your computer.
6. On the Set up Dossier section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Dossier Single Sign-On
To configure single sign-on on Dossier side, you need to send the App Federation Metadata Url to Dossier

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Dossier.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Dossier.
2. In the applications list, select Dossier.

Create Dossier test user
In this section, you create a user called Britta Simon in Dossier. Work with Dossier support team to add the users in
the Dossier platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Dossier tile in the Access Panel, you should be automatically signed in to the Dossier for which
Dovetale
In this tutorial, you learn how to integrate Dovetale with Azure Active Directory (Azure AD ). Integrating Dovetale
You can control in Azure AD who has access to Dovetale.
You can enable your users to be automatically signed-in to Dovetale (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Dovetale, you need the following items:
Dovetale single sign-on enabled subscription
Dovetale supports SP and IDP initiated SSO
Dovetale supports Just In Time user provisioning
Adding Dovetale from the gallery

To configure the integration of Dovetale into Azure AD, you need to add Dovetale from the gallery to your list of
managed SaaS apps.
To add Dovetale from the gallery, perform the following steps:
4. In the search box, type Dovetale, select Dovetale from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Dovetale based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Dovetale
To configure and test Azure AD single sign-on with Dovetale, you need to complete the following building blocks:
2. Configure Dovetale Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Dovetale test user - to have a counterpart of Britta Simon in Dovetale that is linked to the Azure AD
To configure Azure AD single sign-on with Dovetale, perform the following steps:
1. In the Azure portal, on the Dovetale application integration page, select Single sign-on.
dialog.
initiated mode:
In the Sign-on URL text box, type a URL using the following pattern: <COMPANYNAME>.dovetale.com
NOTE
The value is not real. Update the value with the actual Sign-on URL. Contact Dovetale Client support team to get the
6. Dovetale application expects the SAML assertions in a specific format. Configure the following claims for
email user.mail
f. Click Ok
g. Click Save.
Configure Dovetale Single Sign-On

To configure single sign-on on Dovetale side, you need to send the App Federation Metadata Url to Dovetale

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Dovetale.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Dovetale.
2. In the applications list, select Dovetale.
Create Dovetale test user
In this section, a user called Britta Simon is created in Dovetale. Dovetale supports just-in-time user
exist in Dovetale, a new one is created after authentication.
NOTE
If you need to create a user manually, contact Dovetale support team.
Test single sign-on

When you click the Dovetale tile in the Access Panel, you should be automatically signed in to the Dovetale for
Tutorial: Azure Active Directory integration with Dow
Jones Factiva
In this tutorial, you learn how to integrate Dow Jones Factiva with Azure Active Directory (Azure AD ). Integrating
Dow Jones Factiva with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Dow Jones Factiva.
You can enable your users to be automatically signed-in to Dow Jones Factiva (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Dow Jones Factiva, you need the following items:
Dow Jones Factiva single sign-on enabled subscription
Dow Jones Factiva supports IDP initiated SSO
Adding Dow Jones Factiva from the gallery

To configure the integration of Dow Jones Factiva into Azure AD, you need to add Dow Jones Factiva from the
To add Dow Jones Factiva from the gallery, perform the following steps:
4. In the search box, type Dow Jones Factiva, select Dow Jones Factiva from result panel then click Add

In this section, you configure and test Azure AD single sign-on with Dow Jones Factiva based on a test user called
Dow Jones Factiva needs to be established.
To configure and test Azure AD single sign-on with Dow Jones Factiva, you need to complete the following
building blocks:
2. Configure Dow Jones Factiva Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Dow Jones Factiva test user - to have a counterpart of Britta Simon in Dow Jones Factiva that is
To configure Azure AD single sign-on with Dow Jones Factiva, perform the following steps:
1. In the Azure portal, on the Dow Jones Factiva application integration page, select Single sign-on.
dialog.
6. On the Set up Dow Jones Factiva section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Dow Jones Factiva Single Sign-On
To configure single sign-on on Dow Jones Factiva side, you need to send the downloaded Federation Metadata
XML and appropriate copied URLs from Azure portal to Dow Jones Factiva support team. They set this setting to

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Dow Jones Factiva.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Dow Jones
Factiva.
2. In the applications list, select Dow Jones Factiva.

Create Dow Jones Factiva test user
In this section, you create a user called Britta Simon in Dow Jones Factiva. Work with Dow Jones Factiva support
team to add the users in the Dow Jones Factiva platform. Users must be created and activated before you use
single sign-on.
Test single sign-on
When you click the Dow Jones Factiva tile in the Access Panel, you should be automatically signed in to the Dow
Jones Factiva for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
integration with Darwinbox
In this tutorial, you'll learn how to integrate Darwinbox with Azure Active Directory (Azure AD ). When you
integrate Darwinbox with Azure AD, you can:
Control in Azure AD who has access to Darwinbox.
Enable your users to be automatically signed-in to Darwinbox with their Azure AD accounts.
Prerequisites
Darwinbox single sign-on (SSO ) enabled subscription.
Darwinbox supports SP initiated SSO
Adding Darwinbox from the gallery

To configure the integration of Darwinbox into Azure AD, you need to add Darwinbox from the gallery to your list
5. In the Add from the gallery section, type Darwinbox in the search box.
6. Select Darwinbox from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Darwinbox

Configure and test Azure AD SSO with Darwinbox using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Darwinbox.
To configure and test Azure AD SSO with Darwinbox, complete the following building blocks:
2. Configure Darwinbox SSO - to configure the single sign-on settings on application side.
a. Create Darwinbox test user - to have a counterpart of B.Simon in Darwinbox that is linked to the

1. In the Azure portal, on the Darwinbox application integration page, find the Manage section and select
single sign-on.
edit the settings.
a. In the Sign on URL text box, type a URL using the following pattern: https://<SUBDOMAIN>.darwinbox.in/
https://<SUBDOMAIN>.darwinbox.in/adfs/module.php/saml/sp/metadata.php/<CUSTOMID>
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Darwinbox Client
computer.
6. On the Set up Darwinbox section, copy the appropriate URL (s) based on your requirement.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Darwinbox.
2. In the applications list, select Darwinbox.
Configure Darwinbox SSO

To configure single sign-on on Darwinbox side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to Darwinbox support team. They set this setting to have the
Create Darwinbox test user
In this section, you create a user called B.Simon in Darwinbox. Work with Darwinbox support team to add the users
in the Darwinbox platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the Darwinbox tile in the Access Panel, you should be automatically signed in to the Darwinbox for
Try Darwinbox with Azure AD
integration with Drift
In this tutorial, you'll learn how to integrate Drift with Azure Active Directory (Azure AD ). When you integrate Drift
Control in Azure AD who has access to Drift.
Enable your users to be automatically signed-in to Drift with their Azure AD accounts.
Prerequisites
Drift single sign-on (SSO ) enabled subscription.
Drift supports SP and IDP initiated SSO
Drift supports Just In Time user provisioning
NOTE
Adding Drift from the gallery

To configure the integration of Drift into Azure AD, you need to add Drift from the gallery to your list of managed
SaaS apps.
5. In the Add from the gallery section, type Drift in the search box.
6. Select Drift from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
Configure and test Azure AD single sign-on for Drift

Configure and test Azure AD SSO with Drift using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Drift.
To configure and test Azure AD SSO with Drift, complete the following building blocks:
2. Configure Drift SSO - to configure the single sign-on settings on application side.
a. Create Drift test user - to have a counterpart of B.Simon in Drift that is linked to the Azure AD

1. In the Azure portal, on the Drift application integration page, find the Manage section and select single
sign-on.
edit the settings.
the Save button.
a. Click Set additional URLs.
b. In the Relay State text box, type a URL: https://app.drift.com
c. If you wish to configure the application in SP initiated mode perform the following step:
d. In the Sign-on URL text box, type a URL: https://start.drift.com
5. Your Drift application expects the SAML assertions in a specific format, which requires you to add custom
default attributes.
6. In addition to above, Drift application expects few more attributes to be passed back in SAML response
requirement.
Name user.displayname
computer.
8. On the Set up Drift section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Drift.
2. In the applications list, select Drift.
Configure Drift SSO

1. To automate the configuration within Drift, you need to install My Apps Secure Sign-in browser
2. After adding extension to the browser, click on Setup Drift will direct you to the Drift application. From
there, provide the admin credentials to sign into Drift. The browser extension will automatically configure
3. If you want to setup Drift manually, open a new web browser window and sign into your Drift company site
as an administrator and perform the following steps:
4. From the left side of menu bar, click on Settings icon > App Settings > Authentication and perform the
following steps:
a. Upload the Federation Metadata XML that you have downloaded from the Azure portal, into the
Upload Identity Provider metadata file text box.
b. After uploading the metadata file, the remaining values get auto populated on the page automatically.
c. Click Enable SAML.
Create Drift test user
In this section, a user called Britta Simon is created in Drift. Drift supports just-in-time user provisioning, which is
enabled by default. There is no action item for you in this section. If a user doesn't already exist in Drift, a new one
NOTE
If you need to create a user manually, contact Drift support team.
Test SSO
When you click the Drift tile in the Access Panel, you should be automatically signed in to the Drift for which you
Try Drift with Azure AD
Tutorial: Integrate Dropbox for Business with Azure
Active Directory
In this tutorial, you'll learn how to integrate Dropbox for Business with Azure Active Directory (Azure AD ). When
you integrate Dropbox for Business with Azure AD, you can:
Control in Azure AD who has access to Dropbox for Business.
Enable your users to be automatically signed-in to Dropbox for Business with their Azure AD accounts.
Prerequisites
Dropbox for Business single sign-on (SSO ) enabled subscription.
In this tutorial, you configure and test Azure AD SSO in a test environment. Dropbox for Business supports
SP initiated SSO
Dropbox for Business supports Just In Time user provisioning
Adding Dropbox for Business from the gallery

To configure the integration of Dropbox for Business into Azure AD, you need to add Dropbox for Business from
5. In the Add from the gallery section, type Dropbox for Business in the search box.
6. Select Dropbox for Business from results panel and then add the app. Wait a few seconds while the app is

Configure and test Azure AD SSO with Dropbox for Business using a test user called Britta Simon. For SSO to
work, you need to establish a link relationship between an Azure AD user and the related user in Dropbox for
Business.
To configure and test Azure AD SSO with Dropbox for Business, complete the following building blocks:
2. Configure Dropbox for Business SSO - to configure the Single Sign-On settings on application side.
5. Create Dropbox for Business test user - to have a counterpart of Britta Simon in Dropbox for Business that
1. In the Azure portal, on the Dropbox for Business application integration page, find the Manage section
a. In the Sign on URL text box, type a URL using the following pattern: https://www.dropbox.com/sso/<id>
b. In the Identifier (Entity ID ) text box, type a value: Dropbox
NOTE
The preceding Sign-on URL value is not real value. You will update the value with the actual Sign-on URL, which is
6. On the Set up Dropbox for Business section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Dropbox for Business SSO
1. To automate the configuration within Dropbox for Business, you need to install My Apps Secure Sign-in
2. After adding extension to the browser, click on Setup Dropbox for Business will direct you to the Dropbox
for Business application. From there, provide the admin credentials to sign into Dropbox for Business. The
browser extension will automatically configure the application for you and automate steps 3-8.
3. If you want to setup Dropbox for Business manually, open a new web browser window and go on your
Dropbox for Business tenant and sign on to your Dropbox for business tenant. and perform the following
steps:
4. Click on the User Icon and select Settings tab.
5. In the navigation pane on the left side, click Admin console.
6. On the Admin console, click Settings in the left navigation pane.
7. Select Single sign-on option under the Authentication section.

8. In the Single sign-on section, perform the following steps:
a. Select Required as an option from the dropdown for the Single sign-on.
b. Click on Add sign-in URL and in the Identity provider sign-in URL textbox, paste the Login URL
value which you have copied from the Azure portal and then select Done.
c. Click Upload certificate, and then browse to your Base64 encoded certificate file which you have
downloaded from the Azure portal.
d. Click on Copy link and paste the copied value into the Sign-on URL textbox of Dropbox for Business
Domain and URLs section on Azure portal.
e. Click Save.
box.
d. Click Create.
In this section, you'll enable Britta Simon to use Azure single sign-on by granting access to Dropbox for Business.
2. In the applications list, select Dropbox for Business.
Create Dropbox for Business test user
In this section, a user called Britta Simon is created in Dropbox for Business. Dropbox for Business supports just-
in-time user provisioning, which is enabled by default. There is no action item for you in this section. If a user
doesn't already exist in Dropbox for Business, a new one is created after authentication.
NOTE
If you need to create a user manually, Contact Dropbox for Business Client support team
Test SSO
When you select the Dropbox for Business tile in the Access Panel, you should be automatically signed in to the
Dropbox for Business for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
integration with Druva
In this tutorial, you'll learn how to integrate Druva with Azure Active Directory (Azure AD ). When you integrate
Druva with Azure AD, you can:
Control in Azure AD who has access to Druva.
Enable your users to be automatically signed-in to Druva with their Azure AD accounts.
Prerequisites
Druva single sign-on (SSO ) enabled subscription.
Druva supports SP and IDP initiated SSO
NOTE
Adding Druva from the gallery

To configure the integration of Druva into Azure AD, you need to add Druva from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Druva in the search box.
6. Select Druva from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Druva

Configure and test Azure AD SSO with Druva using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Druva.
To configure and test Azure AD SSO with Druva, complete the following building blocks:
2. Configure Druva SSO - to configure the single sign-on settings on application side.
Create Druva test user - to have a counterpart of B.Simon in Druva that is linked to the Azure AD

1. In the Azure portal, on the Druva application integration page, find the Manage section and select single
sign-on.
edit the settings.
the user does not have to perform any step as the app is already pre-integrated with Azure.
initiated mode:
In the Sign-on URL text box, type a URL: https://login.druva.com/api/commonlogin/samlconsume
6. Click Save.
7. Druva application expects the SAML assertions in a specific format, which requires you to add custom
default attributes.
8. In addition to above, Druva application expects few more attributes to be passed back in SAML response
requirements.
emailAddress user.email
druva_auth_token SSO Token generated from DCP Admin Console, without

quotation marks. For example: X-XXXXX-XXXX-S-A-M-P-
L-E+TXOXKXEXNX=. Azure automatically adds quotation
marks around the auth token.
10. On the Set up Druva section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Druva.
2. In the applications list, select Druva.
Configure Druva SSO

1. In a different web browser window, sign in to your Druva company site as an administrator.
2. Click on the Druva logo on top left corner and then click Druva Cloud Settings.
3. On the Single Sign-On tab, click Edit.

4. On the Edit Single Sign-On Settings page, perform the following steps:
a. In ID Provider Login URL textbox, paste the value of Login URL, which you have copied from
Azure portal.
b. Open your base-64 encoded certificate in notepad, copy the content of it into your clipboard, and
then paste it to the ID Provider Certificate textbox
NOTE
To Enable Single Sign-On for administrators, select Administrators log into Druva Cloud through SSO
provider and Allow failsafe access to Druva Cloud administrators(recommended) checkboxes. Druva
recommends to enable Failsafe for Administrators so that they have to access the DCP console in case of
any failures in IdP. It also enables the administrators to use both SSO and DCP password to access the DCP
console.
c. Click Save. This enables the access to Druva Cloud Platform using SSO.
Create Druva test user
In this section, a user called B.Simon is created in Druva. Druva supports just-in-time user provisioning, which is
enabled by default. There is no action item for you in this section. If a user doesn't already exist in Druva, a new one
Test SSO
When you click the Druva tile in the Access Panel, you should be automatically signed in to the Druva for which
Try Druva with Azure AD
Dynamic Signal
In this tutorial, you learn how to integrate Dynamic Signal with Azure Active Directory (Azure AD ). Integrating
Dynamic Signal with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Dynamic Signal.
You can enable your users to be automatically signed-in to Dynamic Signal (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Dynamic Signal, you need the following items:
Dynamic Signal single sign-on enabled subscription
Dynamic Signal supports SP initiated SSO
Dynamic Signal supports Just In Time user provisioning
Adding Dynamic Signal from the gallery

To configure the integration of Dynamic Signal into Azure AD, you need to add Dynamic Signal from the gallery to
To add Dynamic Signal from the gallery, perform the following steps:
4. In the search box, type Dynamic Signal, select Dynamic Signal from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with Dynamic Signal based on a test user called
Dynamic Signal needs to be established.
To configure and test Azure AD single sign-on with Dynamic Signal, you need to complete the following building
blocks:
2. Configure Dynamic Signal Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Dynamic Signal test user - to have a counterpart of Britta Simon in Dynamic Signal that is linked to
To configure Azure AD single sign-on with Dynamic Signal, perform the following steps:
1. In the Azure portal, on the Dynamic Signal application integration page, select Single sign-on.
dialog.

a. In the Sign-on URL text box, type a URL using the following pattern: https://<subdomain>.voicestorm.com
b. In the Identifier box, type a URL using the following pattern: https://<subdomain>.voicestorm.com
https://<subdomain>.voicestorm.com/User/SsoResponse
NOTE
Dynamic Signal Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
6. On the Set up Dynamic Signal section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Dynamic Signal Single Sign-On
To configure single sign-on on Dynamic Signal side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to Dynamic Signal support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Dynamic Signal.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Dynamic Signal.
2. In the applications list, select Dynamic Signal.

Create Dynamic Signal test user
In this section, a user called Britta Simon is created in Dynamic Signal. Dynamic Signal supports just-in-time user
exist in Dynamic Signal, a new one is created after authentication.
NOTE
If you need to create a user manually, contact Dynamic Signal support team.
Test single sign-on
When you click the Dynamic Signal tile in the Access Panel, you should be automatically signed in to the Dynamic
Signal for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
integration with Dynatrace
In this tutorial, you'll learn how to integrate Dynatrace with Azure Active Directory (Azure AD ). When you integrate
Dynatrace with Azure AD, you can:
Control in Azure AD who has access to Dynatrace.
Enable your users to be automatically signed-in to Dynatrace with their Azure AD accounts.
Prerequisites
Dynatrace single sign-on (SSO ) enabled subscription.
Dynatrace supports SP and IDP initiated SSO
Dynatrace supports Just In Time user provisioning
NOTE
The identifier of this application is a fixed string value. Only one instance can be configured in one tenant.
Adding Dynatrace from the gallery

To configure the integration of Dynatrace into Azure AD, you need to add Dynatrace from the gallery to your list of
managed SaaS apps.
3. Navigate to Enterprise Applications, and then select All Applications.
5. In the Add from the gallery section, type Dynatrace in the search box.
6. Select Dynatrace from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Dynatrace

Configure and test Azure AD SSO with Dynatrace using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Dynatrace.
To configure and test Azure AD SSO with Dynatrace, complete the following building blocks:
2. Configure Dynatrace SSO - to configure the single sign-on settings on application side.
Create Dynatrace test user - to have a counterpart of B.Simon in Dynatrace that is linked to the Azure

1. In the Azure portal, on the Dynatrace application integration page, find the Manage section and select
single sign-on.
edit the settings.
4. In the Basic SAML Configuration section, the application is pre-configured in IDP initiated mode and the
the Save button.
5. Click Set additional URLs and complete the following step to configure the application in SP initiated
mode:
In the Sign-on URL text box, type a URL: https://sso.dynatrace.com/
Federation Metadata XML. Select Download to download the certificate and save it on your computer.
7. In the SAML Signing Certificate section, select the Edit button to open the SAML Signing Certificate
dialog box. Complete the following steps:
a. The Signing Option setting is pre-populated. Please review the settings as per your organization.
b. Click Save.
8. In the Set up Dynatrace section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Dynatrace.
2. In the applications list, select Dynatrace.
5. In the Users and groups dialog box, select B.Simon from the Users list, then click the Select button at the
appropriate role for the user from the list and then click the Select button at the bottom of the screen.
7. In the Add Assignment dialog box, click the Assign button.
Configure Dynatrace SSO

To configure single sign-on on the Dynatrace side, you need to send the downloaded Federation Metadata
XML file and the appropriate copied URLs from the Azure portal to the Dynatrace support team. They configure
Create Dynatrace test user
In this section, a user called B.Simon is created in Dynatrace. Dynatrace supports just-in-time user provisioning,
Dynatrace, a new one is created after authentication.
Test SSO
When you click the Dynatrace tile in the Access Panel, you should be automatically signed in to the Dynatrace, for
Try Dynatrace with Azure AD
integration with EAB Navigate IMPL
In this tutorial, you'll learn how to integrate EAB Navigate IMPL with Azure Active Directory (Azure AD ). When
you integrate EAB Navigate IMPL with Azure AD, you can:
Control in Azure AD who has access to EAB Navigate IMPL.
Enable your users to be automatically signed-in to EAB Navigate IMPL with their Azure AD accounts.
Prerequisites
EAB Navigate IMPL single sign-on (SSO ) enabled subscription.
EAB Navigate IMPL supports SP initiated SSO
NOTE
Adding EAB Navigate IMPL from the gallery

To configure the integration of EAB Navigate IMPL into Azure AD, you need to add EAB Navigate IMPL from the
5. In the Add from the gallery section, type EAB Navigate IMPL in the search box.
6. Select EAB Navigate IMPL from results panel and then add the app. Wait a few seconds while the app is
Configure and test Azure AD single sign-on for EAB Navigate IMPL
Configure and test Azure AD SSO with EAB Navigate IMPL using a test user called B.Simon. For SSO to work,
you need to establish a link relationship between an Azure AD user and the related user in EAB Navigate IMPL.
To configure and test Azure AD SSO with EAB Navigate IMPL, complete the following building blocks:
2. Configure EAB Navigate IMPL SSO - to configure the single sign-on settings on application side.
Create EAB Navigate IMPL test user - to have a counterpart of B.Simon in EAB Navigate IMPL that is

1. In the Azure portal, on the EAB Navigate IMPL application integration page, find the Manage section and
edit the settings.
https://<SUBDOMAIN>.navigate.impl.eab.com/
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact EAB Navigate IMPL Client support team
portal.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to EAB Navigate IMPL.
2. In the applications list, select EAB Navigate IMPL.
Configure EAB Navigate IMPL SSO

To configure single sign-on on EAB Navigate IMPL side, you need to send the App Federation Metadata Url
to EAB Navigate IMPL support team. They set this setting to have the SAML SSO connection set properly on both
sides.
Create EAB Navigate IMPL test user
In this section, you create a user called B.Simon in EAB Navigate IMPL. Work with EAB Navigate IMPL support
team to add the users in the EAB Navigate IMPL platform. Users must be created and activated before you use
single sign-on.
Test SSO
When you click the EAB Navigate IMPL tile in the Access Panel, you should be automatically signed in to the EAB
Navigate IMPL for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Try EAB Navigate IMPL with Azure AD
integration with EAB Navigate Strategic Care
In this tutorial, you'll learn how to integrate EAB Navigate Strategic Care with Azure Active Directory (Azure AD ).
When you integrate EAB Navigate Strategic Care with Azure AD, you can:
Control in Azure AD who has access to EAB Navigate Strategic Care.
Enable your users to be automatically signed-in to EAB Navigate Strategic Care with their Azure AD accounts.
Prerequisites
EAB Navigate Strategic Care single sign-on (SSO ) enabled subscription.
EAB Navigate Strategic Care supports SP initiated SSO
Adding EAB Navigate Strategic Care from the gallery

To configure the integration of EAB Navigate Strategic Care into Azure AD, you need to add EAB Navigate
Strategic Care from the gallery to your list of managed SaaS apps.
5. In the Add from the gallery section, type EAB Navigate Strategic Care in the search box.
6. Select EAB Navigate Strategic Care from results panel and then add the app. Wait a few seconds while the
Configure and test Azure AD single sign-on for EAB Navigate Strategic
Care
Configure and test Azure AD SSO with EAB Navigate Strategic Care using a test user called B.Simon. For SSO to
work, you need to establish a link relationship between an Azure AD user and the related user in EAB Navigate
Strategic Care.
To configure and test Azure AD SSO with EAB Navigate Strategic Care, complete the following building blocks:
2. Configure EAB Navigate Strategic Care SSO - to configure the single sign-on settings on application side.
a. Create EAB Navigate Strategic Care test user - to have a counterpart of B.Simon in EAB Navigate
Strategic Care that is linked to the Azure AD representation of user.

1. In the Azure portal, on the EAB Navigate Strategic Care application integration page, find the Manage
edit the settings.
In the Sign-on URL text box, type a URL using the following pattern: https://<CUSTOMERURL>.eab.com
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact EAB Navigate Strategic Care Client
the Azure portal.
5. On the Set up single sign-on with SAML page, In the SAML Signing Certificate section, click the copy

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to EAB Navigate Strategic
Care.
2. In the applications list, select EAB Navigate Strategic Care.
Configure EAB Navigate Strategic Care SSO

To configure single sign-on on EAB Navigate Strategic Care side, you need to send the App Federation
Metadata Url to EAB Navigate Strategic Care support team. They set this setting to have the SAML SSO
Create EAB Navigate Strategic Care test user
In this section, you create a user called B.Simon in EAB Navigate Strategic Care. Work with EAB Navigate Strategic
Care support team to add the users in the EAB Navigate Strategic Care platform. Users must be created and
Test SSO
When you click the EAB Navigate Strategic Care tile in the Access Panel, you should be automatically signed in to
the EAB Navigate Strategic Care for which you set up SSO. For more information about the Access Panel, see
Try EAB Navigate Strategic Care with Azure AD
EasyTerritory
In this tutorial, you learn how to integrate EasyTerritory with Azure Active Directory (Azure AD ). Integrating
EasyTerritory with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to EasyTerritory.
You can enable your users to be automatically signed-in to EasyTerritory (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with EasyTerritory, you need the following items:
EasyTerritory single sign-on enabled subscription
EasyTerritory supports SP and IDP initiated SSO
Adding EasyTerritory from the gallery

To configure the integration of EasyTerritory into Azure AD, you need to add EasyTerritory from the gallery to your
To add EasyTerritory from the gallery, perform the following steps:
4. In the search box, type EasyTerritory, select EasyTerritory from result panel then click Add button to add
the application.

In this section, you configure and test Azure AD single sign-on with EasyTerritory based on a test user called Britta
EasyTerritory needs to be established.
To configure and test Azure AD single sign-on with EasyTerritory, you need to complete the following building
blocks:
2. Configure EasyTerritory Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create EasyTerritory test user - to have a counterpart of Britta Simon in EasyTerritory that is linked to the
To configure Azure AD single sign-on with EasyTerritory, perform the following steps:
1. In the Azure portal, on the EasyTerritory application integration page, select Single sign-on.
dialog.
https://apps.easyterritory.com/<tenant id>/dev/
https://apps.easyterritory.com/<tenant id>/dev/authservices/acs
initiated mode:
https://<company name>.easyterritory.com/
NOTE
EasyTerritory Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
7. On the Set up EasyTerritory section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure EasyTerritory Single Sign-On
To configure single sign-on on EasyTerritory side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to EasyTerritory support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to EasyTerritory.
1. In the Azure portal, select Enterprise Applications, select All applications, then select EasyTerritory.
2. In the applications list, select EasyTerritory.

Create EasyTerritory test user
In this section, you create a user called Britta Simon in EasyTerritory. Work with EasyTerritory support team to add
the users in the EasyTerritory platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the EasyTerritory tile in the Access Panel, you should be automatically signed in to the EasyTerritory
integration with EBSCO
In this tutorial, you'll learn how to integrate EBSCO with Azure Active Directory (Azure AD ). When you integrate
EBSCO with Azure AD, you can:
Control in Azure AD who has access to EBSCO.
Enable your users to be automatically signed-in to EBSCO with their Azure AD accounts.
Prerequisites
EBSCO single sign-on (SSO ) enabled subscription.
EBSCO supports SP and IDP initiated SSO
EBSCO supports Just In Time user provisioning
NOTE
Adding EBSCO from the gallery

To configure the integration of EBSCO into Azure AD, you need to add EBSCO from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type EBSCO in the search box.
6. Select EBSCO from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for EBSCO

Configure and test Azure AD SSO with EBSCO using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in EBSCO.
To configure and test Azure AD SSO with EBSCO, complete the following building blocks:
2. Configure EBSCO SSO - to configure the single sign-on settings on application side.
Create EBSCO test user - to have a counterpart of B.Simon in EBSCO that is linked to the Azure AD

1. In the Azure portal, on the EBSCO application integration page, find the Manage section and select single
sign-on.
edit the settings.
In the Identifier text box, type a URL: pingsso.ebscohost.com
initiated mode:
http://search.ebscohost.com/login.aspx?authtype=sso&custid=<unique EBSCO customer ID>&profile=<profile
ID>
NOTE
The Sign-on URL value is not real. Update the value with the actual Sign-on URL. Contact EBSCO Client support team
to get these values. You can also refer to the patterns shown in the Basic SAML Configuration section in the Azure
portal.
o Unique elements:
o Custid = Enter unique EBSCO customer ID
o Profile = Clients can tailor the link to direct users to a specific profile (depending on what they purchase
from EBSCO ). They can enter a specific profile ID. The main IDs are eds (EBSCO Discovery Service) and
ehost (EBSOCOhost databases). Instructions for the same are given here.
6. EBSCO application expects the SAML assertions in a specific format, which requires you to add custom
default attributes.
NOTE
The name attribute is mandatory and it is mapped with Name Identifier value in EBSCO application. This is added
by default so you don't need to add this manually.
7. In addition to above, EBSCO application expects few more attributes to be passed back in SAML response
requirements.
Email user.mail
computer.
9. On the Set up EBSCO section, copy the appropriate URL (s) based on your requirement.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to EBSCO.
2. In the applications list, select EBSCO.
Configure EBSCO SSO

To configure single sign-on on EBSCO side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to EBSCO support team. They set this setting to have the SAML SSO
Create EBSCO test user
In the case of EBSCO, user provisioning is automatic.
Azure AD passes the required data to EBSCO application. EBSCO’s user provisioning can be automatic OR require
a one-time form. It depends on whether the client has a lot of pre-existing EBSCOhost accounts with personal
settings saved. The same can be discussed with the EBSCO support team during the implementation. Either way,
the client doesn’t have to create any EBSCOhost accounts prior to testing.
NOTE
You can automate EBSCOhost user provisioning/personalization. Contact EBSCO support team about Just-In-Time user
provisioning.
Test SSO
1. When you click the EBSCO tile in the Access Panel, you should get automatically signed-on to your EBSCO
application. For more information about the Access Panel, see Introduction to the Access Panel.
2. Once you login to the application, click on the sign in button in the top right corner.
3. You will receive a one-time prompt to pair the institutional/SAML login with an Link your existing
MyEBSCOhost account to your institution account now OR Create a new MyEBSCOhost account
and link it to your institution account. The account is used for personalization on the EBSCOhost
application. Select the option Create a new account and you will see that the form for personalization is
pre-completed with the values from the saml response as shown in the screenshot below. Click ‘Continue’
to save this selection.
4. After completing the above setup, clear cookies/cache and login again. You won’t have to manually sign in
again and the personalization settings are remembered.
Try EBSCO with Azure AD
integration with eCornell
In this tutorial, you'll learn how to integrate eCornell with Azure Active Directory (Azure AD ). When you integrate
eCornell with Azure AD, you can:
Control in Azure AD who has access to eCornell.
Enable your users to be automatically signed-in to eCornell with their Azure AD accounts.
Prerequisites
eCornell single sign-on (SSO ) enabled subscription.
eCornell supports SP initiated SSO
eCornell supports Just In Time user provisioning
Adding eCornell from the gallery

To configure the integration of eCornell into Azure AD, you need to add eCornell from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type eCornell in the search box.
6. Select eCornell from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for eCornell

Configure and test Azure AD SSO with eCornell using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in eCornell.
To configure and test Azure AD SSO with eCornell, complete the following building blocks:
2. Configure eCornell SSO - to configure the single sign-on settings on application side.
Create eCornell test user - to have a counterpart of B.Simon in eCornell that is linked to the Azure AD

1. In the Azure portal, on the eCornell application integration page, find the Manage section and select
single sign-on.
edit the settings.
https://admin.ecornell.com/sso/clp/<groupCode>
b. In the Identifier box, type a URL using the following pattern: http://pingone.com/<eCornellCustomGUID>
https://sso.connect.pingidentity.com/sso/sp/ACS.saml2?saasid=<CustomGUID>
NOTE
eCornell Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
5. eCornell application expects the SAML assertions in a specific format, which requires you to add custom
default attributes.
6. In addition to above, eCornell application expects few more attributes to be passed back in SAML response
requirements.
email user.mail
SAML_SUBJECT user.userprincipalname
computer.
8. On the Set up eCornell section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to eCornell.
2. In the applications list, select eCornell.
Configure eCornell SSO

To configure single sign-on on eCornell side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to eCornell support team. They set this setting to have the SAML SSO
Create eCornell test user
In this section, a user called B.Simon is created in eCornell. eCornell supports just-in-time user provisioning, which
is enabled by default. There is no action item for you in this section. If a user doesn't already exist in eCornell, a new
Test SSO
When you click the eCornell tile in the Access Panel, you should be automatically signed in to the eCornell for
Try eCornell with Azure AD
Edcor
In this tutorial, you learn how to integrate Edcor with Azure Active Directory (Azure AD ). Integrating Edcor with
You can control in Azure AD who has access to Edcor.
You can enable your users to be automatically signed-in to Edcor (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Edcor, you need the following items:
Edcor single sign-on enabled subscription
Edcor supports IDP initiated SSO
Adding Edcor from the gallery

To configure the integration of Edcor into Azure AD, you need to add Edcor from the gallery to your list of
managed SaaS apps.
To add Edcor from the gallery, perform the following steps:
4. In the search box, type Edcor, select Edcor from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Edcor based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Edcor
To configure and test Azure AD single sign-on with Edcor, you need to complete the following building blocks:
2. Configure Edcor Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Edcor test user - to have a counterpart of Britta Simon in Edcor that is linked to the Azure AD
To configure Azure AD single sign-on with Edcor, perform the following steps:
1. In the Azure portal, on the Edcor application integration page, select Single sign-on.
dialog.

In the Identifier text box, type a URL: https://sso.edcor.com/sp/ACS.saml2
6. On the Set up Edcor section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Edcor Single Sign-On
To configure single sign-on on Edcor side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to Edcor support team. They set this setting to have the SAML SSO


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Edcor.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Edcor.
2. In the applications list, select Edcor.

Create Edcor test user
In this section, you create a user called Britta Simon in Edcor. Work with Edcor support team to add the users in the
Edcor platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Edcor tile in the Access Panel, you should be automatically signed in to the Edcor for which you
eDigitalResearch
In this tutorial, you learn how to integrate eDigitalResearch with Azure Active Directory (Azure AD ). Integrating
eDigitalResearch with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to eDigitalResearch.
You can enable your users to be automatically signed-in to eDigitalResearch (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with eDigitalResearch, you need the following items:
eDigitalResearch single sign-on enabled subscription
eDigitalResearch supports IDP initiated SSO
Adding eDigitalResearch from the gallery

To configure the integration of eDigitalResearch into Azure AD, you need to add eDigitalResearch from the gallery
To add eDigitalResearch from the gallery, perform the following steps:
4. In the search box, type eDigitalResearch, select eDigitalResearch from result panel then click Add button

In this section, you configure and test Azure AD single sign-on with eDigitalResearch based on a test user called
eDigitalResearch needs to be established.
To configure and test Azure AD single sign-on with eDigitalResearch, you need to complete the following building
blocks:
2. Configure eDigitalResearch Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create eDigitalResearch test user - to have a counterpart of Britta Simon in eDigitalResearch that is linked to
To configure Azure AD single sign-on with eDigitalResearch, perform the following steps:
1. In the Azure portal, on the eDigitalResearch application integration page, select Single sign-on.
dialog.
https://<company-name>.edigitalresearch.com
https://<company-name>.edigitalresearch.com/login/consume
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact eDigitalResearch
6. On the Set up eDigitalResearch section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure eDigitalResearch Single Sign-On
To configure single sign-on on eDigitalResearch side, you need to send the downloaded Certificate (Base64)
and appropriate copied URLs from Azure portal to eDigitalResearch support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to eDigitalResearch.
1. In the Azure portal, select Enterprise Applications, select All applications, then select eDigitalResearch.
2. In the applications list, select eDigitalResearch.
Create eDigitalResearch test user
In this section, you create a user called Britta Simon in eDigitalResearch. Work with eDigitalResearch support team
to add the users in the eDigitalResearch platform. Users must be created and activated before you use single sign-
on.
NOTE
The Azure Active Directory account holder receives an email and follows a link to confirm their account before it becomes
active.
Test single sign-on

When you click the eDigitalResearch tile in the Access Panel, you should be automatically signed in to the
eDigitalResearch for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
EduBrite LMS
In this tutorial, you learn how to integrate EduBrite LMS with Azure Active Directory (Azure AD ). Integrating
EduBrite LMS with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to EduBrite LMS.
You can enable your users to be automatically signed-in to EduBrite LMS (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with EduBrite LMS, you need the following items:
EduBrite LMS single sign-on enabled subscription
EduBrite LMS supports SP and IDP initiated SSO
EduBrite LMS supports Just In Time user provisioning
Adding EduBrite LMS from the gallery

To configure the integration of EduBrite LMS into Azure AD, you need to add EduBrite LMS from the gallery to
To add EduBrite LMS from the gallery, perform the following steps:
4. In the search box, type EduBrite LMS, select EduBrite LMS from result panel then click Add button to add
the application.

In this section, you configure and test Azure AD single sign-on with EduBrite LMS based on a test user called
EduBrite LMS needs to be established.
To configure and test Azure AD single sign-on with EduBrite LMS, you need to complete the following building
blocks:
2. Configure EduBrite LMS Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create EduBrite LMS test user - to have a counterpart of Britta Simon in EduBrite LMS that is linked to the
To configure Azure AD single sign-on with EduBrite LMS, perform the following steps:
1. In the Azure portal, on the EduBrite LMS application integration page, select Single sign-on.
dialog.
https://<customer-specific>.edubrite.com
https://<customer-specific>.edubrite.com/oltpublish/site/samlLoginResponse.do
initiated mode:
https://<customer-specific>.edubrite.com/oltpublish/site/samlLoginResponse.do
NOTE
EduBrite LMS Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
7. On the Set up EduBrite LMS section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure EduBrite LMS Single Sign-On
To configure single sign-on on EduBrite LMS side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to EduBrite LMS support team. They set this setting to have the SAML

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to EduBrite LMS.
1. In the Azure portal, select Enterprise Applications, select All applications, then select EduBrite LMS.
2. In the applications list, select EduBrite LMS.

Create EduBrite LMS test user
In this section, a user called Britta Simon is created in EduBrite LMS. EduBrite LMS supports just-in-time user
exist in EduBrite LMS, a new one is created after authentication.
Test single sign-on
When you click the EduBrite LMS tile in the Access Panel, you should be automatically signed in to the EduBrite
LMS for which you set up SSO. For more information about the Access Panel, see Introduction to the Access Panel.
Tutorial: Azure Active Directory integration with EFI
Digital StoreFront
In this tutorial, you learn how to integrate EFI Digital StoreFront with Azure Active Directory (Azure AD ).
Integrating EFI Digital StoreFront with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to EFI Digital StoreFront.
You can enable your users to be automatically signed-in to EFI Digital StoreFront (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with EFI Digital StoreFront, you need the following items:
EFI Digital StoreFront single sign-on enabled subscription
EFI Digital StoreFront supports SP initiated SSO
Adding EFI Digital StoreFront from the gallery

To configure the integration of EFI Digital StoreFront into Azure AD, you need to add EFI Digital StoreFront from
To add EFI Digital StoreFront from the gallery, perform the following steps:
4. In the search box, type EFI Digital StoreFront, select EFI Digital StoreFront from result panel then click

In this section, you configure and test Azure AD single sign-on with EFI Digital StoreFront based on a test user
in EFI Digital StoreFront needs to be established.
To configure and test Azure AD single sign-on with EFI Digital StoreFront, you need to complete the following
building blocks:
2. Configure EFI Digital StoreFront Single Sign-On - to configure the Single Sign-On settings on application
side.
5. Create EFI Digital StoreFront test user - to have a counterpart of Britta Simon in EFI Digital StoreFront that
To configure Azure AD single sign-on with EFI Digital StoreFront, perform the following steps:
1. In the Azure portal, on the EFI Digital StoreFront application integration page, select Single sign-on.
dialog.

https://<companyname>.myprintdesk.net/DSF
https://<companyname>.myprintdesk.net/DSF/asp4/
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact EFI Digital
StoreFront Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
6. On the Set up EFI Digital StoreFront section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure EFI Digital StoreFront Single Sign-On
To configure single sign-on on EFI Digital StoreFront side, you need to send the downloaded Federation
Metadata XML and appropriate copied URLs from Azure portal to EFI Digital StoreFront Client support team.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to EFI Digital StoreFront.
1. In the Azure portal, select Enterprise Applications, select All applications, then select EFI Digital
StoreFront.
2. In the applications list, select EFI Digital StoreFront.
Create EFI Digital StoreFront test user
In this section, you create a user called Britta Simon in EFI Digital StoreFront. Work with EFI Digital StoreFront
support team to add the users in the EFI Digital StoreFront platform. Users must be created and activated before
Test single sign-on
When you click the EFI Digital StoreFront tile in the Access Panel, you should be automatically signed in to the EFI
Digital StoreFront for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Egnyte
In this tutorial, you learn how to integrate Egnyte with Azure Active Directory (Azure AD ). Integrating Egnyte with
You can control in Azure AD who has access to Egnyte.
You can enable your users to be automatically signed-in to Egnyte (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Egnyte, you need the following items:
Egnyte single sign-on enabled subscription
Egnyte supports SP initiated SSO
Adding Egnyte from the gallery

To configure the integration of Egnyte into Azure AD, you need to add Egnyte from the gallery to your list of
managed SaaS apps.
To add Egnyte from the gallery, perform the following steps:
4. In the search box, type Egnyte, select Egnyte from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Egnyte based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Egnyte
To configure and test Azure AD single sign-on with Egnyte, you need to complete the following building blocks:
2. Configure Egnyte Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Egnyte test user - to have a counterpart of Britta Simon in Egnyte that is linked to the Azure AD
To configure Azure AD single sign-on with Egnyte, perform the following steps:
1. In the Azure portal, on the Egnyte application integration page, select Single sign-on.
dialog.

In the Sign-on URL text box, type a URL using the following pattern: https://<companyname>.egnyte.com
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact Egnyte Client support team to get the
6. On the Set up Egnyte section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Egnyte Single Sign-On
1. In a different web browser window, log in to your Egnyte company site as an administrator.
2. Click Settings.
3. In the menu, click Settings.
4. Click the Configuration tab, and then click Security.
5. In the Single Sign-On Authentication section, perform the following steps:

a. As Single sign-on authentication, select SAML 2.0.
b. As Identity provider, select AzureAD.
c. Paste Login URL copied from Azure portal into the Identity provider login URL textbox.
d. Paste Azure AD Identifier which you have copied from Azure portal into the Identity provider entity
ID textbox.
e. Open your base-64 encoded certificate in notepad downloaded from Azure portal, copy the content of it
into your clipboard, and then paste it to the Identity provider certificate textbox.
f. As Default user mapping, select Email address.
g. As Use domain-specific issuer value, select disabled.
h. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Egnyte.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Egnyte.
2. In the applications list, select Egnyte.

Create Egnyte test user
To enable Azure AD users to log in to Egnyte, they must be provisioned into Egnyte. In the case of Egnyte,
1. Log in to your Egnyte company site as administrator.
2. Go to Settings > Users & Groups.
3. Click Add New User, and then select the type of user you want to add.
4. In the New Power User section, perform the following steps:
a. In Email text box, enter the email of user like Brittasimon@contoso.com.

b. In Username text box, enter the username of user like Brittasimon.
c. Select Single Sign-On as Authentication Type.
d. Click Save.
NOTE
The Azure Active Directory account holder will receive a notification email.
NOTE
You can use any other Egnyte user account creation tools or APIs provided by Egnyte to provision Azure AD user accounts.
Test single sign-on

When you click the Egnyte tile in the Access Panel, you should be automatically signed in to the Egnyte for which
eKincare
In this tutorial, you learn how to integrate eKincare with Azure Active Directory (Azure AD ). Integrating eKincare
You can control in Azure AD who has access to eKincare.
You can enable your users to be automatically signed-in to eKincare (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with eKincare, you need the following items:
eKincare single sign-on enabled subscription
eKincare supports IDP initiated SSO
eKincare supports Just In Time user provisioning
Adding eKincare from the gallery

To configure the integration of eKincare into Azure AD, you need to add eKincare from the gallery to your list of
managed SaaS apps.
To add eKincare from the gallery, perform the following steps:
4. In the search box, type eKincare, select eKincare from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with eKincare based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in eKincare
To configure and test Azure AD single sign-on with eKincare, you need to complete the following building blocks:
2. Configure eKincare Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create eKincare test user - to have a counterpart of Britta Simon in eKincare that is linked to the Azure AD
To configure Azure AD single sign-on with eKincare, perform the following steps:
1. In the Azure portal, on the eKincare application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type a URL using the following pattern: https://<instancename>.ekincare.com/
https://<instancename>.ekincare.com/hul/saml
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact eKincare Client
5. eKincare application expects the SAML assertions in a specific format. Configure the following claims for
employeeid user.extensionattribute1
organizationid "uniquevalue"
organizationname user.companyname
f. Click Ok
g. Click Save.
8. On the Set up eKincare section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure eKincare Single Sign-On
To configure single sign-on on eKincare side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to eKincare support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to eKincare.
1. In the Azure portal, select Enterprise Applications, select All applications, then select eKincare.
2. In the applications list, select eKincare.

Create eKincare test user
In this section, a user called Britta Simon is created in eKincare. eKincare supports just-in-time user
exist in eKincare, a new one is created after authentication.
Test single sign-on
When you click the eKincare tile in the Access Panel, you should be automatically signed in to the eKincare for
Tutorial: Azure Active Directory integration with Eli
Onboarding
In this tutorial, you learn how to integrate Eli Onboarding with Azure Active Directory (Azure AD ). Integrating Eli
Onboarding with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Eli Onboarding.
You can enable your users to be automatically signed-in to Eli Onboarding (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Eli Onboarding, you need the following items:
Eli Onboarding single sign-on enabled subscription
Eli Onboarding supports SP initiated SSO
Adding Eli Onboarding from the gallery

To configure the integration of Eli Onboarding into Azure AD, you need to add Eli Onboarding from the gallery to
To add Eli Onboarding from the gallery, perform the following steps:
4. In the search box, type Eli Onboarding, select Eli Onboarding from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with Eli Onboarding based on a test user called
Britta Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Eli
Onboarding needs to be established.
To configure and test Azure AD single sign-on with Eli Onboarding, you need to complete the following building
blocks:
2. Configure Eli Onboarding Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Eli Onboarding test user - to have a counterpart of Britta Simon in Eli Onboarding that is linked to the
To configure Azure AD single sign-on with Eli Onboarding, perform the following steps:
1. In the Azure portal, on the Eli Onboarding application integration page, select Single sign-on.
dialog.

https://<YOUR DOMAIN URL>/sso/saml/login
b. In the Identifier (Entity ID ) text box, type a URL using the following pattern: https://<YOUR DOMAIN URL>
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Eli Onboarding
6. On the Set up Eli Onboarding section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Eli Onboarding Single Sign-On
To configure single sign-on on Eli Onboarding side, you need to send the downloaded Federation Metadata
XML and appropriate copied URLs from Azure portal to Eli Onboarding support team. They set this setting to

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Eli Onboarding.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Eli Onboarding.
2. In the applications list, select Eli Onboarding.
Create Eli Onboarding test user
In this section, you create a user called Britta Simon in Eli Onboarding. Work with Eli Onboarding support team to
add the users in the Eli Onboarding platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Eli Onboarding tile in the Access Panel, you should be automatically signed in to the Eli
Onboarding for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
integration with Elium
In this tutorial, you'll learn how to integrate Elium with Azure Active Directory (Azure AD ). When you integrate
Elium with Azure AD, you can:
Control in Azure AD who has access to Elium.
Enable your users to be automatically signed-in to Elium with their Azure AD accounts.
Prerequisites
Elium single sign-on (SSO ) enabled subscription.
Elium supports SP and IDP initiated SSO
Elium supports Just In Time user provisioning
Adding Elium from the gallery

To configure the integration of Elium into Azure AD, you need to add Elium from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Elium in the search box.
6. Select Elium from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Elium

Configure and test Azure AD SSO with Elium using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Elium.
To configure and test Azure AD SSO with Elium, complete the following building blocks:
2. Configure Elium SSO - to configure the single sign-on settings on application side.
Create Elium test user - to have a counterpart of B.Simon in Elium that is linked to the Azure AD

1. In the Azure portal, on the Elium application integration page, find the Manage section and select single
sign-on.
edit the settings.
https://<platform-domain>.elium.com/login/saml2/metadata
https://<platform-domain>.elium.com/login/saml2/acs
initiated mode:
https://<platform-domain>.elium.com/login/saml2/login
NOTE
These values are not real. You will get these values from the SP metadata file downloadable at
https://<platform-domain>.elium.com/login/saml2/metadata , which is explained later in this tutorial.
6. Elium application expects the SAML assertions in a specific format, which requires you to add custom
default attributes.
7. In addition to above, Elium application expects few more attributes to be passed back in SAML response
requirements.
email user.mail
job_title user.jobtitle
company user.companyname
NOTE
These are the default claims. Only email claim is required. For JIT provisioning also only email claim is mandatory.
Other custom claims can vary from one customer platform to another customer platform.
computer.
9. On the Set up Elium section, copy the appropriate URL (s) based on your requirement.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Elium.
2. In the applications list, select Elium.
Configure Elium SSO

1. To automate the configuration within Elium, you need to install My Apps Secure Sign-in browser
2. After adding extension to the browser, click on Set up Elium will direct you to the Elium application. From
there, provide the admin credentials to sign into Elium. The browser extension will automatically configure
3. If you want to setup Elium manually, open a new web browser window and sign into your Elium company
site as an administrator and perform the following steps:
4. Click on the User profile from right top corner and then select Administration.
5. Select Security tab.

6. Scroll down to the Single sign-on (SSO ) section and perform the following steps:
a. Copy the value of Verify that SAML2 authentication works for your account and paste it in the
Sign-on URL textbox on the Basic SAML Configuration section in the Azure portal.
NOTE
After configuring SSO, you can always access the default remote login page at the following URL:
https://<platform_domain>/login/regular/login
b. Select Enable SAML2 federation checkbox.

c. Select JIT Provisioning checkbox.
d. Open the SP Metadata by clicking on the Download button.
e. Search for the entityID in the SP Metadata file, copy the entityID value and paste it in the Identifier
textbox on the Basic SAML Configuration section in the Azure portal.
f. Search for the AssertionConsumerService in the SP Metadata file, copy the Location value and paste
it in the Reply URL textbox on the Basic SAML Configuration section in the Azure portal.
g. Open the downloaded metadata file from Azure portal into notepad, copy the content and paste it into
the IdP Metadata textbox.
h. Click Save.
Create Elium test user
In this section, a user called B.Simon is created in Elium. Elium supports just-in-time provisioning, which is
enabled by default. There is no action item for you in this section. If a user doesn't already exist in Elium, a new one
is created when you attempt to access Elium.
NOTE
If you need to create a user manually, contact Elium support team.
Test SSO
When you click the Elium tile in the Access Panel, you should be automatically signed in to the Elium for which you
Try Elium with Azure AD
eLuminate
In this tutorial, you learn how to integrate eLuminate with Azure Active Directory (Azure AD ). Integrating
eLuminate with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to eLuminate.
You can enable your users to be automatically signed-in to eLuminate (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with eLuminate, you need the following items:
eLuminate single sign-on enabled subscription
eLuminate supports SP initiated SSO
Adding eLuminate from the gallery

To configure the integration of eLuminate into Azure AD, you need to add eLuminate from the gallery to your list
To add eLuminate from the gallery, perform the following steps:
4. In the search box, type eLuminate, select eLuminate from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with eLuminate based on a test user called Britta
eLuminate needs to be established.
To configure and test Azure AD single sign-on with eLuminate, you need to complete the following building blocks:
2. Configure eLuminate Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create eLuminate test user - to have a counterpart of Britta Simon in eLuminate that is linked to the Azure
To configure Azure AD single sign-on with eLuminate, perform the following steps:
1. In the Azure portal, on the eLuminate application integration page, select Single sign-on.
dialog.

https://ClientShortName.eluminate.ca/azuresso/account/SignIn
b. In the Identifier (Entity ID ) text box, type a URL using the following pattern: Eluminate/ClientShortName
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact eLuminate Client
Configure eLuminate Single Sign-On

To configure single sign-on on eLuminate side, you need to send the App Federation Metadata Url to
eLuminate support team. They set this setting to have the SAML SSO connection set properly on both sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to eLuminate.
1. In the Azure portal, select Enterprise Applications, select All applications, then select eLuminate.
2. In the applications list, select eLuminate.
Create eLuminate test user
In this section, you create a user called Britta Simon in eLuminate. Work with eLuminate support team to add the
users in the eLuminate platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the eLuminate tile in the Access Panel, you should be automatically signed in to the eLuminate for
Empactis
In this tutorial, you learn how to integrate Empactis with Azure Active Directory (Azure AD ). Integrating Empactis
You can control in Azure AD who has access to Empactis.
You can enable your users to be automatically signed-in to Empactis (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Empactis, you need the following items:
Empactis single sign-on enabled subscription
Empactis supports IDP initiated SSO
Adding Empactis from the gallery

To configure the integration of Empactis into Azure AD, you need to add Empactis from the gallery to your list of
managed SaaS apps.
To add Empactis from the gallery, perform the following steps:
4. In the search box, type Empactis, select Empactis from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Empactis based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Empactis
To configure and test Azure AD single sign-on with Empactis, you need to complete the following building blocks:
2. Configure Empactis Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Empactis test user - to have a counterpart of Britta Simon in Empactis that is linked to the Azure AD
To configure Azure AD single sign-on with Empactis, perform the following steps:
1. In the Azure portal, on the Empactis application integration page, select Single sign-on.
dialog.
6. On the Set up Empactis section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Empactis Single Sign-On
To configure single sign-on on Empactis side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to Empactis support team. They set this setting to have the SAML

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Empactis.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Empactis.
2. In the applications list, select Empactis.

6. If you are expecting any role value in the SAML assertion then in the Select Role dialog, select the
Create Empactis test user
In this section, you create a user called Britta Simon in Empactis. Work with Empactis support team to add the
users in the Empactis platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Empactis tile in the Access Panel, you should be automatically signed in to the Empactis for
EmpCenter
In this tutorial, you learn how to integrate EmpCenter with Azure Active Directory (Azure AD ). Integrating
EmpCenter with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to EmpCenter.
You can enable your users to be automatically signed-in to EmpCenter (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with EmpCenter, you need the following items:
EmpCenter single sign-on enabled subscription
EmpCenter supports SP initiated SSO
Adding EmpCenter from the gallery

To configure the integration of EmpCenter into Azure AD, you need to add EmpCenter from the gallery to your list
To add EmpCenter from the gallery, perform the following steps:
4. In the search box, type EmpCenter, select EmpCenter from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with EmpCenter based on a test user called Britta
EmpCenter needs to be established.
To configure and test Azure AD single sign-on with EmpCenter, you need to complete the following building
blocks:
2. Configure EmpCenter Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create EmpCenter test user - to have a counterpart of Britta Simon in EmpCenter that is linked to the Azure
To configure Azure AD single sign-on with EmpCenter, perform the following steps:
1. In the Azure portal, on the EmpCenter application integration page, select Single sign-on.
dialog.

https://<subdomain>.EmpCenter.com/<instancename>
https://<subdomain>.workforcehosting.com/<instancename>
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact EmpCenter Client support team to get
6. On the Set up EmpCenter section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure EmpCenter Single Sign-On
To configure single sign-on on EmpCenter side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to EmpCenter support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to EmpCenter.
1. In the Azure portal, select Enterprise Applications, select All applications, then select EmpCenter.
2. In the applications list, select EmpCenter.
Create EmpCenter test user
In order to enable Azure AD users to log in to EmpCenter, they must be provisioned into EmpCenter. In the case of
EmpCenter, the user accounts need to be created by your EmpCenter support team.
NOTE
You can use any other EmpCenter user account creation tools or APIs provided by EmpCenter to provision Azure Active
Test single sign-on

When you click the EmpCenter tile in the Access Panel, you should be automatically signed in to the EmpCenter for
Encompass
In this tutorial, you learn how to integrate Encompass with Azure Active Directory (Azure AD ). Integrating
Encompass with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Encompass.
You can enable your users to be automatically signed-in to Encompass (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Encompass, you need the following items:
Encompass single sign-on enabled subscription
Encompass supports IDP initiated SSO
Adding Encompass from the gallery

To configure the integration of Encompass into Azure AD, you need to add Encompass from the gallery to your list
To add Encompass from the gallery, perform the following steps:
4. In the search box, type Encompass, select Encompass from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Encompass based on a test user called Britta
Encompass needs to be established.
To configure and test Azure AD single sign-on with Encompass, you need to complete the following building
blocks:
2. Configure Encompass Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Encompass test user - to have a counterpart of Britta Simon in Encompass that is linked to the Azure
To configure Azure AD single sign-on with Encompass, perform the following steps:
1. In the Azure portal, on the Encompass application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, provide your customer specific value.
https://<subdomain>.voxmobile.com/voxportal/ws/saml/consume
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact Encompass Client
6. On the Set up Encompass section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Encompass Single Sign-On
To configure single sign-on on Encompass side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to Encompass support team. They set this setting to have the SAML

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Encompass.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Encompass.
2. In the applications list, select Encompass.
Create Encompass test user
In this section, you create a user called Britta Simon in Encompass. Work with Encompass support team to add the
users in the Encompass platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Encompass tile in the Access Panel, you should be automatically signed in to the Encompass for
Tutorial: Azure Active Directory integration with Envi
MMIS
In this tutorial, you learn how to integrate Envi MMIS with Azure Active Directory (Azure AD ). Integrating Envi
MMIS with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Envi MMIS.
You can enable your users to be automatically signed-in to Envi MMIS (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Envi MMIS, you need the following items:
Envi MMIS single sign-on enabled subscription
Envi MMIS supports SP and IDP initiated SSO
Adding Envi MMIS from the gallery

To configure the integration of Envi MMIS into Azure AD, you need to add Envi MMIS from the gallery to your list
To add Envi MMIS from the gallery, perform the following steps:
4. In the search box, type Envi MMIS, select Envi MMIS from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Envi MMIS based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Envi
MMIS needs to be established.
To configure and test Azure AD single sign-on with Envi MMIS, you need to complete the following building
blocks:
2. Configure Envi MMIS Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Envi MMIS test user - to have a counterpart of Britta Simon in Envi MMIS that is linked to the Azure
To configure Azure AD single sign-on with Envi MMIS, perform the following steps:
1. In the Azure portal, on the Envi MMIS application integration page, select Single sign-on.
dialog.
https://www.<CUSTOMER DOMAIN>.com/Account
https://www.<CUSTOMER DOMAIN>.com/Account/Acs
initiated mode:
https://www.<CUSTOMER DOMAIN>.com/Account
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact Envi
MMIS Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
7. On the Set up Envi MMIS section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Envi MMIS Single Sign-On
1. In a different web browser window, sign into your Envi MMIS site as an administrator.
2. Click on My Domain tab.
3. Click Edit.
4. Select Use remote authentication checkbox and then select HTTP Redirect from the Authentication
Type dropdown.
5. Select Resources tab and then click Upload Metadata.
6. In the Upload Metadata popup, perform the following steps:
a. Select File option from the Upload From dropdown.

b. Upload the downloaded metadata file from Azure portal by selecting the choose file icon.
c. Click Ok.
7. After uploading the downloaded metadata file, the fields will get populated automatically. Click Update

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Envi MMIS.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Envi MMIS.
2. In the applications list, select Envi MMIS.
Create Envi MMIS test user
To enable Azure AD users to sign in to Envi MMIS, they must be provisioned into Envi MMIS. In the case of Envi
MMIS, provisioning is a manual task.
1. Sign in to your Envi MMIS company site as an administrator.
2. Click on User List tab.
3. Click Add User button.
4. In the Add User section, perform the following steps:

a. In the User Name textbox, type the username of Britta Simon account like brittasimon@contoso.com.
b. In the First Name textbox, type the first name of BrittaSimon like Britta.
c. In the Last Name textbox, type the last name of BrittaSimon like Simon.
d. Enter the Title of the user in the Title of the textbox.
e. In the Email Address textbox, type the email address of Britta Simon account like
brittasimon@contoso.com.
f. In the SSO User Name textbox, type the username of Britta Simon account like
g. Click Save.
Test single sign-on
When you click the Envi MMIS tile in the Access Panel, you should be automatically signed in to the Envi MMIS for
integration with Envoy
In this tutorial, you'll learn how to integrate Envoy with Azure Active Directory (Azure AD ). When you integrate
Envoy with Azure AD, you can:
Control in Azure AD who has access to Envoy.
Enable your users to be automatically signed-in to Envoy with their Azure AD accounts.
Prerequisites
Envoy single sign-on (SSO ) enabled subscription.
Envoy supports SP initiated SSO
Envoy supports Just In Time user provisioning
NOTE
Adding Envoy from the gallery

To configure the integration of Envoy into Azure AD, you need to add Envoy from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Envoy in the search box.
6. Select Envoy from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Envoy

Configure and test Azure AD SSO with Envoy using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Envoy.
To configure and test Azure AD SSO with Envoy, complete the following building blocks:
2. Configure Envoy SSO - to configure the single sign-on settings on application side.
a. Create Envoy test user - to have a counterpart of B.Simon in Envoy that is linked to the Azure AD

1. In the Azure portal, on the Envoy application integration page, find the Manage section and select single
sign-on.
edit the settings.
https://app.envoy.com/a/saml/auth/<company-ID-from-Envoy>
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact Envoy Client support team to get the
6. In the SAML Signing Certificate section, copy the Thumbprint Value and save it on your computer.
7. On the Set up Envoy section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Envoy.
2. In the applications list, select Envoy.
Configure Envoy SSO

1. To automate the configuration within Envoy, you need to install My Apps Secure Sign-in browser
2. After adding extension to the browser, click on Setup Envoy will direct you to the Envoy application. From
there, provide the admin credentials to sign into Envoy. The browser extension will automatically configure
3. If you want to setup Envoy manually, open a new web browser window and sign into your Envoy company
4. In the toolbar on the top, click Settings.
5. Click Company.
6. Click SAML.
7. In the SAML Authentication configuration section, perform the following steps:

NOTE
The value for the HQ location ID is auto generated by the application.
a. In Fingerprint textbox, paste the Thumbprint value of certificate, which you have copied from Azure
portal.
b. Paste Login URL value, which you have copied form the Azure portal into the IDENTITY PROVIDER
HTTP SAML URL textbox.
c. Click Save changes.
Create Envoy test user
In this section, a user called Britta Simon is created in Envoy. Envoy supports just-in-time user provisioning, which
is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Envoy, a new
Test SSO
When you click the Envoy tile in the Access Panel, you should be automatically signed in to the Envoy for which
Try Envoy with Azure AD
integration with ePlatform
In this tutorial, you'll learn how to integrate ePlatform with Azure Active Directory (Azure AD ). When you integrate
ePlatform with Azure AD, you can:
Control in Azure AD who has access to ePlatform.
Enable your users to be automatically signed-in to ePlatform with their Azure AD accounts.
Prerequisites
ePlatform single sign-on (SSO ) enabled subscription.
ePlatform supports IDP initiated SSO
NOTE
Adding ePlatform from the gallery

To configure the integration of ePlatform into Azure AD, you need to add ePlatform from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type ePlatform in the search box.
6. Select ePlatform from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for ePlatform

Configure and test Azure AD SSO with ePlatform using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in ePlatform.
To configure and test Azure AD SSO with ePlatform, complete the following building blocks:
2. Configure ePlatform SSO - to configure the single sign-on settings on application side.
Create ePlatform test user - to have a counterpart of B.Simon in ePlatform that is linked to the Azure

1. In the Azure portal, on the ePlatform application integration page, find the Manage section and select
single sign-on.
edit the settings.
5. ePlatform application expects the SAML assertions in a specific format, which requires you to add custom
default attributes.
6. In addition to above, ePlatform application expects few more attributes to be passed back in SAML response
requirements.
upn user.userprincipalname
9. On the Set up ePlatform section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to ePlatform.
2. In the applications list, select ePlatform.
Configure ePlatform SSO

To configure single sign-on on ePlatform side, you need to send the Thumbprint Value and appropriate copied
URLs from Azure portal to ePlatform support team. They set this setting to have the SAML SSO connection set
Create ePlatform test user
In this section, you create a user called B.Simon in ePlatform. Work with ePlatform support team to add the users
in the ePlatform platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the ePlatform tile in the Access Panel, you should be automatically signed in to the ePlatform for
Try ePlatform with Azure AD
EthicsPoint Incident Management (EPIM)
In this tutorial, you learn how to integrate EthicsPoint Incident Management (EPIM ) with Azure Active Directory
(Azure AD ). Integrating EthicsPoint Incident Management (EPIM ) with Azure AD provides you with the following
benefits:
You can control in Azure AD who has access to EthicsPoint Incident Management (EPIM ).
You can enable your users to be automatically signed-in to EthicsPoint Incident Management (EPIM ) (Single
Sign-On) with their Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with EthicsPoint Incident Management (EPIM ), you need the following items:
EthicsPoint Incident Management (EPIM ) single sign-on enabled subscription
EthicsPoint Incident Management (EPIM ) supports SP initiated SSO
Adding EthicsPoint Incident Management (EPIM) from the gallery

To configure the integration of EthicsPoint Incident Management (EPIM ) into Azure AD, you need to add
EthicsPoint Incident Management (EPIM ) from the gallery to your list of managed SaaS apps.
To add EthicsPoint Incident Management (EPIM ) from the gallery, perform the following steps:
4. In the search box, type EthicsPoint Incident Management (EPIM ), select EthicsPoint Incident
Management (EPIM ) from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with EthicsPoint Incident Management (EPIM )
and the related user in EthicsPoint Incident Management (EPIM ) needs to be established.
To configure and test Azure AD single sign-on with EthicsPoint Incident Management (EPIM ), you need to
2. Configure EthicsPoint Incident Management (EPIM ) Single Sign-On - to configure the Single Sign-On
settings on application side.
5. Create EthicsPoint Incident Management (EPIM ) test user - to have a counterpart of Britta Simon in
EthicsPoint Incident Management (EPIM ) that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with EthicsPoint Incident Management (EPIM ), perform the following steps:
1. In the Azure portal, on the EthicsPoint Incident Management (EPIM ) application integration page,
dialog.

https://<companyname>.navexglobal.com
https://<companyname>.ethicspointvp.com

https://<companyname>.navexglobal.com/adfs/services/trust
https://<servername>.navexglobal.com/adfs/ls/
NOTE
EthicsPoint Incident Management (EPIM) Client support team to get these values. You can also refer to the patterns
6. On the Set up EthicsPoint Incident Management (EPIM ) section, copy the appropriate URL (s) as per
your requirement.
a. Login URL
c. Logout URL
Configure EthicsPoint Incident Management (EPIM ) Single Sign-On
To configure single sign-on on EthicsPoint Incident Management (EPIM ) side, you need to send the
downloaded Federation Metadata XML and appropriate copied URLs from Azure portal to EthicsPoint Incident
Management (EPIM ) support team. They set this setting to have the SAML SSO connection set properly on both
sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to EthicsPoint Incident
Management (EPIM ).
1. In the Azure portal, select Enterprise Applications, select All applications, then select EthicsPoint
Incident Management (EPIM ).
2. In the applications list, select EthicsPoint Incident Management (EPIM ).

Create EthicsPoint Incident Management (EPIM ) test user
In this section, you create a user called Britta Simon in EthicsPoint Incident Management (EPIM ). Work
with EthicsPoint Incident Management (EPIM ) support team to add the users in the EthicsPoint Incident
Management (EPIM ) platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the EthicsPoint Incident Management (EPIM ) tile in the Access Panel, you should be automatically
signed in to the EthicsPoint Incident Management (EPIM ) for which you set up SSO. For more information about
the Access Panel, see Introduction to the Access Panel.
etouches
In this tutorial, you learn how to integrate etouches with Azure Active Directory (Azure AD ). Integrating etouches
You can control in Azure AD who has access to etouches.
You can enable your users to be automatically signed-in to etouches (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with etouches, you need the following items:
etouches single sign-on enabled subscription
etouches supports SP initiated SSO
Adding etouches from the gallery

To configure the integration of etouches into Azure AD, you need to add etouches from the gallery to your list of
managed SaaS apps.
To add etouches from the gallery, perform the following steps:
4. In the search box, type etouches, select etouches from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with etouches based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in etouches
To configure and test Azure AD single sign-on with etouches, you need to complete the following building blocks:
2. Configure etouches Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create etouches test user - to have a counterpart of Britta Simon in etouches that is linked to the Azure AD
To configure Azure AD single sign-on with etouches, perform the following steps:
1. In the Azure portal, on the etouches application integration page, select Single sign-on.
dialog.

https://www.eiseverywhere.com/saml/accounts/?sso&accountid=<ACCOUNTID>
https://www.eiseverywhere.com/<instance name>
NOTE
These values are not real. You update the value with the actual Sign on URL and Identifier, which is explained later in
the tutorial.
5. Your etouches application expects the SAML assertions in a specific format, which requires you to add
the list of default attributes. Click on Edit icon to add the attributes.
6. In addition to above, etouches application expects few more attributes to be passed back in SAML response.
In the User Claims section on the User Attributes dialog, perform the following steps to add SAML token
attribute as shown in the below table:
Email user.mail
f. Click Ok
g. Click Save.
8. On the Set up etouches section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure etouches Single Sign-On
1. To get SSO configured for your application, perform the following steps in the etouches application:
a. Sign in to etouches application using the Admin rights.

b. Go to the SAML Configuration.
c. In the General Settings section, open your downloaded certificate from Azure portal in notepad, copy
the content, and then paste it into the IDP metadata textbox.
d. Click on the Save & Stay button.
e. Click on the Update Metadata button in the SAML Metadata section.
f. This opens the page and performs SSO. Once the SSO is working then you can set up the username.
g. In the Username field, select the emailaddress as shown in the image below.
h. Copy the SP entity ID value and paste it into the Identifier textbox, which is in Basic SAML
i. Copy the SSO URL / ACS value and paste it into the Sign-on URL textbox, which is in Basic SAML

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to etouches.
1. In the Azure portal, select Enterprise Applications, select All applications, then select etouches.
2. In the applications list, select etouches.
Create etouches test user
In this section, you create a user called Britta Simon in etouches. Work with etouches Client support team to add
the users in the etouches platform.
Test single sign-on
When you click the etouches tile in the Access Panel, you should be automatically signed in to the etouches for
integration with Euromonitor Passport
In this tutorial, you'll learn how to integrate Euromonitor Passport with Azure Active Directory (Azure AD ). When
you integrate Euromonitor Passport with Azure AD, you can:
Control in Azure AD who has access to Euromonitor Passport.
Enable your users to be automatically signed-in to Euromonitor Passport with their Azure AD accounts.
Prerequisites
Euromonitor Passport single sign-on (SSO ) enabled subscription.
Euromonitor Passport supports SP and IDP initiated SSO
NOTE
Adding Euromonitor Passport from the gallery

To configure the integration of Euromonitor Passport into Azure AD, you need to add Euromonitor Passport from
5. In the Add from the gallery section, type Euromonitor Passport in the search box.
6. Select Euromonitor Passport from results panel and then add the app. Wait a few seconds while the app is
Configure and test Azure AD single sign-on for Euromonitor Passport

Configure and test Azure AD SSO with Euromonitor Passport using a test user called B.Simon. For SSO to work,
you need to establish a link relationship between an Azure AD user and the related user in Euromonitor Passport.
To configure and test Azure AD SSO with Euromonitor Passport, complete the following building blocks:
2. Configure Euromonitor Passport SSO - to configure the single sign-on settings on application side.
Create Euromonitor Passport test user - to have a counterpart of B.Simon in Euromonitor Passport

1. In the Azure portal, on the Euromonitor Passport application integration page, find the Manage section
edit the settings.
5. If you wish to configure the application in SP initiated mode, you need to get the Sign-on URL form the
Euromonitor Passport support team. After you get the Sign-on URL from the Euromonitor Passport
support team, click Set additional URLs and perform the following step:
Paste the obtained Sign-on URL value from the Euromonitor Passport support team into the Sign-on URL
textbox.
6. Click Save.
7. Euromonitor Passport application expects the SAML assertions in a specific format, which requires you to
8. In addition to above, Euromonitor Passport application expects few more attributes to be passed back in
per your requirements.
Name identifier value user.userprincipalname
NOTE
Client admins can add/change attributes as per their need.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Euromonitor Passport.
2. In the applications list, select Euromonitor Passport.
Configure Euromonitor Passport SSO

To configure single sign-on on Euromonitor Passport side, you need to send the App Federation Metadata Url
to Euromonitor Passport support team. They set this setting to have the SAML SSO connection set properly on
both sides.
Create Euromonitor Passport test user
In this section, you create a user called B.Simon in Euromonitor Passport. Work with Euromonitor Passport support
team to add the users in the Euromonitor Passport platform. Users must be created and activated before you use
single sign-on.
Test SSO
When you click the Euromonitor Passport tile in the Access Panel, you should be automatically signed in to the
Euromonitor Passport for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
Try Euromonitor Passport with Azure AD
Everbridge
In this tutorial, you learn how to integrate Everbridge with Azure Active Directory (Azure AD ). When you integrate
Everbridge with Azure AD, you can:
Control in Azure AD who has access to Everbridge.
Allow your users to be automatically signed in to Everbridge with their Azure AD accounts. This access control
is called single sign-on (SSO ).
Manage your accounts in one central location by using the Azure portal. For more information about software
as a service (SaaS ) app integration with Azure AD, see What is application access and single sign-on with Azure
Active Directory?. If you don't have an Azure subscription, create a free account before you begin.
Prerequisites
To configure Azure AD integration with Everbridge, you need the following items:
An Azure AD subscription. If you don't have an Azure AD environment, you can get a free account.
An Everbridge subscription that uses single sign-on.
Everbridge supports IDP -initiated SSO.
Add Everbridge from the Azure Marketplace

To configure the integration of Everbridge into Azure AD, add Everbridge from the Azure Marketplace to your list
To add Everbridge from the Azure Marketplace, follow these steps.
1. In the Azure portal, on the left navigation pane, select Azure Active Directory.
2. Go to Enterprise applications, and then select All applications.

3. To add a new application, select New application at the top of the dialog box.
4. In the search box, enter Everbridge. Select Everbridge from the result panel, and select Add.

In this section, you configure and test Azure AD single sign-on with Everbridge based on the test user Britta Simon.
For single sign-on to work, establish a link relationship between an Azure AD user and the related user in
Everbridge.
To configure and test Azure AD single sign-on with Everbridge, complete the following building blocks:
Configure Azure AD single sign-on to enable your users to use this feature.
Configure Everbridge as Everbridge manager portal single sign-on to configure the single sign-on settings on
the application side.
Configure Everbridge as Everbridge member portal single sign-on to configure the single sign-on settings on
the application side.
Create an Azure AD test user to test Azure AD single sign-on with Britta Simon.
Assign the Azure AD test user to enable Britta Simon to use Azure AD single sign-on.
Create an Everbridge test user to have a counterpart of Britta Simon in Everbridge that's linked to the Azure AD
Test single sign-on to verify whether the configuration works.
To configure Azure AD single sign-on with Everbridge, follow these steps.
1. In the Azure portal, on the Everbridge application integration page, select Single sign-on.
2. In the Select a single sign-on method dialog box, select the SAML/WS -Fed mode to enable single sign-
on.
3. On the Set up Single Sign-On with SAML page, select Edit to open the Basic SAML Configuration
dialog box.
NOTE
Configure the application either as the manager portal or as the member portal on both the Azure portal and the
Everbridge portal.
4. To configure the Everbridge application as the Everbridge manager portal, in the Basic SAML
Configuration section, follow these steps:
a. In the Identifier box, enter a URL that follows the pattern https://sso.everbridge.net/<API_Name>
b. In the Reply URL box, enter a URL that follows the pattern
https://manager.everbridge.net/saml/SSO/<API_Name>/alias/defaultAlias
NOTE
These values aren't real. Update these values with the actual Identifier and Reply URL values. To get these values,
contact the Everbridge support team. You also can refer to the patterns shown in the Basic SAML Configuration
5. To configure the Everbridge application as the Everbridge member portal, in the Basic SAML
Configuration section, follow these steps:
If you want to configure the application in IDP -initiated mode, follow these steps:
a. In the Identifier box, enter a URL that follows the pattern

https://sso.everbridge.net/<API_Name>/<Organization_ID>
b. In the Reply URL box, enter a URL that follows the pattern
https://member.everbridge.net/saml/SSO/<API_Name>/<Organization_ID>/alias/defaultAlias
If you want to configure the application in SP -initiated mode, select Set additional URLs and follow this
step:
a. In the Sign on URL box, enter a URL that follows the pattern
https://member.everbridge.net/saml/login/<API_Name>/<Organization_ID>/alias/defaultAlias?disco=true
NOTE
These values aren't real. Update these values with the actual Identifier, Reply URL, and Sign on URL values. To get
these values, contact the Everbridge support team. You also can refer to the patterns shown in the Basic SAML
Download to download the Federation Metadata XML. Save it on your computer.
7. In the Set up Everbridge section, copy the URLs you need for your requirements:
Login URL
Azure AD Identifier
Logout URL
Configure Everbridge as Everbridge manager portal single sign-on
To configure SSO on Everbridge as an Everbridge manager portal application, follow these steps.
1. In a different web browser window, sign in to Everbridge as an administrator.
2. In the menu on the top, select the Settings tab. Under Security, select Single Sign-On.
a. In the Name box, enter the name of the identifier provider. An example is your company name.
b. In the API Name box, enter the name of the API.
c. Select Choose File to upload the metadata file that you downloaded from the Azure portal.
d. For SAML Identity Location, select Identity is in the NameIdentifier element of the Subject
statement.
e. In the Identity Provider Login URL box, paste the Login URL value that you copied from the Azure
portal.
f. For Service Provider initiated Request Binding, select HTTP Redirect.
g. Select Save.
Configure Everbridge as Everbridge member portal single sign-on
To configure single sign-on on Everbridge as an Everbridge member portal, send the downloaded Federation
Metadata XML to the Everbridge support team. They set this setting to have the SAML SSO connection set
To create the test user Britta Simon in the Azure portal, follow these steps.
3. In the User dialog box, follow these steps.

b. In the User name box, enter brittasimon@yourcompanydomain.extension . An example is
c. Select the Show Password check box. Write down the value that displays in the Password box.
d. Select Create.
Enable Britta Simon to use Azure single sign-on by granting access to Everbridge.
1. In the Azure portal, select Enterprise applications > All applications >Everbridge.
2. In the applications list, select Everbridge.

5. In the Users and groups dialog box, select Britta Simon in the users list. Choose Select at the bottom of
the screen.
6. If you expect any role value in the SAML assertion, in the Select Role dialog box, select the appropriate role
for the user from the list. Choose Select at the bottom of the screen.
Create an Everbridge test user
In this section, you create the test user Britta Simon in Everbridge. To add users in the Everbridge platform, work
with the Everbridge support team. Users must be created and activated in Everbridge before you use single sign-
on.
Test single sign-on
Test your Azure AD single sign-on configuration by using the Access Panel.
When you select the Everbridge tile in the Access Panel, you should be automatically signed in to the Everbridge
account for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
List of tutorials on how to integrate SaaS apps with Azure Active Directory
integration with Evernote
In this tutorial, you'll learn how to integrate Evernote with Azure Active Directory (Azure AD ). When you integrate
Evernote with Azure AD, you can:
Control in Azure AD who has access to Evernote.
Enable your users to be automatically signed-in to Evernote with their Azure AD accounts.
Prerequisites
Evernote single sign-on (SSO ) enabled subscription.
Evernote supports SP and IDP initiated SSO
NOTE
Adding Evernote from the gallery

To configure the integration of Evernote into Azure AD, you need to add Evernote from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Evernote in the search box.
6. Select Evernote from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Evernote

Configure and test Azure AD SSO with Evernote using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Evernote.
To configure and test Azure AD SSO with Evernote, complete the following building blocks:
2. Configure Evernote SSO - to configure the single sign-on settings on application side.
a. Create Evernote test user - to have a counterpart of B.Simon in Evernote that is linked to the Azure AD

1. In the Azure portal, on the Evernote application integration page, find the Manage section and select
single sign-on.
edit the settings.
In the Identifier text box, type a URL: https://www.evernote.com/saml2
initiated mode:
In the Sign-on URL text box, type a URL: https://www.evernote.com/Login.action
7. To modify the Signing options, click the Edit button to open the SAML Signing Certificate dialog.
a. Select the Sign SAML response and assertion option for Signing Option.
b. Click Save
8. On the Set up Evernote section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Evernote.
2. In the applications list, select Evernote.
Configure Evernote SSO

1. To automate the configuration within Evernote, you need to install My Apps Secure Sign-in browser
2. After adding extension to the browser, click on setup Evernote will direct you to the Evernote application.
From there, provide the admin credentials to sign into Evernote. The browser extension will automatically
3. If you want to setup Evernote manually, open a new web browser window and sign into your Evernote
4. Go to 'Admin Console'
5. From the 'Admin Console', go to ‘Security’ and select ‘Single Sign-On’

6. Configure the following values:
a. Enable SSO: SSO is enabled by default (Click Disable Single Sign-on to remove the SSO
requirement)
b. Paste Login URL value, which you have copied from the Azure portal into the SAML HTTP Request
URL textbox.
c. Open the downloaded certificate from Azure AD in a notepad and copy the content including "BEGIN
CERTIFICATE" and "END CERTIFICATE" and paste it into the X.509 Certificate textbox.
d.Click Save Changes
Create Evernote test user
In order to enable Azure AD users to sign into Evernote, they must be provisioned into Evernote.
In the case of Evernote, provisioning is a manual task.
1. Sign in to your Evernote company site as an administrator.
2. Click the 'Admin Console'.
3. From the 'Admin Console', go to ‘Add users’.
4. Add team members in the Email textbox, type the email address of user account and click Invite.
5. After invitation is sent, the Azure Active Directory account holder will receive an email to accept the
invitation.
Test SSO
When you click the Evernote tile in the Access Panel, you should be automatically signed in to the Evernote for
Try Evernote with Azure AD
Evidence.com
In this tutorial, you learn how to integrate Evidence.com with Azure Active Directory (Azure AD ). Integrating
Evidence.com with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Evidence.com.
You can enable your users to be automatically signed-in to Evidence.com (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Evidence.com, you need the following items:
Evidence.com single sign-on enabled subscription
Evidence.com supports SP initiated SSO
Adding Evidence.com from the gallery

To configure the integration of Evidence.com into Azure AD, you need to add Evidence.com from the gallery to
To add Evidence.com from the gallery, perform the following steps:
4. In the search box, type Evidence.com, select Evidence.com from result panel then click Add button to add
the application.

In this section, you configure and test Azure AD single sign-on with Evidence.com based on a test user called
Evidence.com needs to be established.
To configure and test Azure AD single sign-on with Evidence.com, you need to complete the following building
blocks:
2. Configure Evidence.com Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Evidence.com test user - to have a counterpart of Britta Simon in Evidence.com that is linked to the
To configure Azure AD single sign-on with Evidence.com, perform the following steps:
1. In the Azure portal, on the Evidence.com application integration page, select Single sign-on.
dialog.

a. In the Sign on URL text box, type a URL using the following pattern: https://<yourtenant>.evidence.com
https://<yourtenant>.evidence.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Evidence.com Client
6. On the Set up Evidence.com section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Evidence.com Single Sign-On
1. In a separate web browser window, login to your Evidence.com tenant as an administrator and navigate to
Admin Tab
2. Click on Agency Single Sign On
3. Select SAML Based Single Sign On
4. Copy the Azure AD Identifier, Login URL and Logout URL values shown in the Azure portal and to the
corresponding fields in Evidence.com.
5. Open your downloaded Certificate(Base64) file in notepad, copy the content of it into your clipboard, and
then paste it to the Security Certificate box.
6. Save the configuration in Evidence.com.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Evidence.com.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Evidence.com.
2. In the applications list, select Evidence.com.

Create Evidence.com test user
For Azure AD users to be able to sign in, they must be provisioned for access inside the Evidence.com application.
This section describes how to create Azure AD user accounts inside Evidence.com
To provision a user account in Evidence.com:
1. In a web browser window, log into your Evidence.com company site as an administrator.
2. Navigate to Admin tab.
3. Click on Add User.
4. Click the Add button.
5. The Email Address of the added user must match the username of the users in Azure AD who you wish to
give access. If the username and email address are not the same value in your organization, you can use the
Evidence.com > Attributes > Single Sign-On section of the Azure portal to change the nameidenitifer
sent to Evidence.com to be the email address.
Test single sign-on
When you click the Evidence.com tile in the Access Panel, you should be automatically signed in to the
Evidence.com for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
ExcelityGlobal
In this tutorial, you learn how to integrate ExcelityGlobal with Azure Active Directory (Azure AD ). Integrating
ExcelityGlobal with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to ExcelityGlobal.
You can enable your users to be automatically signed-in to ExcelityGlobal (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with ExcelityGlobal, you need the following items:
ExcelityGlobal single sign-on enabled subscription
ExcelityGlobal supports IDP initiated SSO
Adding ExcelityGlobal from the gallery

To configure the integration of ExcelityGlobal into Azure AD, you need to add ExcelityGlobal from the gallery to
To add ExcelityGlobal from the gallery, perform the following steps:
4. In the search box, type ExcelityGlobal, select ExcelityGlobal from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with ExcelityGlobal based on a test user called
ExcelityGlobal needs to be established.
To configure and test Azure AD single sign-on with ExcelityGlobal, you need to complete the following building
blocks:
2. Configure ExcelityGlobal Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create ExcelityGlobal test user - to have a counterpart of Britta Simon in ExcelityGlobal that is linked to the
To configure Azure AD single sign-on with ExcelityGlobal, perform the following steps:
1. In the Azure portal, on the ExcelityGlobal application integration page, select Single sign-on.
dialog.
For Production Environment : https://ess.excelityglobal.com
For Sandbox Environment : https://s6.excelityglobal.com
For Production Environment : https://ess.excelityglobal.com/ACS
For Sandbox Environment : https://s6.excelityglobal.com/ACS
5. Your ExcelityGlobal application expects the SAML assertions in a specific format, which requires you to add
the list of default attributes, where as nameidentifier is mapped with user.userprincipalname.
ExcelityGlobal application expects nameidentifier to be mapped with user.mail, so you need to edit the
8. On the Set up ExcelityGlobal section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure ExcelityGlobal Single Sign-On
To configure single sign-on on ExcelityGlobal side, you need to send the Thumbprint value and appropriate
copied URLs from Azure portal to ExcelityGlobal support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to ExcelityGlobal.
1. In the Azure portal, select Enterprise Applications, select All applications, then select ExcelityGlobal.
2. In the applications list, select ExcelityGlobal.

Create ExcelityGlobal test user
In this section, you create a user called Britta Simon in ExcelityGlobal. Work with ExcelityGlobal support team to
add the users in the ExcelityGlobal platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the ExcelityGlobal tile in the Access Panel, you should be automatically signed in to the
ExcelityGlobal for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Tutorial: Integrate ExpenseIn with Azure Active
Directory
In this tutorial, you'll learn how to integrate ExpenseIn with Azure Active Directory (Azure AD ). When you integrate
ExpenseIn with Azure AD, you can:
Control in Azure AD who has access to ExpenseIn.
Enable your users to be automatically signed-in to ExpenseIn with their Azure AD accounts.
Prerequisites
ExpenseIn single sign-on (SSO ) enabled subscription.
In this tutorial, you configure and test Azure AD SSO in a test environment. ExpenseIn supports SP and IDP
initiated SSO.
Adding ExpenseIn from the gallery

To configure the integration of ExpenseIn into Azure AD, you need to add ExpenseIn from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type ExpenseIn in the search box.
6. Select ExpenseIn from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.

Configure and test Azure AD SSO with ExpenseIn using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in ExpenseIn.
To configure and test Azure AD SSO with ExpenseIn, complete the following building blocks:
2. Configure ExpenseIn to configure the SSO settings on application side.
5. Create ExpenseIn test user to have a counterpart of B.Simon in ExpenseIn that is linked to the Azure AD
1. In the Azure portal, on the ExpenseIn application integration page, find the Manage section and select
Single sign-on.
In the Reply URL text box, type any one of the URL:
https://app.expensein.com/samlcallback
https://mobileapi.expensein.com/identity/samlcallback
initiated mode:
In the Sign-on URL text box, type a URL: https://app.expensein.com/saml
6. On the Set up Single Sign-On with SAML page, in the SAML Signing Certificate section, click copy
button to copy App Federation Metadata Url and click Download to download the Certificate
(Base64) and save it on your computer.
7. On the Set up ExpenseIn section, copy the appropriate URL (s) based on your requirement.
Configure ExpenseIn
1. To automate the configuration within ExpenseIn, you need to install My Apps Secure Sign-in browser
2. After adding extension to the browser, click on Setup ExpenseIn will direct you to the ExpenseIn
application. From there, provide the admin credentials to sign into ExpenseIn. The browser extension will
3. If you want to setup ExpenseIn manually, open a new web browser window and sign into your ExpenseIn
4. Click on Admin on the top of the page then navigate to Single Sign-On and click Add provider.
5. On the New Identity Provider pop-up, Perform the following steps:

a. In the Provider Name text box, type the name like ex:Azure.
b. Select Yes as Allow Provider Intitated Sign-On.
c. In the Target Url text box, paste the value of Login URL, which you have copied from Azure portal.
d. In the Issuer text box, paste the value of Azure AD Identifier, which you have copied from Azure portal.
e. Open the Certificate (Base64) in Notepad, copy its content and paste it in the Certificate text box.
f. Click Create.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to ExpenseIn.
2. In the applications list, select ExpenseIn.
Create ExpenseIn test user
To enable Azure AD users to sign in to ExpenseIn, they must be provisioned into ExpenseIn. In ExpenseIn,
1. Sign in to ExpenseIn as an Administrator.
2. Click on Admin on the top of the page then navigate to Users and click New User.
3. On the Details pop-up, perform the following steps:

a. In First Name text box, enter the first name of user like B.
c. In Email text box, enter the email of user like B.Simon@contoso.com .
d. Click Create.
Test SSO
When you select the ExpenseIn tile in the Access Panel, you should be automatically signed in to the ExpenseIn for
Tutorial: Integrate Expensify with Azure Active
Directory
In this tutorial, you'll learn how to integrate Expensify with Azure Active Directory (Azure AD ). When you integrate
Expensify with Azure AD, you can:
Control in Azure AD who has access to Expensify.
Enable your users to be automatically signed-in to Expensify with their Azure AD accounts.
Prerequisites
Expensify single sign-on (SSO ) enabled subscription.
Expensify supports SP initiated SSO
Adding Expensify from the gallery

To configure the integration of Expensify into Azure AD, you need to add Expensify from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Expensify in the search box.
6. Select Expensify from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Expensify

Configure and test Azure AD SSO with Expensify using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Expensify.
To configure and test Azure AD SSO with Expensify, complete the following building blocks:
2. Configure Expensify SSO - to configure the Single Sign-On settings on application side.
a. Create Expensify test user - to have a counterpart of B.Simon in Expensify that is linked to the Azure

1. In the Azure portal, on the Expensify application integration page, find the Manage section and select
Single sign-on.
a. In the Sign on URL text box, type a URL: https://www.expensify.com/authentication/saml/login
b. In the Identifier (Entity ID ) text box, type a URL: https://www.expensify.com
c. b. In the Reply URL text box, type a URL using the following pattern:
https://www.expensify.com/authentication/saml/loginCallback?domain=<yourdomain>
NOTE
The Reply URL value is not real. Update this value with the actual Reply URL. Contact Expensify Client support team
to get this value. You can also refer to the patterns shown in the Basic SAML Configuration section in the Azure
portal.
6. On the Set up Expensify section, copy the appropriate URL (s) based on your requirement.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Expensify.
2. In the applications list, select Expensify.
Configure Expensify SSO

To enable SSO in Expensify, you first need to enable Domain Control in the application. You can enable Domain
Control in the application through the steps listed here. For additional support, work with Expensify Client support
team. Once you have Domain Control enabled, follow these steps:
1. Sign on to your Expensify application.

2. In the left panel, click Settings and navigate to SAML.
3. Toggle the SAML Login option as Enabled.
4. Open the downloaded Federation Metadata from Azure AD in notepad, copy the content, and then paste it
into the Identity Provider Metadata textbox.
Create Expensify test user
In this section, you create a user called B.Simon in Expensify. Work with Expensify Client support team to add the
users in the Expensify platform.
Test SSO
When you click the Expensify tile in the Access Panel, you should be automatically signed in to the Expensify for
Explanation-Based Auditing System
In this tutorial, you learn how to integrate Explanation-Based Auditing System with Azure Active Directory (Azure
AD ). Integrating Explanation-Based Auditing System with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Explanation-Based Auditing System.
You can enable your users to be automatically signed-in to Explanation-Based Auditing System (Single Sign-
On) with their Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Explanation-Based Auditing System, you need the following items:
Explanation-Based Auditing System single sign-on enabled subscription
Explanation-Based Auditing System supports SP initiated SSO
Explanation-Based Auditing System supports just-in-time user Provisioning
Adding Explanation-Based Auditing System from the gallery

To configure the integration of Explanation-Based Auditing System into Azure AD, you need to add Explanation-
Based Auditing System from the gallery to your list of managed SaaS apps.
To add Explanation-Based Auditing System from the gallery, perform the following steps:
4. In the search box, type Explanation-Based Auditing System, select Explanation-Based Auditing
System from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Explanation-Based Auditing System based on a
related user in Explanation-Based Auditing System needs to be established.
To configure and test Azure AD single sign-on with Explanation-Based Auditing System, you need to complete the
2. Configure Explanation-Based Auditing System Single Sign-On - to configure the Single Sign-On settings
5. Create Explanation-Based Auditing System test user - to have a counterpart of Britta Simon in
Explanation-Based Auditing System that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with Explanation-Based Auditing System, perform the following steps:
1. In the Azure portal, on the Explanation-Based Auditing System application integration page, select
Single sign-on.
dialog.

In the Sign-on URL text box, type a URL: https://ebas.maizeanalytics.com
Configure Explanation-Based Auditing System Single Sign-On

To configure single sign-on on Explanation-Based Auditing System side, you need to send the App Federation
Metadata Url to Explanation-Based Auditing System support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Explanation-Based
Auditing System.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Explanation-
Based Auditing System.
2. In the applications list, select Explanation-Based Auditing System.

Create Explanation-Based Auditing System test user
In this section, a user called Britta Simon is created in Explanation-Based Auditing System. Explanation-Based
Auditing System supports just-in-time user provisioning, which is enabled by default. There is no action item for
you in this section. If a user doesn't already exist in Explanation-Based Auditing System, a new one is created after
authentication.
Test single sign-on
When you click the Explanation-Based Auditing System tile in the Access Panel, you should be automatically signed
in to the Explanation-Based Auditing System for which you set up SSO. For more information about the Access
Expiration Reminder
In this tutorial, you learn how to integrate Expiration Reminder with Azure Active Directory (Azure AD ). Integrating
Expiration Reminder with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Expiration Reminder.
You can enable your users to be automatically signed-in to Expiration Reminder (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Expiration Reminder, you need the following items:
Expiration Reminder single sign-on enabled subscription
Expiration Reminder supports SP initiated SSO
Adding Expiration Reminder from the gallery

To configure the integration of Expiration Reminder into Azure AD, you need to add Expiration Reminder from the
To add Expiration Reminder from the gallery, perform the following steps:
4. In the search box, type Expiration Reminder, select Expiration Reminder from result panel then click

In this section, you configure and test Azure AD single sign-on with Expiration Reminder based on a test user
in Expiration Reminder needs to be established.
To configure and test Azure AD single sign-on with Expiration Reminder, you need to complete the following
building blocks:
2. Configure Expiration Reminder Single Sign-On - to configure the Single Sign-On settings on application
side.
5. Create Expiration Reminder test user - to have a counterpart of Britta Simon in Expiration Reminder that is
To configure Azure AD single sign-on with Expiration Reminder, perform the following steps:
1. In the Azure portal, on the Expiration Reminder application integration page, select Single sign-on.
dialog.

In the Sign-on URL text box, type a URL: https://app.expirationreminder.net/account/sso
on your computer.
6. On the Set up Expiration Reminder section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Expiration Reminder Single Sign-On
To configure single sign-on on Expiration Reminder side, you need to send the downloaded Certificate (Raw)
and appropriate copied URLs from Azure portal to Expiration Reminder support team. They set this setting to have

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Expiration Reminder.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Expiration
Reminder.
2. In the applications list, type and select Expiration Reminder.
Create Expiration Reminder test user
In this section, you create a user called Britta Simon in Expiration Reminder. Work with Expiration Reminder
support team to add the users in the Expiration Reminder platform. Users must be created and activated before
Test single sign-on
When you click the Expiration Reminder tile in the Access Panel, you should be automatically signed in to the
Expiration Reminder for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
integration with EZOfficeInventory
In this tutorial, you'll learn how to integrate EZOfficeInventory with Azure Active Directory (Azure AD ). When you
integrate EZOfficeInventory with Azure AD, you can:
Control in Azure AD who has access to EZOfficeInventory.
Enable your users to be automatically signed-in to EZOfficeInventory with their Azure AD accounts.
Prerequisites
EZOfficeInventory single sign-on (SSO ) enabled subscription.
EZOfficeInventory supports SP initiated SSO
EZOfficeInventory supports Just In Time user provisioning
NOTE
Adding EZOfficeInventory from the gallery

To configure the integration of EZOfficeInventory into Azure AD, you need to add EZOfficeInventory from the
5. In the Add from the gallery section, type EZOfficeInventory in the search box.
6. Select EZOfficeInventory from results panel and then add the app. Wait a few seconds while the app is added
to your tenant.
Configure and test Azure AD single sign-on for EZOfficeInventory

Configure and test Azure AD SSO with EZOfficeInventory using a test user called B.Simon. For SSO to work, you
need to establish a link relationship between an Azure AD user and the related user in EZOfficeInventory.
To configure and test Azure AD SSO with EZOfficeInventory, complete the following building blocks:
2. Configure EZOfficeInventory SSO - to configure the single sign-on settings on application side.
a. Create EZOfficeInventory test user - to have a counterpart of B.Simon in EZOfficeInventory that is

1. In the Azure portal, on the EZOfficeInventory application integration page, find the Manage section and
edit the settings.
https://<SUBDOMAIN>.ezofficeinventory.com/users/sign_in
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact EZOfficeInventory Client support team
portal.
5. EZOfficeInventory application expects the SAML assertions in a specific format, which requires you to add
the list of default attributes.
6. In addition to above, EZOfficeInventory application expects few more attributes to be passed back in SAML
your requirement.
First_name user.givenname
Last_name user.surname
Email user.mail
8. On the Set up EZOfficeInventory section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to EZOfficeInventory.
2. In the applications list, select EZOfficeInventory.
Configure EZOfficeInventory SSO

1. Open a new web browser window and sign into your EZOfficeInventory company site as an administrator.
2. On the top-right corner of the page, click on Profile and then navigate to Settings > Add Ons.
3. Scroll down up to the SAML Integration section, perform the following steps:
a. Check the Enabled option.
b. In the Identity Provider URL text box, Paste the Login URL value, which you have copied from the
Azure portal.
c. Open the Base64 encoded certificate in notepad, copy its content and paste it into the Identity Provider
Certificate text box.
d. In Login Button Text text box, enter the text of login button.
e. In First Name text box, enter first_name.
f. In Last Name text box, enter last_name.
g. In Email text box, enter email.
h. Select your role as per your requirement from the EZOfficeInventory Role By default option.
i. Click Update.
Create EZOfficeInventory test user
In this section, a user called Britta Simon is created in EZOfficeInventory. EZOfficeInventory supports just-in-time
already exist in EZOfficeInventory, a new one is created after authentication.
Test SSO
When you click the EZOfficeInventory tile in the Access Panel, you should be automatically signed in to the
EZOfficeInventory for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Try EZOfficeInventory with Azure AD
integration with ExponentHR
In this tutorial, you'll learn how to integrate ExponentHR with Azure Active Directory (Azure AD ). When you
integrate ExponentHR with Azure AD, you can:
Control in Azure AD who has access to ExponentHR.
Enable your users to be automatically signed-in to ExponentHR with their Azure AD accounts.
Prerequisites
ExponentHR single sign-on (SSO ) enabled subscription.
ExponentHR supports SP initiated SSO
ExponentHR supports WS -Fed protocol
NOTE
Adding ExponentHR from the gallery

To configure the integration of ExponentHR into Azure AD, you need to add ExponentHR from the gallery to your
5. In the Add from the gallery section, type ExponentHR in the search box.
6. Select ExponentHR from results panel and then add the app. Wait a few seconds while the app is added to
your tenant.
Configure and test Azure AD single sign-on for ExponentHR

Configure and test Azure AD SSO with ExponentHR using a test user called B.Simon. For SSO to work, you need
to establish a link relationship between an Azure AD user and the related user in ExponentHR.
To configure and test Azure AD SSO with ExponentHR, complete the following building blocks:
2. Configure ExponentHR SSO - to configure the single sign-on settings on application side.
a. Create ExponentHR test user - to have a counterpart of B.Simon in ExponentHR that is linked to the

1. In the Azure portal, on the ExponentHR application integration page, find the Manage section and select
single sign-on.
edit the settings.
https://www.exponenthr.com/service/saml/login.aspx

.
B.Simon@contoso.com
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to ExponentHR.
2. In the applications list, select ExponentHR.
Configure ExponentHR SSO

To configure single sign-on on ExponentHR side, you need to send the App Federation Metadata Url to
ExponentHR support team. They set this setting to have the SAML SSO connection set properly on both sides.
Create ExponentHR test user
In this section, you create a user called B.Simon in ExponentHR. Work with ExponentHR support team to add the
users in the ExponentHR platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the ExponentHR tile in the Access Panel, you should be automatically signed in to the ExponentHR
Try ExponentHR with Azure AD
integration with F5
In this tutorial, you'll learn how to integrate F5 with Azure Active Directory (Azure AD ). When you integrate F5
Control in Azure AD who has access to F5.
Enable your users to be automatically signed-in to F5 with their Azure AD accounts.
Prerequisites
F5 single sign-on (SSO ) enabled subscription.
Deploying the joint solution requires the following license:
F5 BIG -IP® Best bundle (or)
F5 BIG -IP Access Policy Manager™ (APM ) standalone license
F5 BIG -IP Access Policy Manager™ (APM ) add-on license on an existing BIG -IP F5 BIG -IP® Local
Traffic Manager™ (LTM ).
In addition to the above license, the F5 system may also be licensed with:
A URL Filtering subscription to use the URL category database
An F5 IP Intelligence subscription to detect and block known attackers and malicious traffic
A network hardware security module (HSM ) to safeguard and manage digital keys for strong
authentication
F5 BIG -IP system is provisioned with APM modules (LTM is optional)
Although optional, it is highly recommended to Deploy the F5 systems in a sync/failover device group (S/F
DG ), which includes the active standby pair, with a floating IP address for high availability (HA). Further
interface redundancy can be achieved using the Link Aggregation Control Protocol (LACP ). LACP manages
the connected physical interfaces as a single virtual interface (aggregate group) and detects any interface
failures within the group.
For Kerberos applications, an on-premises AD service account for constrained delegation. Refer to F5
Documentation for creating a AD delegation account.
Access guided configuration

Access guided configuration’ is supported on F5 TMOS version 13.1.0.8 and above. If your BIG -IP system is
running a version below 13.1.0.8, please refer to the Advanced configuration section.
Access guided configuration presents a completely new and streamlined user experience. This workflow -
based architecture provides intuitive, re-entrant configuration steps tailored to the selected topology.
Before proceeding to the configuration, upgrade the guided configuration by downloading the latest use
case pack from downloads.f5.com. To upgrade, follow the below procedure.
NOTE
The screenshots below are for the latest released version (BIG-IP 15.0 with AGC version 5.0). The configuration steps
below are valid for this use case across from 13.1.0.8 to the latest BIG-IP version.
1. On the F5 BIG -IP Web UI, click on Access >> Guide Configuration.
2. On the Guided Configuration page, click on Upgrade Guided Configuration on the top left-hand
corner.
3. On the Upgrade Guide Configuration pop screen, select Choose File to upload the downloaded use case
pack and click on Upload and Install button.
4. When upgrade is completed, click on the Continue button.

F5 SSO can be configured in three different ways.
Configure F5 single sign-on for Header Based application
Configure F5 single sign-on for Kerberos application
Configure F5 single sign-on for Advanced Kerberos application
Key Authentication Scenarios
Apart from Azure Active Directory native integration support for modern authentication protocols like Open
ID Connect, SAML and WS -Fed, F5 extends secure access for legacy-based authentication apps for both
internal and external access with Azure AD, enabling modern scenarios (e.g. password-less access) to these
applications. This include:
Header-based authentication apps
Kerberos authentication apps
Anonymous authentication or no inbuilt authentication apps
NTLM authentication apps (protection with dual prompts for the user)
Forms Based Application (protection with dual prompts for the user)
Adding F5 from the gallery

To configure the integration of F5 into Azure AD, you need to add F5 from the gallery to your list of managed SaaS
apps.
5. In the Add from the gallery section, type F5 in the search box.
6. Select F5 from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
Configure and test Azure AD single sign-on for F5

Configure and test Azure AD SSO with F5 using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in F5.
To configure and test Azure AD SSO with F5, complete the following building blocks:
2. Configure F5 SSO - to configure the single sign-on settings on application side.
a. Create F5 test user - to have a counterpart of B.Simon in F5 that is linked to the Azure AD

1. In the Azure portal, on the F5 application integration page, find the Manage section and select single sign-
on.
edit the settings.
a. In the Identifier text box, type a URL using the following pattern: https://<YourCustomFQDN>.f5.com/
b. In the Reply URL text box, type a URL using the following pattern: https://<YourCustomFQDN>.f5.com/
initiated mode:
In the Sign-on URL text box, type a URL using the following pattern: https://<YourCustomFQDN>.f5.com/
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact F5
Federation Metadata XML and Certificate (Base64) and select Download to download the certificate
7. On the Set up F5 section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to F5.
2. In the applications list, select F5.
8. Click on Conditional Access .
9. Click on New Policy.
10. You can now see your F5 App as a resource for CA Policy and apply any conditional access including
Multifactor Auth, Device based access control or Identity Protection Policy.
Configure F5 SSO
Configure F5 single sign-on for Header Based application
Guided Configuration
1. Open a new web browser window and sign into your F5 (Header Based) company site as an administrator
and perform the following steps:
2. Navigate to System > Certificate Management > Traffic Certificate Management > SSL Certificate
List. Select Import from the right-hand corner. Specify a Certificate Name (will be referenced Later in the
config). In the Certificate Source, select Upload File specify the certificate downloaded from Azure while
configuring SAML Single Sign on. Click Import.
3. Additionally, you will require SSL Certificate for the Application Hostname. Navigate to System >
Certificate Management > Traffic Certificate Management > SSL Certificate List. Select Import
from the right-hand corner. Import Type will be PKCS 12(IIS ). Specify a Key Name (will be referenced
Later in the config) and the specify the PFX file. Specify the Password for the PFX. Click Import.
NOTE
In the example our app name is Headerapp.superdemo.live , we are using a Wild Card Certificate our keyname is
WildCard-SuperDemo.live .
4. We will use the Guided Experience to setup the Azure AD Federation and Application Access. Go to – F5
BIG -IP Main and select Access > Guided Configuration > Federation > SAML Service Provider. Click
Next then click Next to begin configuration.
5. Provide a Configuration Name. Specify the Entity ID (same as what you configured on the Azure AD
Application Configuration). Specify the Host name. Add a Description for reference. Accept the remaining
default entries and select and then click Save & Next.
6. In this example we are creating a new Virtual Server as 192.168.30.20 with port 443. Specify the Virtual
Server IP address in the Destination Address. Select the Client SSL Profile, select Create new. Specify
previously uploaded application certificate, (the wild card certificate in this example) and the associated key,
and then click Save & Next.
NOTE
in this example our Internal webserver is running on port 888 and we want to publish it with 443.
7. Under Select method to configure your IdP connector, specify Metadata, click on Choose File and
upload the Metadata XML file downloaded earlier from Azure AD. Specify a unique Name for SAML IDP
connector. Choose the Metadata Signing Certificate which was upload earlier. Click Save & Next.
8. Under Select a Pool, specify Create New (alternatively select a pool it already exists). Let other value be
default. Under Pool Servers, type the IP Address under IP Address/Node Name. Specify the Port. Click
Save & Next.
9. On the Single Sign-On Settings screen, select Enable Single Sign-On. Under Selected Single Sign-On
Type choose HTTP header-based. Replace session.saml.last.Identity with
session.saml.last.attr.name.Identity under Username Source ( this variable it set using claims mapping in
the Azure AD ). Under SSO Headers.
HeaderName : MyAuthorization
Header Value : %{session.saml.last.attr.name.Identity}
Click Save & Next
Refer Appendix for complete list of variables and values. You can add more headers as required.
NOTE
Account Name Is the F5 Delegation Account Created (Check F5 Documentation).
10. For purposes of this guidance, we will skip endpoint checks. Refer to F5 documentation for details. Select
Save & Next.
11. Accept the defaults and click Save & Next. Refer F5 documentation for details regarding SAML session
management settings.
12. Review the summary screen and select Deploy to configure the BIG -IP. click on Finish.
Advanced Configuration
This section is intended to be used if you cannot use the Guided configuration or would like to add/modify
additional Parameters. You will require SSL Certificate for the Application Hostname.
1. Navigate to System > Certificate Management > Traffic Certificate Management > SSL Certificate
List. Select Import from the right-hand corner. Import Type will be PKCS 12(IIS ). Specify a Key Name
(will be referenced Later in the config) and the specify the PFX file. Specify the Password for the PFX. Click
Import.
NOTE
In the example our app name is Headerapp.superdemo.live , we are using a Wild Card Certificate our keyname is
WildCard-SuperDemo.live .
Adding a new Web Server to BigIP-F5

1. Click on Main > IApps > Application Services > Application > Create.
2. Provide the Name and under Template choose f5.http.
3. We will publish our HeaderApp2 externally as HTTPS in this case, how should the BIG-IP system handle
SSL Traffic? we specify Terminate SSL from Client, Plaintext to servers (SSL Offload). Specify your
Certificate and Key under Which SSL certificate do you want to use? and Which SSL private key do you
want to use?. Specify the Virtual Server IP under What IP Address do you want to use for the Virtual
Server?.
Specify other details
FQDN
Specify exiting app pool or create a new one.
If creating a new App Server specify internal IP Address and port number.
4. Click Finished.
5. Ensure the App Properties can be modified. Click Main > IApps > Application Services: Applications
>> HeaderApp2. Uncheck Strict Updates (we will modify some setting outside of the GUI). Click Update
button.
6. At this point you should be able to browse the virtual Server.

Configuring F5 as SP and Azure as IDP
1. Click Access > Federation> SAML Service Provider > Local SP Service > click create or + sign.
2. Specify Details for the Service Provider Service. Specify Name representing F5 SP Configuration. Specify
Entity ID (generally same as application URL ).
Create Idp Connector
1. Click Bind/Unbind IdP Connectors button, select Create New IdP Connector and choose From
Metadata option then perform the following steps:
a. Browse to metadata.xml file downloaded from Azure AD and specify an Identity Provider Name.
b. Click ok.
c. The connector is created, and certificate is ready automatically from the metadata xml file.
d. Configure F5BIG -IP to send all request to Azure AD.

e. Click Add New Row, choose AzureIDP (as created in previous steps, specify
f. Matching Source = %{session.server.landinguri}
g. Matching Value = /*
h. Click update
i. Click OK
j. SAML IDP setup is completed
Configure F5 Policy to redirect users to Azure SAML IDP
1. To configure F5 Policy to redirect users to Azure SAML IDP, perform the following steps:
a. Click Main > Access > Profile/Policies > Access Profiles.
b. Click on the Create button.
c. Specify Name (HeaderAppAzureSAMLPolicy in the example).

d. You can customize other settings please refer to F5 Documentation.
e. Click Finished.
f. Once the Policy creation is completed, click on the Policy and go to the Access Policy Tab.
g. Click on the Visual Policy editor, edit Access Policy for Profile link.
h. Click on the + Sign in the Visual Policy editor and choose SAML Auth.
i. Click Add Item.
j. Under Properties specify Name and under AAA Server select the previously configured SP, click SAVE.
k. The basic Policy is ready you can customize the policy to incorporate additional sources/attribute stores.
l. Ensure you click on the Apply Access Policy link on the top.
Apply Access Profile to the Virtual Server
1. Assign the access profile to the Virtual Server in order for F5 BIG -IP APM to apply the profile settings to
incoming traffic and run the previously defined access policy.
a. Click Main > Local Traffic > Virtual Servers.
b. Click on the virtual server, scroll to Access Policy section, in the Access Profile drop down and select the
SAML Policy created (in the example HeaderAppAzureSAMLPolicy)
c. Click update
d. create an F5 BIG -IP iRule® to extract the custom SAML attributes from the incoming assertion and pass
them as HTTP headers to the backend test application. Click Main > Local Traffic > iRules > iRule List >
click create
e. Paste the F5 BIG -IP iRule text below into the Definition window.
when RULE_INIT { set static::debug 0 } when ACCESS_ACL_ALLOWED {

set AZUREAD_USERNAME [ACCESS::session data get
"session.saml.last.attr.name.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"] if {
$static::debug } { log local0. "AZUREAD_USERNAME = $AZUREAD_USERNAME" } if { !([HTTP::header
exists "AZUREAD_USERNAME"]) } { HTTP::header insert "AZUREAD_USERNAME"
$AZUREAD_USERNAME }
set AZUREAD_DISPLAYNAME [ACCESS::session data get
"session.saml.last.attr.name.http://schemas.microsoft.com/identity/claims/displayname"] if { $static::debug } {
log local0. "AZUREAD_DISPLAYNAME = $AZUREAD_DISPLAYNAME" } if { !([HTTP::header exists
"AZUREAD_DISPLAYNAME"]) } { HTTP::header insert "AZUREAD_DISPLAYNAME"
$AZUREAD_DISPLAYNAME }
set AZUREAD_EMAILADDRESS [ACCESS::session data get
"session.saml.last.attr.name.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"] if {
$static::debug } { log local0. "AZUREAD_EMAILADDRESS = $AZUREAD_EMAILADDRESS" } if { !
([HTTP::header exists "AZUREAD_EMAILADDRESS"]) } { HTTP::header insert
"AZUREAD_EMAILADDRESS" $AZUREAD_EMAILADDRESS }}
Sample output below
Create F5 test user

In this section, you create a user called B.Simon in F5. Work with F5 Client support team to add the users in the F5
platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the F5 tile in the Access Panel, you should be automatically signed in to the F5 for which you set up
SSO. For more information about the Access Panel, see Introduction to the Access Panel.
Try F5 with Azure AD
FactSet
In this tutorial, you learn how to integrate FactSet with Azure Active Directory (Azure AD ). Integrating FactSet with
You can control in Azure AD who has access to FactSet.
You can enable your users to be automatically signed-in to FactSet (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with FactSet, you need the following items:
FactSet single sign-on enabled subscription
FactSet supports SP initiated SSO
Adding FactSet from the gallery

To configure the integration of FactSet into Azure AD, you need to add FactSet from the gallery to your list of
managed SaaS apps.
To add FactSet from the gallery, perform the following steps:
4. In the search box, type FactSet, select FactSet from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with FactSet based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in FactSet
To configure and test Azure AD single sign-on with FactSet, you need to complete the following building blocks:
2. Configure FactSet Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create FactSet test user - to have a counterpart of Britta Simon in FactSet that is linked to the Azure AD
To configure Azure AD single sign-on with FactSet, perform the following steps:
1. In the Azure portal, on the FactSet application integration page, select Single sign-on.
dialog.

https://<intendedDestinationURL>.factset.com?idpid=<GUID>
b. In the Identifier (Entity ID ) text box, type a URL using the following pattern: https://login.factset.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact your FactSet
account representative to get these values. If you don't know who your FactSet representative is, you can find help on
the FactSet support numbers page. You can also refer to the patterns shown in the Basic SAML Configuration
6. On the Set up FactSet section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure FactSet Single Sign-On
To configure single sign-on on FactSet side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to FactSet Support individuals you are in contact with. They set this

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to FactSet.
1. In the Azure portal, select Enterprise Applications, select All applications, then select FactSet.
2. In the applications list, select FactSet.
Create FactSet test user
In this section, you create a user called Britta Simon in FactSet. Work with your FactSet account support
representatives to add the users in the FactSet platform. Users must be created and activated before you use single
sign-on.
Test single sign-on
When you click the FactSet tile in the Access Panel, you should be automatically signed in to the FactSet for which
Fidelity NetBenefits
In this tutorial, you learn how to integrate Fidelity NetBenefits with Azure Active Directory (Azure AD ). Integrating
Fidelity NetBenefits with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Fidelity NetBenefits.
You can enable your users to be automatically signed-in to Fidelity NetBenefits (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Fidelity NetBenefits, you need the following items:
Fidelity NetBenefits single sign-on enabled subscription
Fidelity NetBenefits supports IDP initiated SSO
Fidelity NetBenefits supports Just In Time user provisioning
Adding Fidelity NetBenefits from the gallery

To configure the integration of Fidelity NetBenefits into Azure AD, you need to add Fidelity NetBenefits from the
To add Fidelity NetBenefits from the gallery, perform the following steps:
4. In the search box, type Fidelity NetBenefits, select Fidelity NetBenefits from result panel then click Add

In this section, you configure and test Azure AD single sign-on with Fidelity NetBenefits based on a test user called
Fidelity NetBenefits needs to be established.
To configure and test Azure AD single sign-on with Fidelity NetBenefits, you need to complete the following
building blocks:
2. Configure Fidelity NetBenefits Single Sign-On - to configure the Single Sign-On settings on application
side.
5. Create Fidelity NetBenefits test user - to have a counterpart of Britta Simon in Fidelity NetBenefits that is
To configure Azure AD single sign-on with Fidelity NetBenefits, perform the following steps:
1. In the Azure portal, on the Fidelity NetBenefits application integration page, select Single sign-on.
dialog.
For Testing Environment: urn:sp:fidelity:geninbndnbparts20:uat:xq1
For Production Environment: urn:sp:fidelity:geninbndnbparts20
b. In the Reply URL text box, type a URL that to be provided by Fidelity at time of implementation or
contact your assigned Fidelity Client Service Manager.
5. Fidelity NetBenefits application expects the SAML assertions in a specific format, which requires you to add
the list of default attributes, where as nameidentifier is mapped with user.userprincipalname. Fidelity
NetBenefits application expects nameidentifier to be mapped with employeeid or any other claim which
is applicable to your Organization as nameidentifier, so you need to edit the attribute mapping by clicking
NOTE
Fidelity NetBenefits support Static and Dynamic Federation. Static means it will not use SAML based just in time user
provisioning and Dynamic means it supports just in time user provisioning. For using JIT based provisioning
customers have to add some more claims in Azure AD like user's birthdate etc. These details are provided by the your
assigned Fidelity Client Service Manager and they have to enable this dynamic federation for your instance.
7. On the Set up Fidelity NetBenefits section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Fidelity NetBenefits Single Sign-On
To configure single sign-on on Fidelity NetBenefits side, you need to send the downloaded Federation
Metadata XML and appropriate copied URLs from Azure portal to Fidelity NetBenefits support team. They set

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Fidelity NetBenefits.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Fidelity
NetBenefits.
2. In the applications list, select Fidelity NetBenefits.

Create Fidelity NetBenefits test user
In this section, you create a user called Britta Simon in Fidelity NetBenefits. If you are creating Static federation,
please work with your assigned Fidelity Client Service Manager to create users in Fidelity NetBenefits platform.
These users must be created and activated before you use single sign-on.
For Dynamic Federation, users are created using Just In Time user provisioning. For using JIT based provisioning
customers have to add some more claims in Azure AD like user's birthdate etc. These details are provided by the
your assigned Fidelity Client Service Manager and they have to enable this dynamic federation for your
instance.
Test single sign-on
When you click the Fidelity NetBenefits tile in the Access Panel, you should be automatically signed in to the
Fidelity NetBenefits for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
Fieldglass
In this tutorial, you learn how to integrate Fieldglass with Azure Active Directory (Azure AD ). Integrating Fieldglass
You can control in Azure AD who has access to Fieldglass.
You can enable your users to be automatically signed-in to Fieldglass (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Fieldglass, you need the following items:
Fieldglass single sign-on enabled subscription
Fieldglass supports IDP initiated SSO
Adding Fieldglass from the gallery

To configure the integration of Fieldglass into Azure AD, you need to add Fieldglass from the gallery to your list of
managed SaaS apps.
To add Fieldglass from the gallery, perform the following steps:
4. In the search box, type Fieldglass, select Fieldglass from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Fieldglass based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Fieldglass
To configure and test Azure AD single sign-on with Fieldglass, you need to complete the following building blocks:
2. Configure Fieldglass Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Fieldglass test user - to have a counterpart of Britta Simon in Fieldglass that is linked to the Azure AD
To configure Azure AD single sign-on with Fieldglass, perform the following steps:
1. In the Azure portal, on the Fieldglass application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type a URL as https://www.fieldglass.com or follow the pattern:
https://<company name>.fgvms.com
https://www.fieldglass.net/<company name>
https://<company name>.fgvms.com/<company name>
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact Fieldglass Client
6. On the Set up Fieldglass section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Fieldglass Single Sign-On
To configure single sign-on on Fieldglass side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to Fieldglass support team. They set this setting to have the SAML

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Fieldglass.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Fieldglass.
2. In the applications list, select Fieldglass.

Create Fieldglass test user
In this section, you create a user called Britta Simon in Fieldglass. Work with Fieldglass support team to add the
users in the Fieldglass platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Fieldglass tile in the Access Panel, you should be automatically signed in to the Fieldglass for
integration with Figma
In this tutorial, you'll learn how to integrate Figma with Azure Active Directory (Azure AD ). When you integrate
Figma with Azure AD, you can:
Control in Azure AD who has access to Figma.
Enable your users to be automatically signed-in to Figma with their Azure AD accounts.
Prerequisites
Figma single sign-on (SSO ) enabled subscription.
Figma supports SP and IDP initiated SSO
Figma supports Just In Time user provisioning
Adding Figma from the gallery

To configure the integration of Figma into Azure AD, you need to add Figma from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Figma in the search box.
6. Select Figma from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Figma

Configure and test Azure AD SSO with Figma using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Figma.
To configure and test Azure AD SSO with Figma, complete the following building blocks:
2. Configure Figma SSO - to configure the single sign-on settings on application side.
Create Figma test user - to have a counterpart of B.Simon in Figma that is linked to the Azure AD

1. In the Azure portal, on the Figma application integration page, find the Manage section and select single
sign-on.
edit the settings.
https://www.figma.com/saml/<TENANT ID>
https://www.figma.com/saml/<TENANT ID>/consume
initiated mode:
https://www.figma.com/saml/<TENANT ID>/start
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. You will get the
TENANT ID from step#11 of Figma`s article Configure Azure Active Directory SAML SSO process.
6. Figma application expects the SAML assertions in a specific format, which requires you to add custom
default attributes.
7. In addition to above, Figma application expects few more attributes to be passed back in SAML response
requirements.
externalId user.mailnickname
displayName user.displayname
title user.jobtitle
emailaddress user.mail
familyName user.surname
givenName givenName
userName user.userprincipalname

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Figma.
2. In the applications list, select Figma.
Configure Figma SSO

To configure single sign-on on Figma side, you need to follow the Figma`s article Configure Azure Active Directory
SAML SSO process.
Create Figma test user
In this section, a user called Britta Simon is created in Figma. Figma supports just-in-time provisioning, which is
enabled by default. There is no action item for you in this section. If a user doesn't already exist in Figma, a new one
is created when you attempt to access Figma.
Test SSO
When you click the Figma tile in the Access Panel, you should be automatically signed in to the Figma for which
Try Figma with Azure AD
FileCloud
In this tutorial, you learn how to integrate FileCloud with Azure Active Directory (Azure AD ). Integrating FileCloud
You can control in Azure AD who has access to FileCloud.
You can enable your users to be automatically signed-in to FileCloud (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with FileCloud, you need the following items:
FileCloud single sign-on enabled subscription
FileCloud supports SP initiated SSO
FileCloud supports Just In Time user provisioning
Adding FileCloud from the gallery

To configure the integration of FileCloud into Azure AD, you need to add FileCloud from the gallery to your list of
managed SaaS apps.
To add FileCloud from the gallery, perform the following steps:
4. In the search box, type FileCloud, select FileCloud from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with FileCloud based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in FileCloud
To configure and test Azure AD single sign-on with FileCloud, you need to complete the following building blocks:
2. Configure FileCloud Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create FileCloud test user - to have a counterpart of Britta Simon in FileCloud that is linked to the Azure AD
To configure Azure AD single sign-on with FileCloud, perform the following steps:
1. In the Azure portal, on the FileCloud application integration page, select Single sign-on.
dialog.

https://<subdomain>.filecloudonline.com
https://<subdomain>.filecloudonline.com/simplesaml/module.php/saml/sp/metadata.php/default-sp
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact FileCloud Client
6. On the Set up FileCloud section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure FileCloud Single Sign-On
1. In a different web browser window, sign-on to your FileCloud tenant as an administrator.
2. On the left navigation pane, click Settings.
3. Click SSO tab on Settings section.
4. Select SAML as Default SSO Type on Single Sign On (SSO ) Settings panel.
5. In the IdP End Point URL textbox, paste the value of Azure Ad Identifier which you have copied from
Azure portal.
6. Open your downloaded metadata file in notepad, copy the content of it into your clipboard, and then paste it
to the IdP Meta Data textbox on SAML Settings panel.


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to FileCloud.
1. In the Azure portal, select Enterprise Applications, select All applications, then select FileCloud.
2. In the applications list, select FileCloud.

Create FileCloud test user
In this section, a user called Britta Simon is created in FileCloud. FileCloud supports just-in-time user provisioning,
FileCloud, a new one is created after authentication.
NOTE
If you need to create a user manually, you need to contact the FileCloud Client support team.
Test single sign-on
When you click the FileCloud tile in the Access Panel, you should be automatically signed in to the FileCloud for
FilesAnywhere
In this tutorial, you learn how to integrate FilesAnywhere with Azure Active Directory (Azure AD ). Integrating
FilesAnywhere with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to FilesAnywhere.
You can enable your users to be automatically signed-in to FilesAnywhere (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with FilesAnywhere, you need the following items:
FilesAnywhere single sign-on enabled subscription
FilesAnywhere supports SP and IDP initiated SSO
FilesAnywhere supports Just In Time user provisioning
Adding FilesAnywhere from the gallery

To configure the integration of FilesAnywhere into Azure AD, you need to add FilesAnywhere from the gallery to
To add FilesAnywhere from the gallery, perform the following steps:
4. In the search box, type FilesAnywhere, select FilesAnywhere from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with FilesAnywhere based on a test user called
FilesAnywhere needs to be established.
To configure and test Azure AD single sign-on with FilesAnywhere, you need to complete the following building
blocks:
2. Configure FilesAnywhere Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create FilesAnywhere test user - to have a counterpart of Britta Simon in FilesAnywhere that is linked to the
To configure Azure AD single sign-on with FilesAnywhere, perform the following steps:
1. In the Azure portal, on the FilesAnywhere application integration page, select Single sign-on.
dialog.
https://<company name>.filesanywhere.com/saml20.aspx?c=<Client Id>
initiated mode:
https://.filesanywhere.com/
NOTE
These values are not real. Update these values with the actual Reply URL and Sign-On URL. Contact FilesAnywhere
6. FilesAnywhere application expects the SAML assertions in a specific format, which requires you to add
the list of default attributes. Click on Edit icon to add the attributes.
When the users signs up with FilesAnywhere they get the value of clientid attribute from FilesAnywhere
team. You have to add the "Client Id" attribute with the unique value provided by FilesAnywhere.
7. In addition to above, FilesAnywhere application expects few more attributes to be passed back in SAML
clientid "uniquevalue"
f. Click Ok
g. Click Save.
9. On the Set up FilesAnywhere section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure FilesAnywhere Single Sign-On
To configure single sign-on on FilesAnywhere side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to FilesAnywhere support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to FilesAnywhere.
1. In the Azure portal, select Enterprise Applications, select All applications, then select FilesAnywhere.
2. In the applications list, select FilesAnywhere.

Create FilesAnywhere test user
In this section, a user called Britta Simon is created in FilesAnywhere. FilesAnywhere supports just-in-time user
exist in FilesAnywhere, a new one is created after authentication.
Test single sign-on
When you click the FilesAnywhere tile in the Access Panel, you should be automatically signed in to the
FilesAnywhere for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
FirmPlay - Employee Advocacy for Recruiting
In this tutorial, you learn how to integrate FirmPlay - Employee Advocacy for Recruiting with Azure Active
Directory (Azure AD ). Integrating FirmPlay - Employee Advocacy for Recruiting with Azure AD provides you with
You can control in Azure AD who has access to FirmPlay - Employee Advocacy for Recruiting.
You can enable your users to be automatically signed-in to FirmPlay - Employee Advocacy for Recruiting
you begin.
Prerequisites
To configure Azure AD integration with FirmPlay - Employee Advocacy for Recruiting, you need the following
items:
FirmPlay - Employee Advocacy for Recruiting single sign-on enabled subscription
FirmPlay - Employee Advocacy for Recruiting supports SP initiated SSO
Adding FirmPlay - Employee Advocacy for Recruiting from the gallery

To configure the integration of FirmPlay - Employee Advocacy for Recruiting into Azure AD, you need to add
FirmPlay - Employee Advocacy for Recruiting from the gallery to your list of managed SaaS apps.
To add FirmPlay - Employee Advocacy for Recruiting from the gallery, perform the following steps:
4. In the search box, type FirmPlay - Employee Advocacy for Recruiting, select FirmPlay - Employee
Advocacy for Recruiting from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with FirmPlay - Employee Advocacy for Recruiting
and the related user in FirmPlay - Employee Advocacy for Recruiting needs to be established.
To configure and test Azure AD single sign-on with FirmPlay - Employee Advocacy for Recruiting, you need to
2. Configure FirmPlay - Employee Advocacy for Recruiting Single Sign-On - to configure the Single Sign-
5. Create FirmPlay - Employee Advocacy for Recruiting test user - to have a counterpart of Britta Simon in
FirmPlay - Employee Advocacy for Recruiting that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with FirmPlay - Employee Advocacy for Recruiting, perform the following
steps:
1. In the Azure portal, on the FirmPlay - Employee Advocacy for Recruiting application integration page,
dialog.

https://<your-subdomain>.firmplay.com/
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact FirmPlay - Employee Advocacy for
Recruiting Client support team to get the value. You can also refer to the patterns shown in the Basic SAML
6. On the Set up FirmPlay - Employee Advocacy for Recruiting section, copy the appropriate URL (s) as
a. Login URL
c. Logout URL
Configure FirmPlay - Employee Advocacy for Recruiting Single Sign-On
To configure single sign-on on FirmPlay - Employee Advocacy for Recruiting side, you need to send the
downloaded Certificate (Base64) and appropriate copied URLs from Azure portal to FirmPlay - Employee
Advocacy for Recruiting support team. They set this setting to have the SAML SSO connection set properly on
both sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to FirmPlay - Employee
Advocacy for Recruiting.
1. In the Azure portal, select Enterprise Applications, select All applications, then select FirmPlay -
Employee Advocacy for Recruiting.
2. In the applications list, select FirmPlay - Employee Advocacy for Recruiting.
Create FirmPlay - Employee Advocacy for Recruiting test user
In this section, you create a user called Britta Simon in FirmPlay - Employee Advocacy for Recruiting. Work
with FirmPlay - Employee Advocacy for Recruiting support team to add the users in the FirmPlay - Employee
Advocacy for Recruiting platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the FirmPlay - Employee Advocacy for Recruiting tile in the Access Panel, you should be
automatically signed in to the FirmPlay - Employee Advocacy for Recruiting for which you set up SSO. For more
Firstbird
In this tutorial, you learn how to integrate Firstbird with Azure Active Directory (Azure AD ). Integrating Firstbird
You can control in Azure AD who has access to Firstbird.
You can enable your users to be automatically signed-in to Firstbird (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Firstbird, you need the following items:
Firstbird single sign-on enabled subscription
Firstbird supports SP and IDP initiated SSO
Firstbird supports Just In Time user provisioning
Adding Firstbird from the gallery

To configure the integration of Firstbird into Azure AD, you need to add Firstbird from the gallery to your list of
managed SaaS apps.
To add Firstbird from the gallery, perform the following steps:
4. In the search box, type Firstbird, select Firstbird from result panel then click Add button to add the
application.

building blocks:
2. Configure Firstbird Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Firstbird test user - to have a counterpart of Britta Simon in Firstbird that is linked to the Azure AD
1. In the Azure portal, on the Firstbird application integration page, select Single sign-on.
dialog.

https://<company-domain>.auth.1brd.com/saml/sp
https://<company-domain>.auth.1brd.com/saml/callback
initiated mode:
https://<company-domain>.1brd.com/login
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact Firstbird
6. Firstbird application expects the SAML assertions in a specific format. Configure the following claims for
email user.mail
f. Click Ok
g. Click Save.
8. On the Set up Single Sign-On with SAML page, In the SAML Signing Certificate section, click
Download to download Federation Metadata XML and save it on your computer.
Configure Firstbird Single Sign-On
Once you have completed these steps, please send Firstbird the Federation Metadata XML in a support request via
e-email to support@firstbird.com with the subject: "SSO configuration".
Firstbird will then store the configuration in the system accordingly and activate SSO for your account. After that, a
member of the support staff will contact you to verify the configuration.
NOTE
You need to have the SSO option included in your contract.


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Firstbird.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Firstbird.
2. In the applications list, type and select Firstbird.

Create Firstbird test user
In this section, a user called Britta Simon is created in Firstbird. Firstbird supports just-in-time provisioning, which
is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Firstbird, a new
one is created when you attempt to access Firstbird.
Test single sign-on
When you click the Firstbird tile in the Access Panel, you should be automatically signed in to the Firstbird for
integration with FiscalNote
In this tutorial, you'll learn how to integrate FiscalNote with Azure Active Directory (Azure AD ). When you
integrate FiscalNote with Azure AD, you can:
Control in Azure AD who has access to FiscalNote.
Enable your users to be automatically signed-in to FiscalNote with their Azure AD accounts.
Prerequisites
FiscalNote single sign-on (SSO ) enabled subscription.
FiscalNote supports SP initiated SSO
FiscalNote supports Just In Time user provisioning
Adding FiscalNote from the gallery

To configure the integration of FiscalNote into Azure AD, you need to add FiscalNote from the gallery to your list
5. In the Add from the gallery section, type FiscalNote in the search box.
6. Select FiscalNote from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for FiscalNote

Configure and test Azure AD SSO with FiscalNote using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in FiscalNote.
To configure and test Azure AD SSO with FiscalNote, complete the following building blocks:
2. Configure FiscalNote SSO - to configure the single sign-on settings on application side.
a. Create FiscalNote test user - to have a counterpart of B.Simon in FiscalNote that is linked to the Azure

1. In the Azure portal, on the FiscalNote application integration page, find the Manage section and select
single sign-on.
edit the settings.
https://<InstanceName>.fiscalnote.com/login?client=
<ClientID>&redirect_uri=https://app.fiscalnote.com/saml-
login.html&audience=https://api.fiscalnote.com/&connection=
<CONNECTION_NAME>&response_type=id_token%20token
urn:auth0:fiscalnote:<CONNECTIONNAME>
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact FiscalNote Client
5. FiscalNote application expects the SAML assertions in a specific format, which requires you to add custom
default attributes.
6. In addition to above, FiscalNote application expects few more attributes to be passed back in SAML
your requirement.
familyName user.surname
email user.mail
8. On the Set up FiscalNote section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to FiscalNote.
2. In the applications list, select FiscalNote.
Configure FiscalNote SSO

To configure single sign-on on FiscalNote side, you need to send the downloaded Certificate (Raw) and
appropriate copied URLs from Azure portal to FiscalNote support team. They set this setting to have the SAML
Create FiscalNote test user
In this section, a user called B.Simon is created in FiscalNote. FiscalNote supports just-in-time user provisioning,
FiscalNote, a new one is created after authentication.
NOTE
If you need to create a user manually, contact FiscalNote support team.
Test SSO
When you click the FiscalNote tile in the Access Panel, you should be automatically signed in to the FiscalNote for
Try FiscalNote with Azure AD
Tutorial: Azure Active Directory integration with Five9
Plus Adapter (CTI, Contact Center Agents)
In this tutorial, you learn how to integrate Five9 Plus Adapter (CTI, Contact Center Agents) with Azure Active
Directory (Azure AD ). Integrating Five9 Plus Adapter (CTI, Contact Center Agents) with Azure AD provides you
with the following benefits:
You can control in Azure AD who has access to Five9 Plus Adapter (CTI, Contact Center Agents).
You can enable your users to be automatically signed-in to Five9 Plus Adapter (CTI, Contact Center Agents)
you begin.
Prerequisites
To configure Azure AD integration with Five9 Plus Adapter (CTI, Contact Center Agents), you need the following
items:
Five9 Plus Adapter (CTI, Contact Center Agents) single sign-on enabled subscription
Five9 Plus Adapter (CTI, Contact Center Agents) supports IDP initiated SSO
Adding Five9 Plus Adapter (CTI, Contact Center Agents) from the
gallery
To configure the integration of Five9 Plus Adapter (CTI, Contact Center Agents) into Azure AD, you need to add
Five9 Plus Adapter (CTI, Contact Center Agents) from the gallery to your list of managed SaaS apps.
To add Five9 Plus Adapter (CTI, Contact Center Agents) from the gallery, perform the following steps:
4. In the search box, type Five9 Plus Adapter (CTI, Contact Center Agents), select Five9 Plus Adapter
(CTI, Contact Center Agents) from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Five9 Plus Adapter (CTI, Contact Center
Agents) based on a test user called Britta Simon. For single sign-on to work, a link relationship between an Azure
AD user and the related user in Five9 Plus Adapter (CTI, Contact Center Agents) needs to be established.
To configure and test Azure AD single sign-on with Five9 Plus Adapter (CTI, Contact Center Agents), you need to
2. Configure Five9 Plus Adapter (CTI, Contact Center Agents) Single Sign-On - to configure the Single
Sign-On settings on application side.
5. Create Five9 Plus Adapter (CTI, Contact Center Agents) test user - to have a counterpart of Britta Simon
in Five9 Plus Adapter (CTI, Contact Center Agents) that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with Five9 Plus Adapter (CTI, Contact Center Agents), perform the following
steps:
1. In the Azure portal, on the Five9 Plus Adapter (CTI, Contact Center Agents) application integration
page, select Single sign-on.
dialog.
ENVIRONMENT URL
For “Five9 Plus Adapter for Microsoft Dynamics CRM” https://app.five9.com/appsvcs/saml/metadata/alias/msdc
For “Five9 Plus Adapter for Zendesk” https://app.five9.com/appsvcs/saml/metadata/alias/zd
For “Five9 Plus Adapter for Agent Desktop Toolkit” https://app.five9.com/appsvcs/saml/metadata/alias/adt
ENVIRONMENT URL
For “Five9 Plus Adapter for Microsoft Dynamics CRM” https://app.five9.com/appsvcs/saml/SSO/alias/msdc
For “Five9 Plus Adapter for Zendesk” https://app.five9.com/appsvcs/saml/SSO/alias/zd
For “Five9 Plus Adapter for Agent Desktop Toolkit” https://app.five9.com/appsvcs/saml/SSO/alias/adt
6. On the Set up Five9 Plus Adapter (CTI, Contact Center Agents) section, copy the appropriate URL (s) as
a. Login URL
c. Logout URL
Configure Five9 Plus Adapter (CTI, Contact Center Agents) Single Sign-On
1. To configure single sign-on on Five9 Plus Adapter (CTI, Contact Center Agents) side, you need to send
the downloaded Certificate(Base64) and appropriate copied URL (s) to Five9 Plus Adapter (CTI, Contact
Center Agents) support team. Also additionally, for configuring SSO further please follow the below steps
according to the adapter:
a. “Five9 Plus Adapter for Agent Desktop Toolkit” Admin Guide:
https://webapps.five9.com/assets/files/for_customers/documentation/integrations/agent-desktop-
toolkit/plus-agent-desktop-toolkit-administrators-guide.pdf
b. “Five9 Plus Adapter for Microsoft Dynamics CRM” Admin Guide:
https://webapps.five9.com/assets/files/for_customers/documentation/integrations/microsoft/microsoft-
administrators-guide.pdf
c. “Five9 Plus Adapter for Zendesk” Admin Guide:
https://webapps.five9.com/assets/files/for_customers/documentation/integrations/zendesk/zendesk-plus-
administrators-guide.pdf

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Five9 Plus Adapter (CTI,
Contact Center Agents).
1. In the Azure portal, select Enterprise Applications, select All applications, then select Five9 Plus
Adapter (CTI, Contact Center Agents).
2. In the applications list, select Five9 Plus Adapter (CTI, Contact Center Agents).
Create Five9 Plus Adapter (CTI, Contact Center Agents) test user
In this section, you create a user called Britta Simon in Five9 Plus Adapter (CTI, Contact Center Agents). Work with
Five9 Plus Adapter (CTI, Contact Center Agents) support team to add the users in the Five9 Plus Adapter (CTI,
Contact Center Agents) platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Five9 Plus Adapter (CTI, Contact Center Agents tile in the Access Panel, you should be
automatically signed in to the Five9 Plus Adapter (CTI, Contact Center Agents) for which you set up SSO. For
more information about the Access Panel, see Introduction to the Access Panel.
Flatter Files
In this tutorial, you learn how to integrate Flatter Files with Azure Active Directory (Azure AD ). Integrating Flatter
Files with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Flatter Files.
You can enable your users to be automatically signed-in to Flatter Files (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Flatter Files, you need the following items:
Flatter Files single sign-on enabled subscription
Flatter Files supports IDP initiated SSO
Adding Flatter Files from the gallery

To configure the integration of Flatter Files into Azure AD, you need to add Flatter Files from the gallery to your list
To add Flatter Files from the gallery, perform the following steps:
4. In the search box, type Flatter Files, select Flatter Files from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Flatter Files based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Flatter
Files needs to be established.
To configure and test Azure AD single sign-on with Flatter Files, you need to complete the following building
blocks:
2. Configure Flatter Files Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Flatter Files test user - to have a counterpart of Britta Simon in Flatter Files that is linked to the Azure
To configure Azure AD single sign-on with Flatter Files, perform the following steps:
1. In the Azure portal, on the Flatter Files application integration page, select Single sign-on.
dialog.
6. On the Set up Flatter Files section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Flatter Files Single Sign-On
1. Sign-on to your Flatter Files application as an administrator.
2. Click DASHBOARD.
3. Click Settings, and then perform the following steps on the Company tab:
a. Select Use SAML 2.0 for Authentication.
b. Click Configure SAML.
4. On the SAML Configuration dialog, perform the following steps:
a. In the Domain textbox, type your registered domain.
NOTE
If you don't have a registered domain yet, contact your Flatter Files support team via support@flatterfiles.com.
b. In Identity Provider URL textbox, paste the value of Login URL which you have copied form Azure
portal.
c. Open your base-64 encoded certificate in notepad, copy the content of it into your clipboard, and then
paste it to the Identity Provider Certificate textbox.
d. Click Update.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Flatter Files.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Flatter Files.
2. In the applications list, select Flatter Files.
Create Flatter Files test user
The objective of this section is to create a user called Britta Simon in Flatter Files.
To create a user called Britta Simon in Flatter Files, perform the following steps:
1. Sign on to your Flatter Files company site as administrator.
2. In the navigation pane on the left, click Settings, and then click the Users tab.
3. Click Add User.


c. In the Email Address textbox, type Britta's email address in the Azure portal.
d. Click Submit.
Test single sign-on
When you click the Flatter Files tile in the Access Panel, you should be automatically signed in to the Flatter Files
Tutorial: Azure Active Directory integration with Flock
In this tutorial, you learn how to integrate Flock with Azure Active Directory (Azure AD ). Integrating Flock with
You can control in Azure AD who has access to Flock.
You can enable your users to be automatically signed-in to Flock (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Flock, you need the following items:
Flock single sign-on enabled subscription
Flock supports SP initiated SSO
Adding Flock from the gallery

To configure the integration of Flock into Azure AD, you need to add Flock from the gallery to your list of managed
SaaS apps.
To add Flock from the gallery, perform the following steps:
4. In the search box, type Flock, select Flock from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Flock based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Flock
To configure and test Azure AD single sign-on with Flock, you need to complete the following building blocks:
2. Configure Flock Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Flock test user - to have a counterpart of Britta Simon in Flock that is linked to the Azure AD
To configure Azure AD single sign-on with Flock, perform the following steps:
1. In the Azure portal, on the Flock application integration page, select Single sign-on.
dialog.

a. In the Sign on URL text box, type a URL using the following pattern: https://<subdomain>.flock.com/
https://<subdomain>.flock.com/
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Flock Client
6. On the Set up Flock section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Flock Single Sign-On
1. In a different web browser window, log in to your Flock company site as an administrator.
2. Select Authentication tab from the left navigation panel and then select SAML Authentication.
3. In the SAML Authentication section, perform the following steps:
a. In the SAML 2.0 Endpoint(HTTP ) textbox, paste Login URL value which you have copied from the
Azure portal.
b. In the Identity Provider Issuer textbox, paste Azure Ad Identifier value which you have copied from
the Azure portal.
c. Open the downloaded Certificate(Base64) from Azure portal in notepad, paste the content into the
Public Certificate textbox.
d. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Flock.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Flock.
2. In the applications list, select Flock.
Create Flock test user
To enable Azure AD users to log in to Flock, they must be provisioned into Flock. In the case of Flock, provisioning
is a manual task.
1. Log in to your Flock company site as an administrator.
2. Click Manage Team from the left navigation panel.
3. Click Add Member tab and then select Team Members.
4. Enter the email address of the user like Brittasimon@contoso.com and then select Add Users.
Test single sign-on
When you click the Flock tile in the Access Panel, you should be automatically signed in to the Flock for which you
integration with FloQast
In this tutorial, you'll learn how to integrate FloQast with Azure Active Directory (Azure AD ). When you integrate
FloQast with Azure AD, you can:
Control in Azure AD who has access to FloQast.
Enable your users to be automatically signed-in to FloQast with their Azure AD accounts.
Prerequisites
FloQast single sign-on (SSO ) enabled subscription.
FloQast supports SP and IDP initiated SSO
Adding FloQast from the gallery

To configure the integration of FloQast into Azure AD, you need to add FloQast from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type FloQast in the search box.
6. Select FloQast from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for FloQast

Configure and test Azure AD SSO with FloQast using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in FloQast.
To configure and test Azure AD SSO with FloQast, complete the following building blocks:
2. Configure FloQast SSO - to configure the single sign-on settings on application side.
Create FloQast test user - to have a counterpart of B.Simon in FloQast that is linked to the Azure AD

1. In the Azure portal, on the FloQast application integration page, find the Manage section and select single
sign-on.
edit the settings.
In the Identifier text box, type a URL: https://go.floqast.com/
initiated mode:
In the Sign-on URL text box, type a URL: https://go.floqast.com/login/sso
6. FloQast application expects the SAML assertions in a specific format, which requires you to add custom
default attributes.
7. In addition to above, FloQast application expects few more attributes to be passed back in SAML response
requirements.
Email user.mail
computer.
perform the following step.
a. Select Sign SAML response and assertion from the Signing Option.
b. Click Save
10. On the Set up FloQast section, copy the appropriate URL (s) based on your requirement.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to FloQast.
2. In the applications list, select FloQast.
Configure FloQast SSO

To configure single sign-on on FloQast side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to FloQast support team. They set this setting to have the SAML SSO
Create FloQast test user
In this section, you create a user called B.Simon in FloQast. Work with FloQast support team to add the users in
the FloQast platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the FloQast tile in the Access Panel, you should be automatically signed in to the FloQast for which
Try FloQast with Azure AD
Tutorial: Azure Active Directory integration with Fluxx
Labs
In this tutorial, you learn how to integrate Fluxx Labs with Azure Active Directory (Azure AD ). Integrating Fluxx
Labs with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Fluxx Labs.
You can enable your users to be automatically signed-in to Fluxx Labs (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Fluxx Labs, you need the following items:
Fluxx Labs single sign-on enabled subscription
Fluxx Labs supports IDP initiated SSO
Adding Fluxx Labs from the gallery

To configure the integration of Fluxx Labs into Azure AD, you need to add Fluxx Labs from the gallery to your list
To add Fluxx Labs from the gallery, perform the following steps:
4. In the search box, type Fluxx Labs, select Fluxx Labs from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Fluxx Labs based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Fluxx Labs
To configure and test Azure AD single sign-on with Fluxx Labs, you need to complete the following building blocks:
2. Configure Fluxx Labs Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Fluxx Labs test user - to have a counterpart of Britta Simon in Fluxx Labs that is linked to the Azure
To configure Azure AD single sign-on with Fluxx Labs, perform the following steps:
1. In the Azure portal, on the Fluxx Labs application integration page, select Single sign-on.
dialog.
Production https://<subdomain>.fluxx.io
Pre production https://<subdomain>.preprod.fluxxlabs.com
Production https://<subdomain>.fluxx.io/auth/saml/callback
Pre production https://<subdomain>.preprod.fluxxlabs.com/auth/saml/callback
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact Fluxx Labs Client
6. On the Set up Fluxx Labs section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Fluxx Labs Single Sign-On
1. In a different web browser window, sign in to your Fluxx Labs company site as administrator.
2. Select Admin below the Settings section.
3. In the Admin Panel, Select Plug-ins > Integrations and then select SAML SSO -(Disabled)
4. In the attribute section, perform the following steps:
a. Select the SAML SSO checkbox.

b. In the Request Path textbox, type /auth/saml.
c. In the Callback Path textbox, type /auth/saml/callback.
d. In the Assertion Consumer Service Url(Single Sign-On URL ) textbox, enter the Reply URL value,
which you have entered in the Azure portal.
e. In the Audience(SP Entity ID ) textbox, enter the Identifier value, which you have entered in the Azure
portal.
f. In the Identity Provider SSO Target URL textbox, paste the Login URL value, which you have copied
g. Open your base-64 encoded certificate in notepad, copy the content of it into your clipboard, and then
h. In Name identifier Format textbox, enter the value
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress .
i. Click Save.
NOTE
Once the content saved, the field will appear blank for security, but the value has been saved in the configuration.


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Fluxx Labs.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Fluxx Labs.
2. In the applications list, select Fluxx Labs.

Create Fluxx Labs test user
To enable Azure AD users to sign in to Fluxx Labs, they must be provisioned into Fluxx Labs. In the case of Fluxx
Labs, provisioning is a manual task.
1. Sign in to your Fluxx Labs company site as an administrator.
2. Click on the below displayed icon.
3. On the dashboard, click on the below displayed icon to open the New PEOPLE card.
4. On the NEW PEOPLE section, perform the following steps:

a. Fluxx Labs use email as the unique identifier for SSO logins. Populate the SSO UID field with the user’s
email address, that matches the email address, which they are using as login with SSO.
b. Click Save.
Test single sign-on
When you click the Fluxx Labs tile in the Access Panel, you should be automatically signed in to the Fluxx Labs for
FM:Systems
In this tutorial, you learn how to integrate FM:Systems with Azure Active Directory (Azure AD ). Integrating
FM:Systems with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to FM:Systems.
You can enable your users to be automatically signed-in to FM:Systems (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with FM:Systems, you need the following items:
FM:Systems single sign-on enabled subscription
FM:Systems supports IDP initiated SSO
Adding FM:Systems from the gallery

To configure the integration of FM:Systems into Azure AD, you need to add FM:Systems from the gallery to your
To add FM:Systems from the gallery, perform the following steps:
4. In the search box, type FM:Systems, select FM:Systems from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with FM:Systems based on a test user called Britta
FM:Systems needs to be established.
To configure and test Azure AD single sign-on with FM:Systems, you need to complete the following building
blocks:
2. Configure FM:Systems Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create FM:Systems test user - to have a counterpart of Britta Simon in FM:Systems that is linked to the Azure
To configure Azure AD single sign-on with FM:Systems, perform the following steps:
1. In the Azure portal, on the FM:Systems application integration page, select Single sign-on.
dialog.
https://<companyname>.fmshosted.com/fminteract/ConsumerService2.aspx
NOTE
This value is not real. Update this value with the actual Reply URL. Contact FM:Systems Client support team to get
6. On the Set up FM:Systems section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure FM:Systems Single Sign-On
To configure single sign-on on FM:Systems side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to FM:Systems support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to FM:Systems.
1. In the Azure portal, select Enterprise Applications, select All applications, then select FM:Systems.
2. In the applications list, select FM:Systems.
Create FM:Systems test user
1. In a web browser window, sign into your FM:Systems company site as an administrator.
2. Go to System Administration > Manage Security > Users > User list.
3. Click Create new user.

a. Type the UserName, the Password, Confirm Password, E -mail and the Employee ID of a valid Azure
Active Directory account you want to provision into the related textboxes.
b. Click Next.
Test single sign-on
When you click the FM:Systems tile in the Access Panel, you should be automatically signed in to the FM:Systems
integration with Foko Retail
In this tutorial, you'll learn how to integrate Foko Retail with Azure Active Directory (Azure AD ). When you
integrate Foko Retail with Azure AD, you can:
Control in Azure AD who has access to Foko Retail.
Enable your users to be automatically signed-in to Foko Retail with their Azure AD accounts.
Prerequisites
Foko Retail single sign-on (SSO ) enabled subscription.
Foko Retail supports SP initiated SSO
Adding Foko Retail from the gallery

To configure the integration of Foko Retail into Azure AD, you need to add Foko Retail from the gallery to your list
5. In the Add from the gallery section, type Foko Retail in the search box.
6. Select Foko Retail from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Foko Retail

Configure and test Azure AD SSO with Foko Retail using a test user called B.Simon. For SSO to work, you need
to establish a link relationship between an Azure AD user and the related user in Foko Retail.
To configure and test Azure AD SSO with Foko Retail, complete the following building blocks:
2. Configure Foko Retail SSO - to configure the single sign-on settings on application side.
Create Foko Retail test user - to have a counterpart of B.Simon in Foko Retail that is linked to the

1. In the Azure portal, on the Foko Retail application integration page, find the Manage section and select
single sign-on.
edit the settings.
https://api.foko.io/sso/{$CUSTOM_ID}/login
https://api.foko.io/sso/{$CUSTOM_ID}/metadata.xml
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Foko Retail Client
6. On the Set up Foko Retail section, copy the appropriate URL (s) based on your requirement.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Foko Retail.
2. In the applications list, select Foko Retail.
Configure Foko Retail SSO

To configure single sign-on on Foko Retail side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to Foko Retail support team. They set this setting to have the SAML
Create Foko Retail test user
In this section, you create a user called B.Simon in Foko Retail. Work with Foko Retail support team to add the
users in the Foko Retail platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the Foko Retail tile in the Access Panel, you should be automatically signed in to the Foko Retail for
Try Foko Retail with Azure AD
Folloze
In this tutorial, you learn how to integrate Folloze with Azure Active Directory (Azure AD ). Integrating Folloze with
You can control in Azure AD who has access to Folloze.
You can enable your users to be automatically signed-in to Folloze (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Folloze, you need the following items:
Folloze single sign-on enabled subscription
Folloze supports IDP initiated SSO
Folloze supports Just In Time user provisioning
Adding Folloze from the gallery

To configure the integration of Folloze into Azure AD, you need to add Folloze from the gallery to your list of
managed SaaS apps.
To add Folloze from the gallery, perform the following steps:
4. In the search box, type Folloze, select Folloze from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Folloze based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Folloze
To configure and test Azure AD single sign-on with Folloze, you need to complete the following building blocks:
2. Configure Folloze Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Folloze test user - to have a counterpart of Britta Simon in Folloze that is linked to the Azure AD
To configure Azure AD single sign-on with Folloze, perform the following steps:
1. In the Azure portal, on the Folloze application integration page, select Single sign-on.
dialog.
5. Folloze application expects the SAML assertions in a specific format. Configure the following claims for this
Attributes dialog.
Email user.othermail
Nameasemail user.userprincipalname
f. Click Ok
g. Click Save.
8. On the Set up Folloze section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Folloze Single Sign-On
To configure single sign-on on Folloze side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to Folloze support team. They set this setting to have the SAML SSO


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Folloze.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Folloze.
2. In the applications list, type and select Folloze.

Create Folloze test user
In this section, a user called Britta Simon is created in Folloze. Folloze supports just-in-time user provisioning,
which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Folloze,
Test single sign-on
When you click the Folloze tile in the Access Panel, you should be automatically signed in to the Folloze for which
integration with Foodee
In this tutorial, you'll learn how to integrate Foodee with Azure Active Directory (Azure AD ). When you integrate
Foodee with Azure AD, you can:
Control in Azure AD who has access to Foodee.
Enable your users to be automatically signed-in to Foodee with their Azure AD accounts.
Prerequisites
Foodee single sign-on (SSO ) enabled subscription.
Foodee supports SP and IDP initiated SSO
Foodee supports Just In Time user provisioning
NOTE
Adding Foodee from the gallery

To configure the integration of Foodee into Azure AD, you need to add Foodee from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Foodee in the search box.
6. Select Foodee from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Foodee

Configure and test Azure AD SSO with Foodee using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Foodee.
To configure and test Azure AD SSO with Foodee, complete the following building blocks:
2. Configure Foodee SSO - to configure the single sign-on settings on application side.
a. Create Foodee test user - to have a counterpart of B.Simon in Foodee that is linked to the Azure AD

1. In the Azure portal, on the Foodee application integration page, find the Manage section and select single
sign-on.
edit the settings.
https://concierge.food.ee/sso/saml/<INSTANCENAME>/consume
initiated mode:
https://concierge.food.ee/sso/saml/<INSTANCENAME>
NOTE
These values are not real. Update these values with the actual Reply URL and Sign-On URL. Contact Foodee Client
computer.
7. On the Set up Foodee section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Foodee.
2. In the applications list, select Foodee.
Configure Foodee SSO
1. To automate the configuration within Foodee, you need to install My Apps Secure Sign-in browser
2. After adding extension to the browser, click on Set up Foodee will direct you to the Foodee application.
From there, provide the admin credentials to sign into Foodee. The browser extension will automatically
3. If you want to setup Foodee manually, open a new web browser window and sign into your Foodee
4. Click on profile logo on the top right corner of the page then navigate to Single Sign On and perform the
following steps:
a. In the IDP NAME text box, type the name like ex:Azure.
b. Open the Federation Metadata XML in Notepad, copy its content and paste it in the IDP METADATA
XML text box.
c. Click Save.
Create Foodee test user
In this section, a user called B.Simon is created in Foodee. Foodee supports just-in-time provisioning, which is
enabled by default. There is no action item for you in this section. If a user doesn't already exist in Foodee, a new
one is created when you attempt to access Foodee.
Test SSO
When you click the Foodee tile in the Access Panel, you should be automatically signed in to the Foodee for which
Try Foodee with Azure AD
ForeSee CX Suite
In this tutorial, you learn how to integrate ForeSee CX Suite with Azure Active Directory (Azure AD ). Integrating
ForeSee CX Suite with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to ForeSee CX Suite.
You can enable your users to be automatically signed-in to ForeSee CX Suite (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with ForeSee CX Suite, you need the following items:
ForeSee CX Suite single sign-on enabled subscription
ForeSee CX Suite supports SP initiated SSO
ForeSee CX Suite supports Just In Time user provisioning
Adding ForeSee CX Suite from the gallery

To configure the integration of ForeSee CX Suite into Azure AD, you need to add ForeSee CX Suite from the
To add ForeSee CX Suite from the gallery, perform the following steps:
4. In the search box, type ForeSee CX Suite, select ForeSee CX Suite from result panel then click Add

In this section, you configure and test Azure AD single sign-on with ForeSee CX Suite based on a test user called
ForeSee CX Suite needs to be established.
To configure and test Azure AD single sign-on with ForeSee CX Suite, you need to complete the following building
blocks:
2. Configure ForeSee CX Suite Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create ForeSee CX Suite test user - to have a counterpart of Britta Simon in ForeSee CX Suite that is linked
To configure Azure AD single sign-on with ForeSee CX Suite, perform the following steps:
1. In the Azure portal, on the ForeSee CX Suite application integration page, select Single sign-on.
dialog.
following steps:
c. After the metadata file is successfully uploaded, the Identifier value gets auto populated in Basic SAML
Configuration section.
a. In the Sign-on URL text box, type a URL: https://cxsuite.foresee.com/
b. In the Identifier textbox, type a URL using the following pattern: https://www.okta.com/saml2/service-
provider/<UniqueID>
NOTE
If the Identifier value do not get auto polulated, then please fill in the value manually according to above pattern.
The Identifier value is not real. Update this value with the actual Identifier. Contact ForeSee CX Suite Client support
team to get this value. You can also refer to the patterns shown in the Basic SAML Configuration section in the
Azure portal.
6. On the Set up ForeSee CX Suite section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure ForeSee CX Suite Single Sign-On
To configure single sign-on on ForeSee CX Suite side, you need to send the downloaded Federation Metadata
XML and appropriate copied URLs from Azure portal to ForeSee CX Suite support team. They set this setting to

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to ForeSee CX Suite.
1. In the Azure portal, select Enterprise Applications, select All applications, then select ForeSee CX Suite.
2. In the applications list, select ForeSee CX Suite.

Create ForeSee CX Suite test user
In this section, you create a user called Britta Simon in ForeSee CX Suite. Work with ForeSee CX Suite support
team to add the users or the domain that must be added to an allow list for the ForeSee CX Suite platform. If the
domain is added by the team, users will get automatically provisioned to the ForeSee CX Suite platform. Users
must be created and activated before you use single sign-on.
Test single sign-on
When you click the ForeSee CX Suite tile in the Access Panel, you should be automatically signed in to the ForeSee
CX Suite for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Form.com
In this tutorial, you learn how to integrate Form.com with Azure Active Directory (Azure AD ). Integrating
Form.com with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Form.com.
You can enable your users to be automatically signed-in to Form.com (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Form.com, you need the following items:
Form.com single sign-on enabled subscription
Form.com supports SP initiated SSO
Adding Form.com from the gallery

To configure the integration of Form.com into Azure AD, you need to add Form.com from the gallery to your list of
managed SaaS apps.
To add Form.com from the gallery, perform the following steps:
4. In the search box, type Form.com, select Form.com from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Form.com based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Form.com
To configure and test Azure AD single sign-on with Form.com, you need to complete the following building blocks:
2. Configure Form.com Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Form.com test user - to have a counterpart of Britta Simon in Form.com that is linked to the Azure AD
To configure Azure AD single sign-on with Form.com, perform the following steps:
1. In the Azure portal, on the Form.com application integration page, select Single sign-on.
dialog.

a. In the Sign-on URL text box, type a URL using the following pattern: https://<subdomain>.wa-form.com
b. In the Identifier box, type a URL using the following pattern: https://<subdomain>.form.com
https://<subdomain>.wa-form.com/Member/UserAccount/SAML2.action
https://<subdomain>.form.com/Member/UserAccount/SAML2.action
NOTE
Form.com Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
Download to download the Certificate (Base64) and click the copy icon to copy App Federation
Metadata Url from the given options as per your requirement and save it on your computer.
6. On the Set up Form.com section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Form.com Single Sign-On
To configure single sign-on on Form.com side, you need to send the downloaded Certificate (Base64), App
Federation Metadata Url and appropriate copied URLs from Azure portal to Form.com support team. They set

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Form.com.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Form.com.
2. In the applications list, select Form.com.

Create Form.com test user
In this section, you create a user called Britta Simon in Form.com. Work with Form.com support team to add the
users in the Form.com platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Form.com tile in the Access Panel, you should be automatically signed in to the Form.com for
Tutorial: Integrate Freedcamp with Azure Active
Directory
In this tutorial, you'll learn how to integrate Freedcamp with Azure Active Directory (Azure AD ). When you
integrate Freedcamp with Azure AD, you can:
Control in Azure AD who has access to Freedcamp.
Enable your users to be automatically signed-in to Freedcamp with their Azure AD accounts.
Prerequisites
Freedcamp single sign-on (SSO ) enabled subscription.
In this tutorial, you configure and test Azure AD SSO in a test environment. Freedcamp supports SP and IDP
initiated SSO.
Adding Freedcamp from the gallery

To configure the integration of Freedcamp into Azure AD, you need to add Freedcamp from the gallery to your list
5. In the Add from the gallery section, type Freedcamp in the search box.
6. Select Freedcamp from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.

Configure and test Azure AD SSO with Freedcamp using a test user called Britta Simon. For SSO to work, you
need to establish a link relationship between an Azure AD user and the related user in Freedcamp.
To configure and test Azure AD SSO with Freedcamp, complete the following building blocks:
2. Configure Freedcamp to configure the SSO settings on application side.
5. Create Freedcamp test user to have a counterpart of Britta Simon in Freedcamp that is linked to the Azure
1. In the Azure portal, on the Freedcamp application integration page, find the Manage section and select
Single sign-on.
https://<SUBDOMAIN>.freedcamp.com/sso/<UNIQUEID>
https://<SUBDOMAIN>.freedcamp.com/sso/acs/<UNIQUEID>
initiated mode:
https://<SUBDOMAIN>.freedcamp.com/login
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Users can also
enter the url values with respect to their own customer domain and they may not be necessarily of the pattern
freedcamp.com , they can enter any customer domain specific value, specific to their application instance. Also you
can contact Freedcamp Client support team for further information on url patterns.
7. On the Set up Freedcamp section, copy the appropriate URL (s) based on your requirement.
Configure Freedcamp
1. To automate the configuration within Freedcamp, you need to install My Apps Secure Sign-in browser
2. After adding extension to the browser, click on Setup Freedcamp will direct you to the Freedcamp
application. From there, provide the admin credentials to sign into Freedcamp. The browser extension will
3. If you want to setup Freedcamp manually, open a new web browser window and sign into your Freedcamp
4. On the top-right corner of the page, click on profile and then navigate to My Account.
5. From the left side of the menu bar, click on SSO and on the Your SSO connections page perform the
following steps:
a. In the Title text box, type the title.

b. In the Entity ID text box, Paste the Azure AD Identifier value, which you have copied from the Azure
portal.
c. In the Login URL text box, Paste the Login URL value, which you have copied from the Azure portal.
d. Open the Base64 encoded certificate in notepad, copy its content and paste it into the Certificate text
box.
e. Click Submit.
box.
d. Click Create.
In this section, you'll enable Britta Simon to use Azure single sign-on by granting access to Freedcamp.
2. In the applications list, select Freedcamp.
Create Freedcamp test user
To enable Azure AD users, sign in to Freedcamp, they must be provisioned into Freedcamp. In Freedcamp,
1. In a different web browser window, sign in to Freedcamp as a Security Administrator.
2. On the top-toright corner of the page, click on profile and then navigate to Manage System.
3. On the right side of the Manage System page, perform the following steps:
a. Click on Add or invite Users.
b. In the Email text box, enter the email of user like Brittasimon@contoso.com .
c. Click Add User.
Test SSO
When you select the Freedcamp tile in the Access Panel, you should be automatically signed in to the Freedcamp
FreshDesk
In this tutorial, you learn how to integrate FreshDesk with Azure Active Directory (Azure AD ). Integrating
FreshDesk with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to FreshDesk.
You can enable your users to be automatically signed-in to FreshDesk (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with FreshDesk, you need the following items:
FreshDesk single sign-on enabled subscription
FreshDesk supports SP initiated SSO
Adding FreshDesk from the gallery

To configure the integration of FreshDesk into Azure AD, you need to add FreshDesk from the gallery to your list
To add FreshDesk from the gallery, perform the following steps:
4. In the search box, type FreshDesk, select FreshDesk from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with FreshDesk based on a test user called Britta
FreshDesk needs to be established.
To configure and test Azure AD single sign-on with FreshDesk, you need to complete the following building blocks:
2. Configure FreshDesk Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create FreshDesk test user - to have a counterpart of Britta Simon in FreshDesk that is linked to the Azure
To configure Azure AD single sign-on with FreshDesk, perform the following steps:
1. In the Azure portal, on the FreshDesk application integration page, select Single sign-on.
dialog.

https://<tenant-name>.freshdesk.com or any other value Freshdesk has suggested.
https://<tenant-name>.freshdesk.com or any other value Freshdesk has suggested.
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact FreshDesk Client
5. FreshDesk application expects the SAML assertions in a specific format, which requires you to add custom
attribute mappings to your SAML token attributes configuration. The following screenshot shows an
example for this. The default value of Unique User Identifier is user.userprincipalname but FreshDesk
expects this to be mapped with the user's email address. For that you can use user.mail attribute from the
list or use the appropriate attribute value based on your organization configuration.
Unique User Identifier user.mail
f. Click Ok
g. Click Save.
8. Open Command Prompt and run the following commands:

a. Enter certutil.exe -dump FreshDesk.cer value in the command prompt.
NOTE
Here FreshDesk.cer is the certificate which you have downloaded from the Azure portal.
b. Copy the Cert Hash(sha256) value and paste it into the Notepad.
9. On the Set up FreshDesk section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure FreshDesk Single Sign-On
1. In a different web browser window, log into your Freshdesk company site as an administrator.
2. Select the Settings icon and in the Security section, perform the following steps:
a. For Single Sign On (SSO ), select On.

b. Select SAML SSO.
c. In the SAML Login URL textbox, paste Login URL value, which you have copied from the Azure portal.
d. In the Logout URL textbox, paste Logout URL value, which you have copied from the Azure portal.
e. In the Security Certificate Fingerprint textbox, paste Cert Hash(sha256) value which you have
obtained earlier.
f. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to FreshDesk.
1. In the Azure portal, select Enterprise Applications, select All applications, then select FreshDesk.
2. In the applications list, type and select FreshDesk.
Create FreshDesk test user
In order to enable Azure AD users to log into FreshDesk, they must be provisioned into FreshDesk.
In the case of FreshDesk, provisioning is a manual task.
1. Log in to your Freshdesk tenant.
2. In the menu on the top, click Admin.
3. In the General Settings tab, click Agents.
4. Click New Agent.
5. On the Agent Information dialog, perform the following steps:
a. In the Email textbox, type the Azure AD email address of the Azure AD account you want to provision.
b. In the Full Name textbox, type the name of the Azure AD account you want to provision.
c. In the Title textbox, type the title of the Azure AD account you want to provision.
d. Click Save.
NOTE
The Azure AD account holder will get an email that includes a link to confirm the account before it is activated.
NOTE
You can use any other Freshdesk user account creation tools or APIs provided by Freshdesk to provision Azure AD
user accounts to FreshDesk.
Test single sign-on

When you click the FreshDesk tile in the Access Panel, you should be automatically signed in to the FreshDesk for
FreshGrade
In this tutorial, you learn how to integrate FreshGrade with Azure Active Directory (Azure AD ). Integrating
FreshGrade with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to FreshGrade.
You can enable your users to be automatically signed-in to FreshGrade (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with FreshGrade, you need the following items:
FreshGrade single sign-on enabled subscription
FreshGrade supports SP initiated SSO
Adding FreshGrade from the gallery

To configure the integration of FreshGrade into Azure AD, you need to add FreshGrade from the gallery to your
To add FreshGrade from the gallery, perform the following steps:
4. In the search box, type FreshGrade, select FreshGrade from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with FreshGrade based on a test user called Britta
FreshGrade needs to be established.
To configure and test Azure AD single sign-on with FreshGrade, you need to complete the following building
blocks:
2. Configure FreshGrade Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create FreshGrade test user - to have a counterpart of Britta Simon in FreshGrade that is linked to the Azure
To configure Azure AD single sign-on with FreshGrade, perform the following steps:
1. In the Azure portal, on the FreshGrade application integration page, select Single sign-on.
dialog.
a. In the Sign-on URL textbox, type a URL using the following patterns:
https://<subdomain>.freshgrade.com/login
https://<subdomain>.onboarding.freshgrade.com/login
b. In the Identifier (Entity ID ) textbox, type a URL using the following patterns:
https://login.onboarding.freshgrade.com:443/saml/metadata/alias/<instancename>
https://login.freshgrade.com:443/saml/metadata/alias/<instancename>
NOTE
These values are not real. Update these values with the actual Sign-On URL and Identifier. Contact FreshGrade Client
Configure FreshGrade Single Sign-On

To configure single sign-on on FreshGrade side, you need to send the App Federation Metadata Url to
FreshGrade support team. They set this setting to have the SAML SSO connection set properly on both sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to FreshGrade.
1. In the Azure portal, select Enterprise Applications, select All applications, then select FreshGrade.
2. In the applications list, select FreshGrade.
Create FreshGrade test user
In this section, you create a user called Britta Simon in FreshGrade. Work with FreshGrade support team to add the
users in the FreshGrade platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the FreshGrade tile in the Access Panel, you should be automatically signed in to the FreshGrade
integration with Freshservice
In this tutorial, you'll learn how to integrate Freshservice with Azure Active Directory (Azure AD ). When you
integrate Freshservice with Azure AD, you can:
Control in Azure AD who has access to Freshservice.
Enable your users to be automatically signed-in to Freshservice with their Azure AD accounts.
Prerequisites
Freshservice single sign-on (SSO ) enabled subscription.
Freshservice supports SP initiated SSO
Adding Freshservice from the gallery

To configure the integration of Freshservice into Azure AD, you need to add Freshservice from the gallery to your
5. In the Add from the gallery section, type Freshservice in the search box.
6. Select Freshservice from results panel and then add the app. Wait a few seconds while the app is added to
your tenant.
Configure and test Azure AD single sign-on for Freshservice

Configure and test Azure AD SSO with Freshservice using a test user called B.Simon. For SSO to work, you need
to establish a link relationship between an Azure AD user and the related user in Freshservice.
To configure and test Azure AD SSO with Freshservice, complete the following building blocks:
2. Configure Freshservice SSO - to configure the single sign-on settings on application side.
a. Create Freshservice test user - to have a counterpart of B.Simon in Freshservice that is linked to the

1. In the Azure portal, on the Freshservice application integration page, find the Manage section and select
single sign-on.
edit the settings.
https://<democompany>.freshservice.com
https://<democompany>.freshservice.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Freshservice Client
6. Freshservice requires SHA-256 fingerprint to get SSO working. To get SHA-256 fingerprint, perform the
following steps :
a. Open the link in different web browser.
b. Open downloaded certificate (Base64) file in the Notepad and paste content in the X.509 cert
textbox.
c. For the Algorithm, select sha256 from the dropdown.
d. Click CALCULATE FINGERPRINT.
e. Click on the copy icon to copy the generated FingerPrint and save it on your computer.
7. On the Set up Freshservice section on the Azure portal, copy the appropriate URL (s) based on your
requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Freshservice.
2. In the applications list, select Freshservice.
Configure Freshservice SSO

1. To automate the configuration within Freshservice, you need to install My Apps Secure Sign-in browser
2. After adding extension to the browser, click on Setup Freshservice will direct you to the Freshservice
application. From there, provide the admin credentials to sign into Freshservice. The browser extension will
3. If you want to setup Freshservice manually, open a new web browser window and sign into your
Freshservice company site as an administrator and perform the following steps:
5. In the Customer Portal, click Security.
6. In the Security section, perform the following steps:
a. Switch Single Sign On.

b. Select SAML SSO.
c. In the SAML Login URL textbox, paste the value of Login URL, which you have copied from Azure
portal.
d. In the Logout URL textbox, paste the value of Logout URL, which you have copied from Azure portal.
e. In Security Certificate Fingerprint textbox, paste the FingerPrint value, which you have generated
earlier.
f. Click Save
Create Freshservice test user
To enable Azure AD users to sign in to FreshService, they must be provisioned into FreshService. In the case of
FreshService, provisioning is a manual task.
1. Sign in to your FreshService company site as an administrator.
3. In the User Management section, click Requesters.
4. Click New Requester.
5. In the New Requester section, perform the following steps:
a. Enter the First Name and Email attributes of a valid Azure Active Directory account you want to
b. Click Save.
NOTE
The Azure Active Directory account holder gets an email including a link to confirm the account before it becomes
active
NOTE
You can use any other FreshService user account creation tools or APIs provided by FreshService to provision Azure AD user
accounts.
Test SSO
When you click the Freshservice tile in the Access Panel, you should be automatically signed in to the Freshservice
Try Freshservice with Azure AD
integration with Freshworks
In this tutorial, you'll learn how to integrate Freshworks with Azure Active Directory (Azure AD ). When you
integrate Freshworks with Azure AD, you can:
Control in Azure AD who has access to Freshworks.
Enable your users to be automatically signed-in to Freshworks with their Azure AD accounts.
Prerequisites
Freshworks single sign-on (SSO ) enabled subscription.
Freshworks supports SP initiated SSO
Adding Freshworks from the gallery

To configure the integration of Freshworks into Azure AD, you need to add Freshworks from the gallery to your list
5. In the Add from the gallery section, type Freshworks in the search box.
6. Select Freshworks from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Freshworks

Configure and test Azure AD SSO with Freshworks using a test user called B.Simon. For SSO to work, you need
to establish a link relationship between an Azure AD user and the related user in Freshworks.
To configure and test Azure AD SSO with Freshworks, complete the following building blocks:
2. Configure Freshworks SSO - to configure the single sign-on settings on application side.
a. Create Freshworks test user - to have a counterpart of B.Simon in Freshworks that is linked to the

1. In the Azure portal, on the Freshworks application integration page, find the Manage section and select
single sign-on.
edit the settings.
https://<SUBDOMAIN>.freshworks.com/login
https://<SUBDOMAIN>.freshworks.com/sp/SAML/<MODULE_ID>/metadata
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Freshworks Client
6. To modify the Signing options as per your requirement, click Edit button to open SAML Signing
Certificate dialog.
a. Select Sign SAML response as Signing Option.
b. Click Save.
7. On the Set up Freshworks section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Freshworks.
2. In the applications list, select Freshworks.
Configure Freshworks SSO

1. Open a new web browser window and sign into your Freshworks company site as an administrator and
2. From the left side of menu, click on Security icon then check the Single sign-on option and select SAML
SSO under Authentication Methods.
3. On the Single sign-on section, perform the following steps:
a. Click Copy to copy the Service Provider(SP ) Entity ID for your instance and paste it in Identifier
(Entity ID ) text box in Basic SAML Configuration section on Azure portal.
b. In the Entity ID provided by the IdP text box, Paste the Azure AD Identifier value, which you have
c. In the SAML SSO URL text box, Paste the Login URL value, which you have copied from the Azure
portal.
d. Open the Base64 encoded certificate in notepad, copy its content and paste it into the Security
certificate text box.
e. Click Save.
Create Freshworks test user
In this section, you create a user called B.Simon in Freshworks. Work with Freshworks Client support team to add
the users in the Freshworks platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the Freshworks tile in the Access Panel, you should be automatically signed in to the Freshworks
Try Freshworks with Azure AD
Tutorial: Azure Active Directory integration with Front
In this tutorial, you learn how to integrate Front with Azure Active Directory (Azure AD ). Integrating Front with
You can control in Azure AD who has access to Front.
You can enable your users to be automatically signed-in to Front (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Front, you need the following items:
Front single sign-on enabled subscription
Front supports IDP initiated SSO
Adding Front from the gallery

To configure the integration of Front into Azure AD, you need to add Front from the gallery to your list of managed
SaaS apps.
To add Front from the gallery, perform the following steps:
4. In the search box, type Front, select Front from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Front based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Front
To configure and test Azure AD single sign-on with Front, you need to complete the following building blocks:
2. Configure Front Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Front test user - to have a counterpart of Britta Simon in Front that is linked to the Azure AD
To configure Azure AD single sign-on with Front, perform the following steps:
1. In the Azure portal, on the Front application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type a URL using the following pattern: https://<companyname>.frontapp.com
https://<companyname>.frontapp.com/sso/saml/callback
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact Front Client support
Azure portal.
6. On the Set up Front section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Front Single Sign-On
1. Sign-on to your Front tenant as an administrator.
2. Go to Settings (cog icon at the bottom of the left sidebar) > Preferences.
3. Click Single Sign On link.
4. Select SAML in the drop-down list of Single Sign On.
5. In the Entry Point textbox put the value of Login URL from Azure AD application configuration wizard.
6. Open your downloaded Certificate(Base64) file in notepad, copy the content of it into your clipboard, and
then paste it to the Signing certificate textbox.
7. On the Service provider settings section, perform the following steps:
a. Copy the value of Entity ID and paste it into the Identifier textbox in Front Domain and URLs section
in Azure portal.
b. Copy the value of ACS URL and paste it into the Reply URL textbox in Front Domain and URLs section
in Azure portal.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Front.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Front.
2. In the applications list, select Front.
Create Front test user
In this section, you create a user called Britta Simon in Front. Work with Front Client support team to add the users
in the Front platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Front tile in the Access Panel, you should be automatically signed in to the Front for which you
Tutorial: Integrate Frontline Education with Azure
Active Directory
In this tutorial, you'll learn how to integrate Frontline Education with Azure Active Directory (Azure AD ). When you
integrate Frontline Education with Azure AD, you can:
Control in Azure AD who has access to Frontline Education.
Enable your users to be automatically signed-in to Frontline Education with their Azure AD accounts.
Prerequisites
Frontline Education single sign-on (SSO ) enabled subscription.
Frontline Education supports SP initiated SSO
Adding Frontline Education from the gallery

To configure the integration of Frontline Education into Azure AD, you need to add Frontline Education from the
5. In the Add from the gallery section, type Frontline Education in the search box.
6. Select Frontline Education from results panel and then add the app. Wait a few seconds while the app is
Configure and test Azure AD single sign-on for Frontline Education

Configure and test Azure AD SSO with Frontline Education using a test user called B.Simon. For SSO to work,
you need to establish a link relationship between an Azure AD user and the related user in Frontline Education.
To configure and test Azure AD SSO with Frontline Education, complete the following building blocks:
2. Configure Frontline Education SSO - to configure the Single Sign-On settings on application side.
a. Create Frontline Education test user - to have a counterpart of B.Simon in Frontline Education that is

1. In the Azure portal, on the Frontline Education application integration page, find the Manage section and
In the Sign on URL text box, type a URL using the following pattern:
https://login.frontlineeducation.com/sso/<CLIENTID>
NOTE
The Sign on URL value is not real. Update the value with the actual Sign on URL. Contact Frontline Education Client
the Azure portal.

.
B.Simon@contoso.com
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Frontline Education.
2. In the applications list, select Frontline Education.
Configure Frontline Education SSO

To configure single sign-on on Frontline Education side, you need to send the App Federation Metadata Url to
Frontline Education support team. They set this setting to have the SAML SSO connection set properly on both
sides.
Create Frontline Education test user
In this section, you create a user called Britta Simon in Frontline Education. Work with Frontline Education support
team to add the users in the Frontline Education platform. Users must be created and activated before you use
single sign-on.
Test SSO
When you click the Frontline Education tile in the Access Panel, you should be automatically signed in to the
Frontline Education for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
Fulcrum
In this tutorial, you learn how to integrate Fulcrum with Azure Active Directory (Azure AD ). Integrating Fulcrum
You can control in Azure AD who has access to Fulcrum.
You can enable your users to be automatically signed-in to Fulcrum (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Fulcrum, you need the following items:
Fulcrum single sign-on enabled subscription
Fulcrum supports SP and IDP initiated SSO
Fulcrum supports Just In Time user provisioning
Adding Fulcrum from the gallery

To configure the integration of Fulcrum into Azure AD, you need to add Fulcrum from the gallery to your list of
managed SaaS apps.
To add Fulcrum from the gallery, perform the following steps:
4. In the search box, type Fulcrum, select Fulcrum from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Fulcrum based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Fulcrum
To configure and test Azure AD single sign-on with Fulcrum, you need to complete the following building blocks:
2. Configure Fulcrum Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Fulcrum test user - to have a counterpart of Britta Simon in Fulcrum that is linked to the Azure AD
To configure Azure AD single sign-on with Fulcrum, perform the following steps:
1. In the Azure portal, on the Fulcrum application integration page, select Single sign-on.
dialog.
https://web.fulcrumapp.com/saml/consume?organization=<DOMAIN>
initiated mode:
In the Sign-on URL text box, type a URL: https://web.fulcrumapp.com/users/saml
NOTE
The Reply URL value is not real. Update the value with the actual Reply URL. Contact Fulcrum Client support team to
6. Fulcrum application expects the SAML assertions in a specific format, which requires you to add custom
7. In addition to above, Fulcrum application expects few more attributes to be passed back in SAML response.
email user.mail
f. Click Ok
g. Click Save.
9. On the Set up Fulcrum section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Fulcrum Single Sign-On
To configure single sign-on on Fulcrum side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to Fulcrum support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Fulcrum.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Fulcrum.
2. In the applications list, select Fulcrum.

Create Fulcrum test user
In this section, a user called Britta Simon is created in Fulcrum. Fulcrum supports just-in-time user provisioning,
which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Fulcrum,
Test single sign-on
When you click the Fulcrum tile in the Access Panel, you should be automatically signed in to the Fulcrum for
Tutorial: Azure Active Directory integration with Fuse
In this tutorial, you learn how to integrate Fuse with Azure Active Directory (Azure AD ). Integrating Fuse with
You can control in Azure AD who has access to Fuse.
You can enable your users to be automatically signed-in to Fuse (Single Sign-On) with their Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Fuse, you need the following items:
Fuse single sign-on enabled subscription
Fuse supports SP initiated SSO
Adding Fuse from the gallery

To configure the integration of Fuse into Azure AD, you need to add Fuse from the gallery to your list of managed
SaaS apps.
To add Fuse from the gallery, perform the following steps:
4. In the search box, type Fuse, select Fuse from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Fuse based on a test user called Britta Simon.
For single sign-on to work, a link relationship between an Azure AD user and the related user in Fuse needs to be
established.
To configure and test Azure AD single sign-on with Fuse, you need to complete the following building blocks:
2. Configure Fuse Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Fuse test user - to have a counterpart of Britta Simon in Fuse that is linked to the Azure AD
To configure Azure AD single sign-on with Fuse, perform the following steps:
1. In the Azure portal, on the Fuse application integration page, select Single sign-on.
dialog.

https://{tenantname}.fuseuniversal.com/
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact Fuse Client support team to get the
6. On the Set up Fuse section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Fuse Single Sign-On
To configure single sign-on on Fuse side, you need to send the downloaded Certificate (Base64) and appropriate
copied URLs from Azure portal to Fuse support team. They set this setting to have the SAML SSO connection set

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Fuse.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Fuse.
2. In the applications list, select Fuse.
Create Fuse test user
In this section, you create a user called Britta Simon in Fuse. Work with Fuse support team to add the users in the
Fuse platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Fuse tile in the Access Panel, you should be automatically signed in to the Fuse for which you
Tutorial: Azure Active Directory integration with Fuze
In this tutorial, you learn how to integrate Fuze with Azure Active Directory (Azure AD ). Integrating Fuze with
You can control in Azure AD who has access to Fuze.
You can enable your users to be automatically signed-in to Fuze (Single Sign-On) with their Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Fuze, you need the following items:
Fuze single sign-on enabled subscription
Fuze supports SP initiated SSO
Fuze supports Just In Time user provisioning
Adding Fuze from the gallery

To configure the integration of Fuze into Azure AD, you need to add Fuze from the gallery to your list of managed
SaaS apps.
To add Fuze from the gallery, perform the following steps:
4. In the search box, type Fuze, select Fuze from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Fuze based on a test user called Britta Simon.
For single sign-on to work, a link relationship between an Azure AD user and the related user in Fuze needs to be
established.
To configure and test Azure AD single sign-on with Fuze, you need to complete the following building blocks:
2. Configure Fuze Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Fuze test user - to have a counterpart of Britta Simon in Fuze that is linked to the Azure AD
To configure Azure AD single sign-on with Fuze, perform the following steps:
1. In the Azure portal, on the Fuze application integration page, select Single sign-on.
dialog.

In the Sign-on URL text box, type a URL: https://www.thinkingphones.com/jetspeed/portal/
6. On the Set up Fuze section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Fuze Single Sign-On
To configure single sign-on on Fuze side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to Fuze support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Fuze.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Fuze.
2. In the applications list, select Fuze.
Create Fuze test user
Fuze application supports just in time user provision, so users will get created automatically when they sign in. For
any other clarification, contact Fuze support.
Test single sign-on
When you click the Fuze tile in the Access Panel, you should be automatically signed in to the Fuze for which you
integration with G Suite
In this tutorial, you'll learn how to integrate G Suite with Azure Active Directory (Azure AD ). When you integrate G
Suite with Azure AD, you can:
Control in Azure AD who has access to G Suite.
Enable your users to be automatically signed-in to G Suite with their Azure AD accounts.
Prerequisites
An Azure AD subscription.
G Suite single sign-on (SSO ) enabled subscription.
A Google Apps subscription or Google Cloud Platform subscription.
NOTE
To test the steps in this tutorial, we do not recommend using a production environment. This document was created using
the new user Single-Sign-on experience. If you are still using the old one, the setup will look different. You can enable the
new experience in the Single Sign-on settings of G-Suite application. Go to Azure AD, Enterprise applications, select G
Suite, select Single Sign-on and then click on Try out our new experience.
If you don't have a subscription, you can get a free account.
Frequently Asked Questions

1. Q: Does this integration support Google Cloud Platform SSO integration with Azure AD?
A: Yes. Google Cloud Platform and Google Apps share the same authentication platform. So to do the GCP
integration you need to configure the SSO with Google Apps.
2. Q: Are Chromebooks and other Chrome devices compatible with Azure AD single sign-on?
A: Yes, users are able to sign into their Chromebook devices using their Azure AD credentials. See this G
Suite support article for information on why users may get prompted for credentials twice.
3. Q: If I enable single sign-on, will users be able to use their Azure AD credentials to sign into any
Google product, such as Google Classroom, GMail, Google Drive, YouTube, and so on?
A: Yes, depending on which G Suite you choose to enable or disable for your organization.
4. Q: Can I enable single sign-on for only a subset of my G Suite users?
A: No, turning on single sign-on immediately requires all your G Suite users to authenticate with their Azure
AD credentials. Because G Suite doesn't support having multiple identity providers, the identity provider for
your G Suite environment can either be Azure AD or Google -- but not both at the same time.
5. Q: If a user is signed in through Windows, are they automatically authenticate to G Suite without
getting prompted for a password?
A: There are two options for enabling this scenario. First, users could sign into Windows 10 devices via
Azure Active Directory Join. Alternatively, users could sign into Windows devices that are domain-joined to
an on-premises Active Directory that has been enabled for single sign-on to Azure AD via an Active
Directory Federation Services (AD FS ) deployment. Both options require you to perform the steps in the
following tutorial to enable single sign-on between Azure AD and G Suite.
6. Q: What should I do when I get an "invalid email" error message?
A: For this setup, the email attribute is required for the users to be able to sign-in. This attribute cannot be
set manually.
The email attribute is autopopulated for any user with a valid Exchange license. If user is not email-enabled,
this error will be received as the application needs to get this attribute to give access.
You can go to portal.office.com with an Admin account, then click in the Admin center, billing, subscriptions,
select your Office 365 Subscription and then click on assign to users, select the users you want to check
their subscription and in the right pane, click on edit licenses.
Once the O365 license is assigned, it may take some minutes to be applied. After that, the user.mail attribute
will be autopopulated and the issue should be resolved.
G Suite supports SP initiated SSO
G Suite supports Automated user provisioning
Adding G Suite from the gallery

To configure the integration of G Suite into Azure AD, you need to add G Suite from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type G Suite in the search box.
6. Select G Suite from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for G Suite

Configure and test Azure AD SSO with G Suite using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in G Suite.
To configure and test Azure AD SSO with G Suite, complete the following building blocks:
2. Configure G Suite SSO - to configure the single sign-on settings on application side.
a. Create G Suite test user - to have a counterpart of B.Simon in G Suite that is linked to the Azure AD

1. In the Azure portal, on the G Suite application integration page, find the Manage section and select single
sign-on.
edit the settings.
4. On the Basic SAML Configuration section, if you want to configure for the Gmail perform the following
steps:
a. In the Sign-on URL textbox, type a URL using the following pattern:
https://www.google.com/a/<yourdomain.com>/ServiceLogin?continue=https://mail.google.com
google.com/a/<yourdomain.com>
google.com
https://google.com
https://google.com/a/<yourdomain.com>
5. On the Basic SAML Configuration section, if you want to configure for the Google Cloud Platform
https://www.google.com/a/<yourdomain.com>/ServiceLogin?continue=https://console.cloud.google.com
google.com/a/<yourdomain.com>
google.com
https://google.com
https://google.com/a/<yourdomain.com>
NOTE
These values are not real. Update these values with the actual Sign-On URL and Identifier. G Suite doesn't provide
Entity ID/Identifier value on Single Sign On configuration so when you uncheck the domain specific issuer option
the Identifier value will be google.com . If you check the domain specific issuer option it will be
google.com/a/<yourdomainname.com> . To check/uncheck the domain specific issuer option you need to go to the
Configure G Suite SSO section which is explained later in the tutorial. For more information contact G Suite Client
support team.
6. Your G Suite application expects the SAML assertions in a specific format, which requires you to add
an example for this. The default value of Unique User Identifier is user.userprincipalname but G Suite
expects this to be mapped with the user's email address. For that you can use user.mail attribute from the
list or use the appropriate attribute value based on your organization configuration.
Unique User Identifier User.mail
f. Click Ok
g. Click Save.
9. On the Set up G Suite section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to G Suite.
2. In the applications list, select G Suite.
Configure G Suite SSO

1. Open a new tab in your browser, and sign into the G Suite Admin Console using your administrator
account.
2. Click Security. If you don't see the link, it may be hidden under the More Controls menu at the bottom of
the screen.
3. On the Security page, click Set up single sign-on (SSO ).
4. Perform the following configuration changes:

a. Select Setup SSO with third-party identity provider.
b. In the Sign-in page URL field in G Suite, paste the value of Login URL which you have copied from
Azure portal.
c. In the Sign-out page URL field in G Suite, paste the value of Logout URL which you have copied from
Azure portal.
d. In the Change password URL field in G Suite, paste the value of Change password URL which you
have copied from Azure portal.
e. In G Suite, for the Verification certificate, upload the certificate that you have downloaded from Azure
portal.
f. Check/Uncheck the Use a domain specific issuer option as per the note mentioned in the above Basic
SAML Configuration section in the Azure AD.
g. Click Save Changes.
Create G Suite test user
The objective of this section is to create a user in G Suite called B.Simon. After the user has manually been created
in G Suite, the user will now be able to sign in using their Office 365 login credentials.
G Suite also supports automatic user provisioning. To configure automatic user provisioning, you must first
configure G Suite for automatic user provisioning.
NOTE
Make sure that your user already exists in G Suite if provisioning in Azure AD has not been turned on before testing Single
Sign-on.
NOTE
If you need to create a user manually, contact the Google support team.
Test SSO
When you click the G Suite tile in the Access Panel, you should be automatically signed in to the G Suite for which
Try G Suite with Azure AD
GaggleAMP
In this tutorial, you learn how to integrate GaggleAMP with Azure Active Directory (Azure AD ). Integrating
GaggleAMP with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to GaggleAMP.
You can enable your users to be automatically signed-in to GaggleAMP (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with GaggleAMP, you need the following items:
GaggleAMP single sign-on enabled subscription
GaggleAMP supports SP and IDP initiated SSO
GaggleAMP supports Just In Time user provisioning
Adding GaggleAMP from the gallery

To configure the integration of GaggleAMP into Azure AD, you need to add GaggleAMP from the gallery to your
To add GaggleAMP from the gallery, perform the following steps:
4. In the search box, type GaggleAMP, select GaggleAMP from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with GaggleAMP based on a test user called Britta
GaggleAMP needs to be established.
To configure and test Azure AD single sign-on with GaggleAMP, you need to complete the following building
blocks:
2. Configure GaggleAMP Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create GaggleAMP test user - to have a counterpart of Britta Simon in GaggleAMP that is linked to the
To configure Azure AD single sign-on with GaggleAMP, perform the following steps:
1. In the Azure portal, on the GaggleAMP application integration page, select Single sign-on.
dialog.
In the Identifier text box, type a URL: https://accounts.gaggleamp.com/auth/saml/callback
initiated mode:
In the Sign-on URL text box, type a URL using the following pattern: https://gaggleamp.com/i/<customerid>
NOTE
The value is not real. Update the value with the actual Sign-on URL. Contact GaggleAMP Client support team to get
7. On the Set up GaggleAMP section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure GaggleAMP Single Sign-On
1. In another browser instance, navigate to the SAML SSO page created for you by the Gaggle support team
(for example: https://accounts.gaggleamp.com/saml_configurations/oXH8sQcP79dOzgFPqrMTyw/edit).
2. On your SAML SSO page, perform the following steps:
a. Select Other form the Identity provider dropdown menu.

b. In the Identity Provider Issuer textbox, paste the value of Azure Ad Identifier which you have copied
from Azure portal.
c. In the Identity Provider Single Sign-On URL textbox, paste the value of Login URL which you have
d. Open your downloaded Certificate(Base64) file in notepad, copy the content of it into your clipboard,
and then paste it to the X.509 Certificate textbox.
e. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to GaggleAMP.
1. In the Azure portal, select Enterprise Applications, select All applications, then select GaggleAMP.
2. In the applications list, select GaggleAMP.
Create GaggleAMP test user
In this section, a user called Britta Simon is created in GaggleAMP. GaggleAMP supports just-in-time user
exist in GaggleAMP, a new one is created after authentication.
Test single sign-on
When you click the GaggleAMP tile in the Access Panel, you should be automatically signed in to the GaggleAMP
Getabstract
In this tutorial, you learn how to integrate Getabstract with Azure Active Directory (Azure AD ). Integrating
Getabstract with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Getabstract.
You can enable your users to be automatically signed-in to Getabstract (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Getabstract, you need the following items:
Getabstract single sign-on enabled subscription
Getabstract supports SP and IDP initiated SSO
Getabstract supports Just In Time user provisioning
Adding Getabstract from the gallery

To configure the integration of Getabstract into Azure AD, you need to add Getabstract from the gallery to your list
To add Getabstract from the gallery, perform the following steps:
4. In the search box, type Getabstract, select Getabstract from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Getabstract based on a test user called Britta
Getabstract needs to be established.
To configure and test Azure AD single sign-on with Getabstract, you need to complete the following building
blocks:
2. Configure Getabstract Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Getabstract test user - to have a counterpart of Britta Simon in Getabstract that is linked to the Azure
To configure Azure AD single sign-on with Getabstract, perform the following steps:
1. In the Azure portal, on the Getabstract application integration page, select Single sign-on.
dialog.
For Stage/pre_production: https://int.getabstract.com
For Production: https://www.getabstract.com
b. In the Reply URL textbox, type a URL:

For Stage/pre_production: https://int.getabstract.com/ACS.do
For Production: https://www.getabstract.com/ACS.do
initiated mode:
For Stage/pre_production: https://int.getabstract.com/portal/<org_username>
For Production: https://www.getabstract.com/portal/<org_username>
NOTE
This value is not real. Update this value with the actual Sign-On URL. Contact Getabstract Client support team to get
7. On the Set up Getabstract section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Getabstract Single Sign-On
To configure single sign-on on Getabstract side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to Getabstract support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Getabstract.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Getabstract.
2. In the applications list, select Getabstract.

Create Getabstract test user
In this section, a user called Britta Simon is created in Getabstract. Getabstract supports just-in-time user
exist in Getabstract, a new one is created after authentication.
NOTE
If you need to create a user manually, Contact Getabstract support team
Test single sign-on
When you click the Getabstract tile in the Access Panel, you should be automatically signed in to the Getabstract
integration with GetThere
In this tutorial, you'll learn how to integrate GetThere with Azure Active Directory (Azure AD ). When you integrate
GetThere with Azure AD, you can:
Control in Azure AD who has access to GetThere.
Enable your users to be automatically signed-in to GetThere with their Azure AD accounts.
Prerequisites
GetThere single sign-on (SSO ) enabled subscription.
GetThere supports IDP initiated SSO
NOTE
Adding GetThere from the gallery

To configure the integration of GetThere into Azure AD, you need to add GetThere from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type GetThere in the search box.
6. Select GetThere from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for GetThere

Configure and test Azure AD SSO with GetThere using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in GetThere.
To configure and test Azure AD SSO with GetThere, complete the following building blocks:
2. Configure GetThere SSO - to configure the single sign-on settings on application side.
a. Create GetThere test user - to have a counterpart of B.Simon in GetThere that is linked to the Azure

1. In the Azure portal, on the GetThere application integration page, find the Manage section and select
single sign-on.
edit the settings.
getthere.com
http://idp.getthere.com
b. In the Reply URL text box, type any one of the below URLs:
https://wx1.getthere.net/login/saml/post.act
https://gtx2-gcte2.getthere.net/login/saml/post.act
https://gtx2-gcte2.getthere.net/login/saml/ssoaasvalidate.act
https://wx1.getthere.net/login/saml/ssoaavalidate.act
6. On the Set up GetThere section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to GetThere.
2. In the applications list, select GetThere.
Configure GetThere SSO

To configure single sign-on on GetThere side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to GetThere support team. They set this setting to have the SAML
Create GetThere test user
In this section, you create a user called B.Simon in GetThere. Work with GetThere support team to add the users in
the GetThere platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the GetThere tile in the Access Panel, you should be automatically signed in to the GetThere for
Try GetThere with Azure AD
Gigya
In this tutorial, you learn how to integrate Gigya with Azure Active Directory (Azure AD ). Integrating Gigya with
You can control in Azure AD who has access to Gigya.
You can enable your users to be automatically signed-in to Gigya (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Gigya, you need the following items:
Gigya single sign-on enabled subscription
Gigya supports SP initiated SSO
Adding Gigya from the gallery

To configure the integration of Gigya into Azure AD, you need to add Gigya from the gallery to your list of
managed SaaS apps.
To add Gigya from the gallery, perform the following steps:
4. In the search box, type Gigya, select Gigya from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Gigya based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Gigya
To configure and test Azure AD single sign-on with Gigya, you need to complete the following building blocks:
2. Configure Gigya Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Gigya test user - to have a counterpart of Britta Simon in Gigya that is linked to the Azure AD
To configure Azure AD single sign-on with Gigya, perform the following steps:
1. In the Azure portal, on the Gigya application integration page, select Single sign-on.
dialog.

a. In the Sign on URL text box, type a URL using the following pattern: http://<companyname>.gigya.com
https://fidm.gigya.com/saml/v2.0/<companyname>
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Gigya Client
6. On the Set up Gigya section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Gigya Single Sign-On
1. In a different web browser window, log into your Gigya company site as an administrator.
2. Go to Settings > SAML Login, and then click the Add button.
3. In the SAML Login section, perform the following steps:

b. In Issuer textbox, paste the value of Azure Ad Identifier which you have copied from Azure Portal.
c. In Single Sign-On Service URL textbox, paste the value of Login URL which you have copied from
Azure Portal.
d. In Name ID Format textbox, paste the value of Name Identifier Format which you have copied from
Azure Portal.
into your clipboard, and then paste it to the X.509 Certificate textbox.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Gigya.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Gigya.
2. In the applications list, select Gigya.

Create Gigya test user
In order to enable Azure AD users to log into Gigya, they must be provisioned into Gigya. In the case of Gigya,
1. Log in to your Gigya company site as an administrator.
2. Go to Admin > Manage Users, and then click Invite Users.
3. On the Invite Users dialog, perform the following steps:
a. In the Email textbox, type the email alias of a valid Azure Active Directory account you want to provision.
b. Click Invite User.
NOTE
The Azure Active Directory account holder will receive an email that includes a link to confirm the account before it
becomes active.
Test single sign-on

When you click the Gigya tile in the Access Panel, you should be automatically signed in to the Gigya for which you
GitHub
In this tutorial, you learn how to integrate GitHub with Azure Active Directory (Azure AD ). Integrating GitHub with
You can control in Azure AD who has access to GitHub.
You can enable your users to be automatically signed-in to GitHub (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with GitHub, you need the following items:
A GitHub organization created in GitHub Enterprise Cloud, which requires the GitHub Enterprise billing plan
GitHub supports SP initiated SSO
GitHub supports Automated user provisioning
Adding GitHub from the gallery

To configure the integration of GitHub into Azure AD, you need to add GitHub from the gallery to your list of
managed SaaS apps.
To add GitHub from the gallery, perform the following steps:
4. In the search box, type GitHub, select GitHub.com from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with GitHub based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in GitHub
To configure and test Azure AD single sign-on with GitHub, you need to complete the following building blocks:
2. Configure GitHub Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create GitHub test user - to have a counterpart of Britta Simon in GitHub that is linked to the Azure AD
To configure Azure AD single sign-on with GitHub, perform the following steps:
1. In the Azure portal, on the GitHub application integration page, select Single sign-on.
dialog.

https://github.com/orgs/<entity-id>/sso
https://github.com/orgs/<entity-id>
NOTE
Please note that these are not the real values. You have to update these values with the actual Sign on URL and
Identifier. Here we suggest you to use the unique value of string in the Identifier. Go to GitHub Admin section to
retrieve these values.
5. Your GitHub application expects the SAML assertions in a specific format, which requires you to add custom
default attributes, where as nameidentifier is mapped with user.userprincipalname. GitHub application
7. On the Set up GitHub section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure GitHub Single Sign-On
1. In a different web browser window, log into your GitHub organization site as an administrator.
2. Navigate to Settings and click Security
3. Check the Enable SAML authentication box, revealing the Single Sign-on configuration fields. Then, use
the single sign-on URL value to update the Single sign-on URL on Azure AD configuration.
4. Configure the following fields:

a. In the Sign on URL textbox, paste Login URL value which you have copied from the Azure portal.
b. In the Issuer textbox, paste Azure AD Identifier value which you have copied from the Azure portal.
c. Open the downloaded certificate from Azure portal in notepad, paste the content into the Public
d. Click on Edit icon to edit the Signature Method and Digest Method from RSA -SHA1 and SHA1 to
RSA -SHA256 and SHA256 as shown below.
5. Click on Test SAML configuration to confirm that no validation failures or errors during SSO.
6. Click Save
NOTE
Single sign-on in GitHub authenticates to a specific organization in GitHub and does not replace the authentication of GitHub
itself. Therefore, if the user's github.com session has expired, you may be asked to authenticate with GitHub's ID/password
during the single sign-on process.


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to GitHub.
1. In the Azure portal, select Enterprise Applications, select All applications, then select GitHub.
2. In the applications list, select GitHub.
Create GitHub test user
The objective of this section is to create a user called Britta Simon in GitHub. GitHub supports automatic user
provisioning.
1. Log in to your GitHub company site as an administrator.
2. Click People.
3. Click Invite member.
4. On the Invite member dialog page, perform the following steps:

a. In the Email textbox, type the email address of Britta Simon account.
b. Click Send Invitation.

NOTE
becomes active.
Test single sign-on

When you click the GitHub tile in the Access Panel, you should be automatically signed in to the GitHub for which
GlassFrog
In this tutorial, you learn how to integrate GlassFrog with Azure Active Directory (Azure AD ). Integrating
GlassFrog with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to GlassFrog.
You can enable your users to be automatically signed-in to GlassFrog (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with GlassFrog, you need the following items:
GlassFrog single sign-on enabled subscription
GlassFrog supports SP initiated SSO
Adding GlassFrog from the gallery

To configure the integration of GlassFrog into Azure AD, you need to add GlassFrog from the gallery to your list of
managed SaaS apps.
To add GlassFrog from the gallery, perform the following steps:
4. In the search box, type GlassFrog, select GlassFrog from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with GlassFrog based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in GlassFrog
To configure and test Azure AD single sign-on with GlassFrog, you need to complete the following building blocks:
2. Configure GlassFrog Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create GlassFrog test user - to have a counterpart of Britta Simon in GlassFrog that is linked to the Azure AD
To configure Azure AD single sign-on with GlassFrog, perform the following steps:
1. In the Azure portal, on the GlassFrog application integration page, select Single sign-on.
dialog.

https://app.glassfrog.com/people/sso?org_id=<ORGANIZATIONID>
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact GlassFrog Client support team to get
6. On the Set up GlassFrog section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure GlassFrog Single Sign-On
To configure single sign-on on GlassFrog side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to GlassFrog support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to GlassFrog.
1. In the Azure portal, select Enterprise Applications, select All applications, then select GlassFrog.
2. In the applications list, select GlassFrog.
Create GlassFrog test user
In this section, you create a user called Britta Simon in GlassFrog. Work with GlassFrog support team to add the
users in the GlassFrog platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the GlassFrog tile in the Access Panel, you should be automatically signed in to the GlassFrog for
Tutorial: Integrate GlobalOne with Azure Active
Directory
In this tutorial, you'll learn how to integrate GlobalOne with Azure Active Directory (Azure AD ). When you
integrate GlobalOne with Azure AD, you can:
Control in Azure AD who has access to GlobalOne.
Enable your users to be automatically signed-in to GlobalOne with their Azure AD accounts.
Prerequisites
GlobalOne single sign-on (SSO ) enabled subscription.
In this tutorial, you configure and test Azure AD SSO in a test environment. GlobalOne supports SP and IDP
Adding GlobalOne from the gallery

To configure the integration of GlobalOne into Azure AD, you need to add GlobalOne from the gallery to your list
5. In the Add from the gallery section, type GlobalOne in the search box.
6. Select GlobalOne from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.

Configure and test Azure AD SSO with GlobalOne using a test user called B. Simon. For SSO to work, you need
to establish a link relationship between an Azure AD user and the related user in GlobalOne.
To configure and test Azure AD SSO with GlobalOne, complete the following building blocks:
2. Configure GlobalOne to configure the SSO settings on application side.
5. Create GlobalOne test user to have a counterpart of B. Simon in GlobalOne that is linked to the Azure AD
1. In the Azure portal, on the GlobalOne application integration page, find the Manage section and select
Single sign-on.
5. GlobalOne application expects the SAML assertions in a specific format, which requires you to add custom
6. In addition to above, GlobalOne application expects few more attributes to be passed back in SAML
Email user.mail
Company <YOUR COMPANY NAME>
f. Click Ok
g. Click Save.
8. On the Set up GlobalOne section, copy the appropriate URL (s) based on your requirement.
Configure GlobalOne
To configure single sign-on on GlobalOne side, you need to send the downloaded Certificate (Raw) and
appropriate copied URLs from Azure portal to GlobalOne support team. They set this setting to have the SAML
box.
d. Click Create.
In this section, you'll enable B. Simon to use Azure single sign-on by granting access to GlobalOne.
2. In the applications list, select GlobalOne.
Create GlobalOne test user
In this section, a user called Britta Simon is created in GlobalOne. GlobalOne supports just-in-time user
exist in GlobalOne, a new one is created after authentication.
Test SSO
When you select the GlobalOne tile in the Access Panel, you should be automatically signed in to the GlobalOne
GoodPractice Toolkit
In this tutorial, you learn how to integrate GoodPractice Toolkit with Azure Active Directory (Azure AD ). Integrating
GoodPractice Toolkit with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to GoodPractice Toolkit.
You can enable your users to be automatically signed-in to GoodPractice Toolkit (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with GoodPractice Toolkit, you need the following items:
GoodPractice Toolkit single sign-on enabled subscription
GoodPractice Toolkit supports SP initiated SSO
GoodPractice Toolkit supports Just In Time user provisioning
Adding GoodPractice Toolkit from the gallery

To configure the integration of GoodPractice Toolkit into Azure AD, you need to add GoodPractice Toolkit from the
To add GoodPractice Toolkit from the gallery, perform the following steps:
4. In the search box, type GoodPractice Toolkit, select GoodPractice Toolkit from result panel then click

In this section, you configure and test Azure AD single sign-on with GoodPractice Toolkit based on a test user
in GoodPractice Toolkit needs to be established.
To configure and test Azure AD single sign-on with GoodPractice Toolkit, you need to complete the following
building blocks:
2. Configure GoodPractice Toolkit Single Sign-On - to configure the Single Sign-On settings on application
side.
5. Create GoodPractice Toolkit test user - to have a counterpart of Britta Simon in GoodPractice Toolkit that is
To configure Azure AD single sign-on with GoodPractice Toolkit, perform the following steps:
1. In the Azure portal, on the GoodPractice Toolkit application integration page, select Single sign-on.
dialog.

https://app.goodpractice.net/#/<subscriptionUrl>/s/<locationId> .
NOTE
The Sign-on URL value is not real. Update the value with the actual Sign-On URL. Contact GoodPractice Toolkit Client
support team to get the value.
6. On the Set up GoodPractice Toolkit section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure GoodPractice Toolkit Single Sign-On
To configure single sign-on on GoodPractice Toolkit side, you need to send the downloaded Federation
Metadata XML and appropriate copied URLs from Azure portal to GoodPractice Toolkit support team. They set

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to GoodPractice Toolkit.
1. In the Azure portal, select Enterprise Applications, select All applications, then select GoodPractice
Toolkit.
2. In the applications list, select GoodPractice Toolkit.
Create GoodPractice Toolkit test user
In this section, a user called Britta Simon is created in GoodPractice Toolkit. GoodPractice Toolkit supports just-in-
already exist in GoodPractice Toolkit, a new one is created when you attempt to access GoodPractice Toolkit.
Test single sign-on
When you click the GoodPractice Toolkit tile in the Access Panel, you should be automatically signed in to the
GoodPractice Toolkit for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
GoToMeeting
In this tutorial, you learn how to integrate GoToMeeting with Azure Active Directory (Azure AD ). Integrating
GoToMeeting with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to GoToMeeting.
You can enable your users to be automatically signed-in to GoToMeeting (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with GoToMeeting, you need the following items:
GoToMeeting single sign-on enabled subscription
GoToMeeting supports IDP initiated SSO
Adding GoToMeeting from the gallery

To configure the integration of GoToMeeting into Azure AD, you need to add GoToMeeting from the gallery to
To add GoToMeeting from the gallery, perform the following steps:
4. In the search box, type GoToMeeting, select GoToMeeting from result panel then click Add button to add
the application.

In this section, you configure and test Azure AD single sign-on with GoToMeeting based on a test user called
GoToMeeting needs to be established.
To configure and test Azure AD single sign-on with GoToMeeting, you need to complete the following building
blocks:
2. Configure GoToMeeting Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create GoToMeeting test user - to have a counterpart of Britta Simon in GoToMeeting that is linked to the
To configure Azure AD single sign-on with GoToMeeting, perform the following steps:
1. In the Azure portal, on the GoToMeeting application integration page, select Single sign-on.
dialog.
dialog.
https://authentication.logmeininc.com/saml/sp
https://authentication.logmeininc.com/saml/acs
c. Click set additional URLs and configure the below URLs

d. Sign on URL (keep this blank)
e. In the RelayState text box, type a URL using the following pattern:
For GoToMeeting App, use https://global.gotomeeting.com
For GoToTraining, use https://global.gototraining.com
For GoToWebinar, use https://global.gotowebinar.com
For GoToAssist, use https://app.gotoassist.com
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact GoToMeeting
Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
6. On the Set up GoToMeeting section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure GoToMeeting Single Sign-On
1. In a different browser window, log in to your GoToMeeting Organization Center. You will be prompted to
confirm that the IdP has been updated.
2. Enable the "My Identity Provider has been updated with the new domain" checkbox. Click Done when
finished.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to GoToMeeting.
1. In the Azure portal, select Enterprise Applications, select All applications, then select GoToMeeting.
2. In the applications list, select GoToMeeting.

Create GoToMeeting test user
In this section, a user called Britta Simon is created in GoToMeeting. GoToMeeting supports just-in-time
provisioning, which is enabled by default.
There is no action item for you in this section. If a user doesn't already exist in GoToMeeting, a new one is created
when you attempt to access GoToMeeting.
NOTE
If you need to create a user manually, Contact GoToMeeting support team.
Test single sign-on

When you click the GoToMeeting tile in the Access Panel, you should be automatically signed in to the
GoToMeeting for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Tutorial: Azure Active Directory integration with Gra-
Pe
In this tutorial, you learn how to integrate Gra-Pe with Azure Active Directory (Azure AD ). Integrating Gra-Pe with
You can control in Azure AD who has access to Gra-Pe.
You can enable your users to be automatically signed-in to Gra-Pe (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Gra-Pe, you need the following items:
Gra-Pe single sign-on enabled subscription
Gra-Pe supports SP initiated SSO
Adding Gra-Pe from the gallery

To configure the integration of Gra-Pe into Azure AD, you need to add Gra-Pe from the gallery to your list of
managed SaaS apps.
To add Gra-Pe from the gallery, perform the following steps:
4. In the search box, type Gra-Pe, select Gra-Pe from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Gra-Pe based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Gra-Pe
To configure and test Azure AD single sign-on with Gra-Pe, you need to complete the following building blocks:
2. Configure Gra-Pe Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Gra-Pe test user - to have a counterpart of Britta Simon in Gra-Pe that is linked to the Azure AD
To configure Azure AD single sign-on with Gra-Pe, perform the following steps:
1. In the Azure portal, on the Gra-Pe application integration page, select Single sign-on.
dialog.

In the Sign-on URL text box, type a URL: https://btm.tts.co.jp/portal/apl/SSOLogin.aspx
6. On the Set up Gra-Pe section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Gra-Pe Single Sign-On
To configure single sign-on on Gra-Pe side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to Gra-Pe support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Gra-Pe.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Gra-Pe.
2. In the applications list, select Gra-Pe.
Create Gra-Pe test user
In this section, you create a user called Britta Simon in Gra-Pe. Work with Gra-Pe support team to add the users in
the Gra-Pe platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Gra-Pe tile in the Access Panel, you should be automatically signed in to the Gra-Pe for which
Greenhouse
In this tutorial, you learn how to integrate Greenhouse with Azure Active Directory (Azure AD ). Integrating
Greenhouse with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Greenhouse.
You can enable your users to be automatically signed-in to Greenhouse (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Greenhouse, you need the following items:
Greenhouse single sign-on enabled subscription
Greenhouse supports SP initiated SSO
Adding Greenhouse from the gallery

To configure the integration of Greenhouse into Azure AD, you need to add Greenhouse from the gallery to your
To add Greenhouse from the gallery, perform the following steps:
4. In the search box, type Greenhouse, select Greenhouse from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Greenhouse based on a test user called Britta
Greenhouse needs to be established.
To configure and test Azure AD single sign-on with Greenhouse, you need to complete the following building
blocks:
2. Configure Greenhouse Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Greenhouse test user - to have a counterpart of Britta Simon in Greenhouse that is linked to the Azure
To configure Azure AD single sign-on with Greenhouse, perform the following steps:
1. In the Azure portal, on the Greenhouse application integration page, select Single sign-on.
dialog.

https://<companyname>.greenhouse.io
https://<companyname>.greenhouse.io
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Greenhouse Client
6. On the Set up Greenhouse section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Greenhouse Single Sign-On
To configure single sign-on on Greenhouse side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to Greenhouse support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Greenhouse.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Greenhouse.
2. In the applications list, select Greenhouse.
Create Greenhouse test user
In order to enable Azure AD users to log into Greenhouse, they must be provisioned into Greenhouse. In the case
of Greenhouse, provisioning is a manual task.
NOTE
You can use any other Greenhouse user account creation tools or APIs provided by Greenhouse to provision Azure AD user
accounts.

1. Log in to your Greenhouse company site as an administrator.
2. In the menu on the top, click Configure, and then click Users.
3. Click New Users.
4. In the Add New User section, perform the following steps:

a. In the Enter user emails textbox, type the email address of a valid Azure Active Directory account you
want to provision.
b. Click Save.
NOTE
The Azure Active Directory account holders will receive an email including a link to confirm the account before it
becomes active.
Test single sign-on

When you click the Greenhouse tile in the Access Panel, you should be automatically signed in to the Greenhouse
GreenOrbit
In this tutorial, you learn how to integrate GreenOrbit with Azure Active Directory (Azure AD ). Integrating
GreenOrbit with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to GreenOrbit.
You can enable your users to be automatically signed-in to GreenOrbit (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with GreenOrbit, you need the following items:
GreenOrbit single sign-on enabled subscription
GreenOrbit supports SP initiated SSO
GreenOrbit supports Just In Time user provisioning
Adding GreenOrbit from the gallery

To configure the integration of GreenOrbit into Azure AD, you need to add GreenOrbit from the gallery to your list
To add GreenOrbit from the gallery, perform the following steps:
4. In the search box, type GreenOrbit, select GreenOrbit from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with GreenOrbit based on a test user called Britta
GreenOrbit needs to be established.
To configure and test Azure AD single sign-on with GreenOrbit, you need to complete the following building
blocks:
2. Configure GreenOrbit Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create GreenOrbit test user - to have a counterpart of Britta Simon in GreenOrbit that is linked to the Azure
To configure Azure AD single sign-on with GreenOrbit, perform the following steps:
1. In the Azure portal, on the GreenOrbit application integration page, select Single sign-on.
dialog.

https://<SUBDOMAIN>.yourcompanydomain.extension
https://<SUBDOMAIN>.yourcompanydomain.extension
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact GreenOrbit Client
6. On the Set up GreenOrbit section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure GreenOrbit Single Sign-On
To configure single sign-on on GreenOrbit side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to GreenOrbit support team. They set this setting to have the SAML

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to GreenOrbit.
1. In the Azure portal, select Enterprise Applications, select All applications, then select GreenOrbit.
2. In the applications list, select GreenOrbit.
Create GreenOrbit test user
In this section, a user called Britta Simon is created in GreenOrbit. GreenOrbit supports just-in-time user
exist in GreenOrbit, a new one is created after authentication.
Test single sign-on
When you click the GreenOrbit tile in the Access Panel, you should be automatically signed in to the GreenOrbit
integration with Grovo
In this tutorial, you'll learn how to integrate Grovo with Azure Active Directory (Azure AD ). When you integrate
Grovo with Azure AD, you can:
Control in Azure AD who has access to Grovo.
Enable your users to be automatically signed-in to Grovo with their Azure AD accounts.
Prerequisites
Grovo single sign-on (SSO ) enabled subscription.
Grovo supports SP and IDP initiated SSO
Grovo supports Just In Time user provisioning
Adding Grovo from the gallery

To configure the integration of Grovo into Azure AD, you need to add Grovo from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Grovo in the search box.
6. Select Grovo from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Grovo

Configure and test Azure AD SSO with Grovo using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Grovo.
To configure and test Azure AD SSO with Grovo, complete the following building blocks:
2. Configure Grovo SSO - to configure the single sign-on settings on application side.
a. Create Grovo test user - to have a counterpart of B.Simon in Grovo that is linked to the Azure AD

1. In the Azure portal, on the Grovo application integration page, find the Manage section and select single
sign-on.
edit the settings.
https://<subdomain>.grovo.com/sso/saml2/metadata
https://<subdomain>.grovo.com/sso/saml2/saml-assertion

d. In the Relay State text box, type a URL using the following pattern: https://<subdomain>.grovo.com
initiated mode:
https://<subdomain>.grovo.com/sso/saml2/saml-assertion
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL, Sign-on URL and Relay State.
Contact Grovo Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
7. On the Set up Grovo section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Grovo.
2. In the applications list, select Grovo.
Configure Grovo SSO

1. In a different web browser window, sign in to Grovo as Administrator.
2. Go to Admin > Integrations.
3. Click SET UP under SP Initiated SAML 2.0 section.

4. In SP Initiated SAML 2.0 popup window perform the following steps:
a. In the Entity ID textbox, paste the value of Azure AD Identifier, which you have copied from Azure
portal.
b. In the Single sign-on service endpoint textbox, paste the value of Login URL, which you have copied
from Azure portal.
c. Select Single sign-on service endpoint binding as
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect .
d. Open the downloaded Base64 encoded certificate from Azure portal in notepad, paste it into the
Public key textbox.
e. Click Next.
Create Grovo test user
In this section, a user called B.Simon is created in Grovo. Grovo supports just-in-time user provisioning, which is
enabled by default. There is no action item for you in this section. If a user doesn't already exist in Grovo, a new one
NOTE
If you need to create a user manually, Contact Grovo support team.
Test SSO
When you click the Grovo tile in the Access Panel, you should be automatically signed in to the Grovo for which
Try Grovo with Azure AD
GTNexus SSO System
In this tutorial, you learn how to integrate GTNexus SSO System with Azure Active Directory (Azure AD ).
Integrating GTNexus SSO System with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to GTNexus SSO System.
You can enable your users to be automatically signed-in to GTNexus SSO System (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with GTNexus SSO System, you need the following items:
GTNexus SSO System single sign-on enabled subscription
GTNexus SSO System supports IDP initiated SSO
Adding GTNexus SSO System from the gallery

To configure the integration of GTNexus SSO System into Azure AD, you need to add GTNexus SSO System from
To add GTNexus SSO System from the gallery, perform the following steps:
4. In the search box, type GTNexus SSO System, select GTNexus SSO System from result panel then click

In this section, you configure and test Azure AD single sign-on with GTNexus SSO System based on a test user
in GTNexus SSO System needs to be established.
To configure and test Azure AD single sign-on with GTNexus SSO System, you need to complete the following
building blocks:
2. Configure GTNexus SSO System Single Sign-On - to configure the Single Sign-On settings on application
side.
5. Create GTNexus SSO System test user - to have a counterpart of Britta Simon in GTNexus SSO System that
To configure Azure AD single sign-on with GTNexus SSO System, perform the following steps:
1. In the Azure portal, on the GTNexus SSO System application integration page, select Single sign-on.
dialog.
following steps:
in GTNexus SSO System section textbox:
NOTE
If the Identifier and Reply URL values are not getting auto polulated, then fill in the values manually according to
your requirement.
Configure GTNexus SSO System Single Sign-On

To configure single sign-on on GTNexus SSO System side, you need to send the Federation Metadata XML to
GTNexus SSO System support team. They set this setting to have the SAML SSO connection set properly on both
sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to GTNexus SSO System.
1. In the Azure portal, select Enterprise Applications, select All applications, then select GTNexus SSO
System.
2. In the applications list, select GTNexus SSO System.
Create GTNexus SSO System test user
In this section, you create a user called Britta Simon in GTNexus SSO System. Work with GTNexus SSO System
support team to add the users in the GTNexus SSO System platform. Users must be created and activated before
Test single sign-on
When you click the GTNexus SSO System tile in the Access Panel, you should be automatically signed in to the
GTNexus SSO System for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
HackerOne
In this tutorial, you learn how to integrate HackerOne with Azure Active Directory (Azure AD ). Integrating
HackerOne with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to HackerOne.
You can enable your users to be automatically signed-in to HackerOne (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with HackerOne, you need the following items:
HackerOne single sign-on enabled subscription
HackerOne supports SP initiated SSO
HackerOne supports Just In Time user provisioning
Adding HackerOne from the gallery

To configure the integration of HackerOne into Azure AD, you need to add HackerOne from the gallery to your list
To add HackerOne from the gallery, perform the following steps:
4. In the search box, type HackerOne, select HackerOne from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with HackerOne based on a test user called Britta
HackerOne needs to be established.
To configure and test Azure AD single sign-on with HackerOne, you need to complete the following building
blocks:
2. Configure HackerOne Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create HackerOne test user - to have a counterpart of Britta Simon in HackerOne that is linked to the Azure
To configure Azure AD single sign-on with HackerOne, perform the following steps:
1. In the Azure portal, on the HackerOne application integration page, select Single sign-on.
dialog.

https://hackerone.com/<company name>/authentication
b. In the Identifier (Entity ID ) text box, type a URL: https://hackerone.com/users/saml/metadata
NOTE
This Sign on URL value is not real. Update this value with the actual Sign-On URL. Contact HackerOne Client support
Azure portal.
6. On the Set up HackerOne section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure HackerOne Single Sign-On
1. Sign On to your HackerOne tenant as an administrator.
2. In the menu on the top, click the Settings.
3. Navigate to Authentication and click Add SAML settings.
4. On the SAML Settings dialog, perform the following steps:
a. In the Email Domain textbox, type a registered domain.

b. In Single Sign On URL textboxes, paste the value of Login URL which you have copied from Azure
portal.
c. Open your downloaded Certificate file from Azure portal into Notepad, copy the content of it into your
clipboard, and then paste it to the X509 Certificate textbox.
d. Click Save.
5. On the Authentication Settings dialog, perform the following steps:
a. Click Run test.

b. If the value of the Status field equals Last test status: created, contact your HackerOne support team to
request a review of your configuration.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to HackerOne.
1. In the Azure portal, select Enterprise Applications, select All applications, then select HackerOne.
2. In the applications list, select HackerOne.

Create HackerOne test user
In this section, a user called Britta Simon is created in HackerOne. HackerOne supports just-in-time user
exist in HackerOne, a new one is created after authentication.
Test single sign-on
When you click the HackerOne tile in the Access Panel, you should be automatically signed in to the HackerOne for
Halogen Software
In this tutorial, you learn how to integrate Halogen Software with Azure Active Directory (Azure AD ). Integrating
Halogen Software with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Halogen Software.
You can enable your users to be automatically signed-in to Halogen Software (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Halogen Software, you need the following items:
Halogen Software single sign-on enabled subscription
Halogen Software supports SP initiated SSO
Adding Halogen Software from the gallery

To configure the integration of Halogen Software into Azure AD, you need to add Halogen Software from the
To add Halogen Software from the gallery, perform the following steps:
4. In the search box, type Halogen Software, select Halogen Software from result panel then click Add

In this section, you configure and test Azure AD single sign-on with Halogen Software based on a test user called
Halogen Software needs to be established.
To configure and test Azure AD single sign-on with Halogen Software, you need to complete the following building
blocks:
2. Configure Halogen Software Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Halogen Software test user - to have a counterpart of Britta Simon in Halogen Software that is linked
To configure Azure AD single sign-on with Halogen Software, perform the following steps:
1. In the Azure portal, on the Halogen Software application integration page, select Single sign-on.
dialog.

https://global.hgncloud.com/<companyname>
https://global.halogensoftware.com/<companyname>
https://global.hgncloud.com/<companyname>
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Halogen Software
6. On the Set up Halogen Software section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Halogen Software Single Sign-On
1. In a different browser window, sign-on to your Halogen Software application as an administrator.
2. Click the Options tab.
3. In the left navigation pane, click SAML Configuration.
4. On the SAML Configuration page, perform the following steps:

a. As Unique Identifier, select NameID.
b. As Unique Identifier Maps To, select Username.
c. To upload your downloaded metadata file, click Browse to select the file, and then Upload File.
d. To test the configuration, click Run Test.
NOTE
You need to wait for the message "The SAML test is complete. Please close this window". Then, close the opened
browser window. The Enable SAML checkbox is only enabled if the test has been completed.
e. Select Enable SAML.

f. Click Save Changes.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Halogen Software.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Halogen
Software.
2. In the applications list, select Halogen Software.

Create Halogen Software test user
The objective of this section is to create a user called Britta Simon in Halogen Software.
To create a user called Britta Simon in Halogen Software, perform the following steps:
1. Sign on to your Halogen Software application as an administrator.
2. Click the User Center tab, and then click Create User.
3. On the New User dialog page, perform the following steps:
a. In the First Name textbox, type first name of the user like Britta.
b. In the Last Name textbox, type last name of the user like Simon.
c. In the Username textbox, type Britta Simon, the user name as in the Azure portal.
d. In the Password textbox, type a password for Britta.
e. Click Save.
Test single sign-on
When you click the Halogen Software tile in the Access Panel, you should be automatically signed in to the
Halogen Software for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Halosys
In this tutorial, you learn how to integrate Halosys with Azure Active Directory (Azure AD ). Integrating Halosys
You can control in Azure AD who has access to Halosys.
You can enable your users to be automatically signed-in to Halosys (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Halosys, you need the following items:
Halosys single sign-on enabled subscription
Halosys supports IDP initiated SSO
Adding Halosys from the gallery

To configure the integration of Halosys into Azure AD, you need to add Halosys from the gallery to your list of
managed SaaS apps.
To add Halosys from the gallery, perform the following steps:
4. In the search box, type Halosys, select Halosys from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Halosys based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Halosys
To configure and test Azure AD single sign-on with Halosys, you need to complete the following building blocks:
2. Configure Halosys Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Halosys test user - to have a counterpart of Britta Simon in Halosys that is linked to the Azure AD
To configure Azure AD single sign-on with Halosys, perform the following steps:
1. In the Azure portal, on the Halosys application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type a URL using the following pattern: https://<company-name>.halosys.com
https://<company-name>.halosys.com/<instance name>
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact Halosys Client
6. On the Set up Halosys section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Halosys Single Sign-On
To configure single sign-on on Halosys side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to Halosys support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Halosys.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Halosys.
2. In the applications list, select Halosys.
Create Halosys test user
In this section, you create a user called Britta Simon in Halosys. Work with Halosys support team to add the users
in the Halosys platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Halosys tile in the Access Panel, you should be automatically signed in to the Halosys for which
HappyFox
In this tutorial, you learn how to integrate HappyFox with Azure Active Directory (Azure AD ). Integrating
HappyFox with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to HappyFox.
You can enable your users to be automatically signed-in to HappyFox (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with HappyFox, you need the following items:
HappyFox single sign-on enabled subscription
HappyFox supports SP initiated SSO
HappyFox supports Just In Time user provisioning
Adding HappyFox from the gallery

To configure the integration of HappyFox into Azure AD, you need to add HappyFox from the gallery to your list of
managed SaaS apps.
To add HappyFox from the gallery, perform the following steps:
4. In the search box, type HappyFox, select HappyFox from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with HappyFox based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in HappyFox
To configure and test Azure AD single sign-on with HappyFox, you need to complete the following building blocks:
2. Configure HappyFox Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create HappyFox test user - to have a counterpart of Britta Simon in HappyFox that is linked to the Azure AD
To configure Azure AD single sign-on with HappyFox, perform the following steps:
1. In the Azure portal, on the HappyFox application integration page, select Single sign-on.
dialog.

a. In the Sign on URL text box, type a URL using the following pattern: https://<subdomain>.happyfox.com/
https://<subdomain>.happyfox.com/saml/metadata/
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact HappyFox Client
6. On the Set up HappyFox section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure HappyFox Single Sign-On
1. In a different web browser window, sign-on to your HappyFox tenant as an administrator.
2. Navigate to Manage, click on Integrations tab.
3. In the Integrations tab, click Configure under SAML Integration to open the Single Sign On Settings.
4. Inside SAML configuration section, paste the Login URL value, which you have copied from Azure portal
into SSO Target URL textbox.
5. Open the certificate downloaded from Azure portal in notepad and paste its content in IdP Signature
section.
6. Click Save Settings button.


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to HappyFox.
1. In the Azure portal, select Enterprise Applications, select All applications, then select HappyFox.
2. In the applications list, select HappyFox.
Create HappyFox test user
In this section, a user called Britta Simon is created in HappyFox. HappyFox supports just-in-time user
exist in HappyFox, a new one is created after authentication.
Test single sign-on
1. When you click the HappyFox tile in the Access Panel, you should get login page of HappyFox application.
You should see the ‘SAML’ button on the sign-in page.
2. Click the SAML button to log in to HappyFox using your Azure AD account.
integration with Harness
In this tutorial, you'll learn how to integrate Harness with Azure Active Directory (Azure AD ). When you integrate
Harness with Azure AD, you can:
Control in Azure AD who has access to Harness.
Enable your users to be automatically signed-in to Harness with their Azure AD accounts.
Prerequisites
Harness single sign-on (SSO ) enabled subscription.
Harness supports SP and IDP initiated SSO
Adding Harness from the gallery

To configure the integration of Harness into Azure AD, you need to add Harness from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Harness in the search box.
6. Select Harness from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Harness

Configure and test Azure AD SSO with Harness using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Harness.
To configure and test Azure AD SSO with Harness, complete the following building blocks:
2. Configure Harness SSO - to configure the single sign-on settings on application side.
a. Create Harness test user - to have a counterpart of B.Simon in Harness that is linked to the Azure AD

1. In the Azure portal, on the Harness application integration page, find the Manage section and select single
sign-on.
edit the settings.
https://app.harness.io/gateway/api/users/saml-login?accountId=<harness_account_id>
initiated mode:
In the Sign-on URL text box, type a URL: https://app.harness.io/
NOTE
The Reply URL value is not real. You will get the actual Reply URL from the Configure Harness SSO section, which is
explained later in the tutorial. You can also refer to the patterns shown in the Basic SAML Configuration section in
the Azure portal.
computer.
7. On the Set up Harness section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Harness.
2. In the applications list, select Harness.
Configure Harness SSO

1. To automate the configuration within Harness, you need to install My Apps Secure Sign-in browser
2. After adding extension to the browser, click on Setup Harness will direct you to the Harness application.
From there, provide the admin credentials to sign into Harness. The browser extension will automatically
3. If you want to setup Harness manually, open a new web browser window and sign into your Harness
4. On the top-right of the page, click on Continuous Security > Access Management > Authentication
Settings.
5. On the SSO Providers section, click on + Add SSO Providers > SAML.
6. On the SAML Provider pop-up, perform the following steps:
a. Copy the In your SSO Provider, please enable SAML -based login, then enter the following URL
instance and paste it in Reply URL textbox in Basic SAML Configuration section on Azure portal.
b. In the Display Name text box, type your display name.
c. Click Choose file to upload the Federation Metadata XML file, which you have downloaded from Azure
AD.
d. Click SUBMIT.
Create Harness test user
To enable Azure AD users to sign in to Harness, they must be provisioned into Harness. In Harness, provisioning is
a manual task.
1. Sign in to Harness as an Administrator.
2. On the top-right of the page, click on Continuous Security > Access Management > Users.
3. On the right side of page, click on + Add User.
4. On the Add User pop-up, perform the following steps:
a. In Email Address(es) text box, enter the email of user like B.simon@contoso.com .
b. Select your User Groups.
c. Click Submit.
Test SSO
When you click the Harness tile in the Access Panel, you should be automatically signed in to the Harness for
Try Harness with Azure AD
Tutorial: Integrate Helper Helper with Azure Active
Directory
In this tutorial, you'll learn how to integrate Helper Helper with Azure Active Directory (Azure AD ). When you
integrate Helper Helper with Azure AD, you can:
Control in Azure AD who has access to Helper Helper.
Enable your users to be automatically signed-in to Helper Helper with their Azure AD accounts.
Prerequisites
Helper Helper single sign-on (SSO ) enabled subscription.
In this tutorial, you configure and test Azure AD SSO in a test environment. Helper Helper supports SP and IDP
Adding Helper Helper from the gallery

To configure the integration of Helper Helper into Azure AD, you need to add Helper Helper from the gallery to
5. In the Add from the gallery section, type Helper Helper in the search box.
6. Select Helper Helper from results panel and then add the app. Wait a few seconds while the app is added to
your tenant.

Configure and test Azure AD SSO with Helper Helper using a test user called B. Simon. For SSO to work, you
need to establish a link relationship between an Azure AD user and the related user in Helper Helper.
To configure and test Azure AD SSO with Helper Helper, complete the following building blocks:
2. Configure Helper Helper to configure the SSO settings on application side.
5. Create Helper Helper test user to have a counterpart of B. Simon in Helper Helper that is linked to the Azure
1. In the Azure portal, on the Helper Helper application integration page, find the Manage section and select
Single sign-on.
configure in IDP initiated mode perform the following steps:
NOTE
Go to the url https://sso.helperhelper.com/saml/<customer_id> to get the Service Provider metadata file.
Contact Helper Helper Client support team for <customer_id> .

in Basic SAML Configuration section.
NOTE
requirement.
initiated mode:
https://sso.helperhelper.com/saml/<customer_id>/login
NOTE
The Sign-on URL value is not real. Update this value with the actual Sign-on URL. Contact Helper Helper Client
the Azure portal.l.
button to copy App Federation Metadata Url and save it on your Notepad.
7. On the Set up Helper Helper section, copy the appropriate URL (s) based on your requirement.
Configure Helper Helper

To configure single sign-on on Helper Helper side, you need to send the App Federation Metadata Url to
Helper Helper support team. They set this setting to have the SAML SSO connection set properly on both sides.
box.
d. Click Create.
In this section, you'll enable B. Simon to use Azure single sign-on by granting access to Helper Helper.
2. In the applications list, select Helper Helper.
Create Helper Helper test user
In this section, a user called Britta Simon is created in Helper Helper. Helper Helper supports just-in-time user
exist in Helper Helper, a new one is created after authentication.
Test SSO
When you select the Helper Helper tile in the Access Panel, you should be automatically signed in to the Helper
Helper for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Tutorial: Azure Active Directory integration with Help
Scout
In this tutorial, you learn how to integrate Help Scout with Azure Active Directory (Azure AD ). Integrating Help
Scout with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Help Scout.
You can enable your users to be automatically signed-in to Help Scout (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Help Scout, you need the following items:
Help Scout single sign-on enabled subscription
Help Scout supports SP and IDP initiated SSO
Help Scout supports Just In Time user provisioning
Adding Help Scout from the gallery

To configure the integration of Help Scout into Azure AD, you need to add Help Scout from the gallery to your list
5. In the Add from the gallery section, type Help Scout in the search box.
6. Select Help Scout from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.

In this section, you configure and test Azure AD single sign-on with Help Scout based on a test user called
B.Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Help
Scout needs to be established.
To configure and test Azure AD single sign-on with Help Scout, you need to complete the following building
blocks:
2. Configure Help Scout SSO - to configure the single sign-on settings on application side.
Create Help Scout test user - to have a counterpart of B.Simon in Help Scout that is linked to the
To configure Azure AD single sign-on with Help Scout, perform the following steps:
1. In the Azure portal, on the Help Scout application integration page, select Single sign-on.
dialog.
a. Identifier is the Audience URI (Service Provider Entity ID ) from Help Scout, starts with urn:
b. Reply URL is the Post-back URL (Assertion Consumer Service URL ) from Help Scout, starts with
https://
NOTE
The values in these URLs are for demonstration only. You need to update these values from actual Reply URL and
Identifier. You get these values from the Single Sign-On tab under Authentication section, which is explained later in
the tutorial.
initiated mode:
In the Sign-on URL textbox, type a URL as: https://secure.helpscout.net/members/login/
7. On the Set up Help Scout section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
The objective of this section is to create a test user in the Azure portal called B.Simon.

a. In the Name field enter B.Simon.
b. In the User name field type B.Simon@yourcompanydomain.extension
For example, B.Simon@contoso.com
d. Click Create.
In this section, you enable B.Simon to use Azure single sign-on by granting access to Help Scout.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Help Scout.
2. In the applications list, select Help Scout.

5. In the Users and groups dialog select B.Simon in the Users list, then click the Select button at the bottom
of the screen.
Configure Help Scout SSO

1. To automate the configuration within Help Scout, you need to install My Apps Secure Sign-in browser
2. After adding extension to the browser, click on Set up Help Scout will direct you to the Help Scout
application. From there, provide the admin credentials to sign into Help Scout. The browser extension will
3. If you want to setup Help Scout manually, open a new web browser window and sign into your Help Scout
4. Click on Manage from the top menu and then select Company from the dropdown menu.
5. Select Authentication from the left navigation pane.

6. This takes you to the SAML settings section and perform the following steps:
a. Copy the Post-back URL (Assertion Consumer Service URL ) value and paste the value in the Reply
URL text box in the Basic SAML Configuration section in the Azure portal.
b. Copy the Audience URI (Service Provider Entity ID ) value and paste the value in the Identifier text
box in the Basic SAML Configuration section in the Azure portal.
7. Toggle Enable SAML on and perform the following steps:
a. In Single Sign-On URL textbox, paste the value of Login URL, which you have copied from Azure
portal.
b. Click Upload Certificate to upload the Certificate(Base64) downloaded from Azure portal.
c. Enter your organization's email domain(s) e.x.- contoso.com in the Email Domains textbox. You can
separate multiple domains with a comma. Anytime a Help Scout User or Administrator who enters that
specific domain on the Help Scout log-in page will be routed to Identity Provider to authenticate with their
credentials.
d. Lastly, you can toggle Force SAML Sign-on if you want Users to only log in to Help Scout via through
this method. If you'd still like to leave the option for them to sign in with their Help Scout credentials, you
can leave it toggled off. Even if this is enabled, an Account Owner will always be able to log in to Help Scout
with their account password.
e. Click Save.
Create Help Scout test user
In this section, a user called B.Simon is created in Help Scout. Help Scout supports just-in-time user provisioning,
which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Help
Scout, a new one is created after authentication.
Test SSO
When you click the Help Scout tile in the Access Panel, you should be automatically signed in to the Help Scout for
Try Help Scout with Azure AD
Heroku
In this tutorial, you learn how to integrate Heroku with Azure Active Directory (Azure AD ). Integrating Heroku with
You can control in Azure AD who has access to Heroku.
You can enable your users to be automatically signed-in to Heroku (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Heroku, you need the following items:
Heroku single sign-on enabled subscription
Heroku supports SP initiated SSO
Heroku supports Just In Time user provisioning
Adding Heroku from the gallery

To configure the integration of Heroku into Azure AD, you need to add Heroku from the gallery to your list of
managed SaaS apps.
To add Heroku from the gallery, perform the following steps:
4. In the search box, type Heroku, select Heroku from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Heroku based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Heroku
To configure and test Azure AD single sign-on with Heroku, you need to complete the following building blocks:
2. Configure Heroku Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Heroku test user - to have a counterpart of Britta Simon in Heroku that is linked to the Azure AD
To configure Azure AD single sign-on with Heroku, perform the following steps:
1. In the Azure portal, on the Heroku application integration page, select Single sign-on.
dialog.

https://sso.heroku.com/saml/<company-name>/init
https://sso.heroku.com/saml/<company-name>
NOTE
These values are not real. Update these values with the actual Sign-On URL and Identifier. You get these values from
Heroku team, which is described in later sections of this article.
6. On the Set up Heroku section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Heroku Single Sign-On
1. In a different web browser window, sign-on to your Heroku tenant as an administrator.
2. Click the Settings tab.
3. On the Single Sign On Page, click Upload Metadata.
4. Upload the metadata file, which you have downloaded from the Azure portal.
5. When the setup is successful, administrators see a confirmation dialog and the URL of the SSO Login for
end users is displayed.
6. Copy the Heroku Login URL and Heroku Entity ID values and go back to Basic SAML Configuration
section in Azure portal and paste these values into the Sign-On Url and Identifier (Entity ID ) textboxes
respectively.
7. Click Next.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Heroku.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Heroku.
2. In the applications list, select Heroku.

Create Heroku test user
In this section, you create a user called Britta Simon in Heroku. Heroku supports just-in-time provisioning, which is
enabled by default.
There is no action item for you in this section. A new user is created when accessing Heroku if the user doesn't exist
yet. After the account is provisioned, the end user receives a verification email and needs to click the
acknowledgement link.
NOTE
If you need to create a user manually, you need to contact the Heroku Client support team.
Test single sign-on

When you click the Heroku tile in the Access Panel, you should be automatically signed in to the Heroku for which
HeyBuddy
In this tutorial, you learn how to integrate HeyBuddy with Azure Active Directory (Azure AD ). Integrating
HeyBuddy with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to HeyBuddy.
You can enable your users to be automatically signed-in to HeyBuddy (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with HeyBuddy, you need the following items:
HeyBuddy single sign-on enabled subscription
HeyBuddy supports SP initiated SSO
HeyBuddy supports Just In Time user provisioning
Adding HeyBuddy from the gallery

To configure the integration of HeyBuddy into Azure AD, you need to add HeyBuddy from the gallery to your list
To add HeyBuddy from the gallery, perform the following steps:
4. In the search box, type HeyBuddy, select HeyBuddy from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with HeyBuddy based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in HeyBuddy
To configure and test Azure AD single sign-on with HeyBuddy, you need to complete the following building blocks:
2. Configure HeyBuddy Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create HeyBuddy test user - to have a counterpart of Britta Simon in HeyBuddy that is linked to the Azure
To configure Azure AD single sign-on with HeyBuddy, perform the following steps:
1. In the Azure portal, on the HeyBuddy application integration page, select Single sign-on.
dialog.

https://api.heybuddy.com/auth/<ENTITY ID>
YourCompanyInstanceofHeyBuddy
NOTE
These values are not real. Update these values with the actual Sign-On URL and Identifier (Entity ID). The Entity ID
in the Sign on url is auto generated for each organization. Contact HeyBuddy Client support team to get these
values.
5. Your HeyBuddy application expects the SAML assertions in a specific format, which requires you to add
NOTE
Please refer to this link on how to configure and setup the roles for the application.
6. In addition to above, HeyBuddy application expects few more attributes to be passed back in SAML
Roles user.assignedroles
f. Click Ok
g. Click Save.
Configure HeyBuddy Single Sign-On

To configure single sign-on on HeyBuddy side, you need to send the App Federation Metadata Url to
HeyBuddy support team. They set this setting to have the SAML SSO connection set properly on both sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to HeyBuddy.
1. In the Azure portal, select Enterprise Applications, select All applications, then select HeyBuddy.
2. In the applications list, select HeyBuddy.
Create HeyBuddy test user
In this section, a user called Britta Simon is created in HeyBuddy. HeyBuddy supports just-in-time user
exist in HeyBuddy, a new one is created after authentication.
NOTE
If you need to create a user manually, contact HeyBuddy support team.
Test single sign-on

When you click the HeyBuddy tile in the Access Panel, you should be automatically signed in to the HeyBuddy for
HighGear
In this tutorial, you can learn how to integrate HighGear with Azure Active Directory (Azure AD ). Integrating
HighGear with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to HighGear.
You can enable your users to be automatically signed-in to HighGear (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with HighGear, you need the following items:
An Azure AD subscription. If you don't have an Azure AD environment, you can get a one-month trial here
A HighGear system with an Enterprise or Unlimited license
In this tutorial, you can learn how to configure and test Azure AD single sign-on in a test environment.
HighGear supports SP and IdP initiated SSO
Adding HighGear from the gallery

To configure the integration of HighGear into Azure AD, you need to add HighGear from the gallery to your list of
managed SaaS apps.
To add HighGear from the gallery, perform the following steps:
3. To add a new application, click the New application button on the top of the dialog.
4. In the search box, type HighGear, select HighGear from result panel, and then click the Add button to add
the application.

In this section, you can learn how to configure and test Azure AD single sign-on with your HighGear system based
on a test user called Britta Simon. For single sign-on to work, a link relationship between an Azure AD user and
the related user in your HighGear system needs to be established.
To configure and test Azure AD single sign-on with your HighGear system, you need to complete the following
building blocks:
2. Configure HighGear Single Sign-On - to configure the Single Sign-On settings on the HighGear application
side.
5. Create HighGear test user - to have a counterpart of Britta Simon in HighGear that is linked to the Azure AD
In this section, you can learn how to enable Azure AD single sign-on in the Azure portal.
To configure Azure AD single sign-on with your HighGear system, perform the following steps:
1. In the Azure portal, on the HighGear application integration page, select Single sign-on.
3. On the Set up Single Sign-On with SAML page, click the Edit icon to open the Basic SAML
Configuration dialog.

a. In the Identifier text box, paste the value of the Service Provider Entity ID field that is on the Single
Sign-On Settings page in your HighGear system.
NOTE
You will need to log in to your HighGear system to access the Single Sign-On Settings page. Once you're logged in,
move your mouse over the Administration tab in HighGear and click the Single Sign-On Settings menu item.
b. In the Reply URL text box, paste the value of the Assertion Consumer Service (ACS ) URL from the
Single Sign-On Settings page in your HighGear system.
initiated mode:
In the Sign-on URL text box, paste the value of the Service Provider Entity ID field that is on the Single
Sign-On Settings page in your HighGear system. (This Entity ID is also the base URL of the HighGear
system that is to be used for SP -initiated sign-on.)
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL from the Single
Sign-On Settings page in your HighGear system. If you need help, please contact the HighGear Support Team.
Download to download the Certificate (Base64) and save it on your computer. You'll need it in a later step
of the Single Sign-On configuration.
6. On the Set up HighGear section, note the location of the following URLs.
a. Login URL. You will need this value in Step #2 under Configure HighGear Single Sign-On below.
b. Azure AD Identifier. You will need this value in Step #3 under Configure HighGear Single Sign-On
below.
c. Logout URL. You will need this value in Step #4 under Configure HighGear Single Sign-On below.
Configure HighGear Single Sign-On
To configure HighGear for Single Sign-On, please log in to your HighGear system. Once you're logged in, move
your mouse over the Administration tab in HighGear and click the Single Sign-On Settings menu item.
1. In the Identity Provider Name, type a short description that will appear in HighGear's Single Sign-On
button on the Login page. For example: Azure AD
2. In the Single Sign-On (SSO ) URL field in HighGear, paste the value from the Login URL field that is in
the Set up HighGear section in Azure.
3. In the Identity Provider Entity ID field in HighGear, paste the value from the Azure AD Identifier field
that is in the Set up HighGear section in Azure.
4. In the Single Logout (SLO ) URL field in HighGear, paste the value from the Logout URL field that is in
the Set up HighGear section in Azure.
5. Use Notepad to open the certificate that you downloaded from the SAML Signing Certificate section in
Azure. You should have downloaded the Certificate (Base64) format. Copy the contents of the certificate
from Notepad and paste it into the Identity Provider Certificate field in HighGear.
6. Email the HighGear Support Team to request your HighGear Certificate. Follow the instructions you receive
from them to fill out the HighGear Certificate and HighGear Certificate Password fields.
7. Click the Save button to save your HighGear Single Sign-On configuration.

box.
d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to HighGear.
1. In the Azure portal, select Enterprise Applications, select All applications, and then select HighGear.
2. In the applications list, select HighGear.

Create HighGear test user
To create a HighGear test user to test your Single Sign-On configuration, please log in to your HighGear system.
1. Click the Create New Contact button.
A menu will appear allowing you to choose the kind of contact you want to create.
2. Click the Individual menu item to create a HighGear user.
A pane will slide out on the right so that you can type in the information for the new user.
3. In the Name field, type a name for the contact. For example: Britta Simon
4. Click the More Options menu and select the Account Info menu item.
5. Set the Can Log In field to Yes.

The Enable Single Sign-On field will automatically be set to Yes as well.
6. In the Single Sign-On User Id field, type the id of the user. For example: BrittaSimon@contoso.com
The Account Info section should now look something like this:
7. To save the contact, click the Save button at the bottom of the pane.
Test single sign-on
When you click the HighGear tile in the Access Panel, you should be automatically signed in to the HighGear for
integration with Hightail
In this tutorial, you'll learn how to integrate Hightail with Azure Active Directory (Azure AD ). When you integrate
Hightail with Azure AD, you can:
Control in Azure AD who has access to Hightail.
Enable your users to be automatically signed-in to Hightail with their Azure AD accounts.
Prerequisites
Hightail single sign-on (SSO ) enabled subscription.
Hightail supports SP and IDP initiated SSO
Hightail supports Just In Time user provisioning
NOTE
Adding Hightail from the gallery

To configure the integration of Hightail into Azure AD, you need to add Hightail from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Hightail in the search box.
6. Select Hightail from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Hightail

Configure and test Azure AD SSO with Hightail using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Hightail.
To configure and test Azure AD SSO with Hightail, complete the following building blocks:
2. Configure Hightail SSO - to configure the single sign-on settings on application side.
Create Hightail test user - to have a counterpart of B.Simon in Hightail that is linked to the Azure AD

1. In the Azure portal, on the Hightail application integration page, find the Manage section and select
single sign-on.
edit the settings.
In the Reply URL text box, type a URL:
https://www.hightail.com/samlLogin?phi_action=app/samlLogin&subAction=handleSamlResponse
initiated mode:
In the Sign-on URL text box, type a URL: https://www.hightail.com/loginSSO
6. Hightail application expects the SAML assertions in a specific format, which requires you to add custom
default attributes.
7. In addition to above, Hightail application expects few more attributes to be passed back in SAML response
requirements.
Email user.mail
UserIdentity user.mail
9. On the Set up Hightail section, copy the appropriate URL (s) based on your requirement.
NOTE
Before configuring the Single Sign On at Hightail app, please white list your email domain with Hightail team so that all the
users who are using this domain can use Single Sign On functionality.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Hightail.
2. In the applications list, select Hightail.
Configure Hightail SSO

1. To automate the configuration within Hightail, you need to install My Apps Secure Sign-in browser
2. After adding extension to the browser, click on Set up Hightail will direct you to the Hightail application.
From there, provide the admin credentials to sign into Hightail. The browser extension will automatically
3. If you want to setup Hightail manually, in another browser window, open the Hightail admin portal.
4. Click on User icon from the top right corner of the page.
5. Click View Admin Console tab.
6. In the menu on the top, click the SAML tab and perform the following steps:
a. In the Login URL textbox, paste the value of Login URL copied from Azure portal.
b. Open your base-64 encoded certificate in notepad downloaded from Azure portal, copy the content of it
into your clipboard, and then paste it to the SAML Certificate textbox.
c. Click COPY to copy the SAML consumer URL for your instance and paste it in Reply URL textbox in
Basic SAML Configuration section on Azure portal.
d. Click Save Configurations.
Create Hightail test user
In this section, a user called Britta Simon is created in Hightail. Hightail supports just-in-time user provisioning,
which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Hightail,
NOTE
If you need to create a user manually, you need to contact the Hightail support team.
Test SSO
When you click the Hightail tile in the Access Panel, you should be automatically signed in to the Hightail for which
Try Hightail with Azure AD
HireVue
In this tutorial, you learn how to integrate HireVue with Azure Active Directory (Azure AD ). Integrating HireVue
You can control in Azure AD who has access to HireVue.
You can enable your users to be automatically signed-in to HireVue (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with HireVue, you need the following items:
HireVue single sign-on enabled subscription
HireVue supports SP initiated SSO
Adding HireVue from the gallery

To configure the integration of HireVue into Azure AD, you need to add HireVue from the gallery to your list of
managed SaaS apps.
To add HireVue from the gallery, perform the following steps:
4. In the search box, type HireVue, select HireVue from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with HireVue based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in HireVue
To configure and test Azure AD single sign-on with HireVue, you need to complete the following building blocks:
2. Configure HireVue Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create HireVue test user - to have a counterpart of Britta Simon in HireVue that is linked to the Azure AD
To configure Azure AD single sign-on with HireVue, perform the following steps:
1. In the Azure portal, on the HireVue application integration page, select Single sign-on.
dialog.

ENVIRONMENT URL
Production https://<companyname>.hirevue.com
Staging https://<companyname>.stghv.com
ENVIRONMENT URN
Production urn:federation:hirevue.com:saml:sp:prod
Staging urn:federation:hirevue.com:saml:sp:staging
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact HireVue Client
6. On the Set up HireVue section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure HireVue Single Sign-On
To configure single sign-on on HireVue side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to HireVue support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to HireVue.
1. In the Azure portal, select Enterprise Applications, select All applications, then select HireVue.
2. In the applications list, select HireVue.

Create HireVue test user
In this section, you create a user called Britta Simon in HireVue. Work with HireVue support team to add the users
in the HireVue platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the HireVue tile in the Access Panel, you should be automatically signed in to the HireVue for which
integration with Hootsuite
In this tutorial, you'll learn how to integrate Hootsuite with Azure Active Directory (Azure AD ). When you integrate
Hootsuite with Azure AD, you can:
Control in Azure AD who has access to Hootsuite.
Enable your users to be automatically signed-in to Hootsuite with their Azure AD accounts.
Prerequisites
Hootsuite single sign-on (SSO ) enabled subscription.
Hootsuite supports SP and IDP initiated SSO
NOTE
Adding Hootsuite from the gallery

To configure the integration of Hootsuite into Azure AD, you need to add Hootsuite from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Hootsuite in the search box.
6. Select Hootsuite from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Hootsuite

Configure and test Azure AD SSO with Hootsuite using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Hootsuite.
To configure and test Azure AD SSO with Hootsuite, complete the following building blocks:
2. Configure Hootsuite SSO - to configure the single sign-on settings on application side.
a. Create Hootsuite test user - to have a counterpart of B.Simon in Hootsuite that is linked to the Azure

1. In the Azure portal, on the Hootsuite application integration page, find the Manage section and select
single sign-on.
edit the settings.
In the Reply URL text box, type any one of the URL using the following pattern:
https://hootsuite.com/member/sso-complete
https://hootsuite.com/sso/<ORG_ID>
initiated mode:
In the Sign-on URL text box, type a URL: https://hootsuite.com/login
NOTE
These values are not real. Update these values with the actual Reply URL and Sign-On URL. Contact Hootsuite Client
7. On the Set up Hootsuite section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Hootsuite.
2. In the applications list, select Hootsuite.
Configure Hootsuite SSO

To configure single sign-on on Hootsuite side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to Hootsuite support team. They set this setting to have the SAML
Create Hootsuite test user
In this section, you create a user called Britta Simon in Hootsuite. Work with Hootsuite support team to add the
users in the Hootsuite platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the Hootsuite tile in the Access Panel, you should be automatically signed in to the Hootsuite for
Try Hootsuite with Azure AD
Hornbill
In this tutorial, you learn how to integrate Hornbill with Azure Active Directory (Azure AD ). Integrating Hornbill
You can control in Azure AD who has access to Hornbill.
You can enable your users to be automatically signed-in to Hornbill (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Hornbill, you need the following items:
Hornbill single sign-on enabled subscription
Hornbill supports SP initiated SSO
Hornbill supports Just In Time user provisioning
Adding Hornbill from the gallery

To configure the integration of Hornbill into Azure AD, you need to add Hornbill from the gallery to your list of
managed SaaS apps.
To add Hornbill from the gallery, perform the following steps:
4. In the search box, type Hornbill, select Hornbill from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Hornbill based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Hornbill
To configure and test Azure AD single sign-on with Hornbill, you need to complete the following building blocks:
2. Configure Hornbill Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Hornbill test user - to have a counterpart of Britta Simon in Hornbill that is linked to the Azure AD
To configure Azure AD single sign-on with Hornbill, perform the following steps:
1. In the Azure portal, on the Hornbill application integration page, select Single sign-on.
dialog.

https://<SUBDOMAIN>.hornbill.com/<INSTANCE_NAME>/
https://<SUBDOMAIN>.hornbill.com/<INSTANCE_NAME>/lib/saml/auth/simplesaml/module.php/saml/sp/metadata.php/saml
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Hornbill Client
Configure Hornbill Single Sign-On

1. In a different web browser window, log in to Hornbill as a Security Administrator.
2. On the Home page, click System.
3. Navigate to Security.
4. Click SSO Profiles.
5. On the right side of the page, click on Add logo.
6. On the Profile Details bar, click on Import SAML Meta logo.
7. On the Pop-up page in the URL text box, paste the App Federation Metadata Url, which you have copied
from Azure portal and click Process.
8. After clicking process the values get auto populated automatically under Profile Details section.
9. Click Save Changes.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Hornbill.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Hornbill.
2. In the applications list, select Hornbill.

Create Hornbill test user
In this section, a user called Britta Simon is created in Hornbill. Hornbill supports just-in-time user provisioning,
which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Hornbill,
NOTE
If you need to create a user manually, contact Hornbill Client support team.
Test single sign-on
When you click the Hornbill tile in the Access Panel, you should be automatically signed in to the Hornbill for which
Hosted Graphite
In this tutorial, you learn how to integrate Hosted Graphite with Azure Active Directory (Azure AD ). Integrating
Hosted Graphite with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Hosted Graphite.
You can enable your users to be automatically signed-in to Hosted Graphite (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Hosted Graphite, you need the following items:
Hosted Graphite single sign-on enabled subscription
Hosted Graphite supports SP and IDP initiated SSO
Hosted Graphite supports Just In Time user provisioning
Adding Hosted Graphite from the gallery

To configure the integration of Hosted Graphite into Azure AD, you need to add Hosted Graphite from the gallery
To add Hosted Graphite from the gallery, perform the following steps:
4. In the search box, type Hosted Graphite, select Hosted Graphite from result panel then click Add button

In this section, you configure and test Azure AD single sign-on with Hosted Graphite based on a test user called
Hosted Graphite needs to be established.
To configure and test Azure AD single sign-on with Hosted Graphite, you need to complete the following building
blocks:
2. Configure Hosted Graphite Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Hosted Graphite test user - to have a counterpart of Britta Simon in Hosted Graphite that is linked to
To configure Azure AD single sign-on with Hosted Graphite, perform the following steps:
1. In the Azure portal, on the Hosted Graphite application integration page, select Single sign-on.
dialog.
https://www.hostedgraphite.com/metadata/<user id>
https://www.hostedgraphite.com/complete/saml/<user id>
initiated mode:
https://www.hostedgraphite.com/login/saml/<user id>/
NOTE
Please note that these are not the real values. You have to update these values with the actual Identifier, Reply URL
and Sign On URL. To get these values, you can go to Access->SAML setup on your Application side or Contact
Hosted Graphite support team.
7. On the Set up Hosted Graphite section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Hosted Graphite Single Sign-On
1. Sign-on to your Hosted Graphite tenant as an administrator.
2. Go to the SAML Setup page in the sidebar (Access -> SAML Setup).
3. Confirm these URls match your configuration done on the Basic SAML Configuration section of the
Azure portal.
4. In Entity or Issuer ID and SSO Login URL textboxes, paste the value of Azure Ad Identifier and Login
URL which you have copied from Azure portal.
5. Select Read-only as Default User Role.

6. Open your base-64 encoded certificate in notepad downloaded from Azure portal, copy the content of it


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Hosted Graphite.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Hosted Graphite.
2. In the applications list, select Hosted Graphite.

Create Hosted Graphite test user
In this section, a user called Britta Simon is created in Hosted Graphite. Hosted Graphite supports just-in-time user
exist in Hosted Graphite, a new one is created after authentication.
NOTE
If you need to create a user manually, you need to contact the Hosted Graphite support team via
mailto:help@hostedgraphite.com.
Test single sign-on
When you click the Hosted Graphite tile in the Access Panel, you should be automatically signed in to the Hosted
Graphite for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
integration with Hosted Heritage Online SSO
In this tutorial, you'll learn how to integrate Hosted Heritage Online SSO with Azure Active Directory (Azure AD ).
When you integrate Hosted Heritage Online SSO with Azure AD, you can:
Control in Azure AD who has access to Hosted Heritage Online SSO.
Enable your users to be automatically signed-in to Hosted Heritage Online SSO with their Azure AD accounts.
Prerequisites
Hosted Heritage Online SSO single sign-on (SSO ) enabled subscription.
Hosted Heritage Online SSO supports SP initiated SSO
Adding Hosted Heritage Online SSO from the gallery

To configure the integration of Hosted Heritage Online SSO into Azure AD, you need to add Hosted Heritage
Online SSO from the gallery to your list of managed SaaS apps.
5. In the Add from the gallery section, type Hosted Heritage Online SSO in the search box.
6. Select Hosted Heritage Online SSO from results panel and then add the app. Wait a few seconds while the
Configure and test Azure AD single sign-on for Hosted Heritage Online
SSO
Configure and test Azure AD SSO with Hosted Heritage Online SSO using a test user called B.Simon. For SSO to
work, you need to establish a link relationship between an Azure AD user and the related user in Hosted Heritage
Online SSO.
To configure and test Azure AD SSO with Hosted Heritage Online SSO, complete the following building blocks:
2. Configure Hosted Heritage Online SSO SSO - to configure the single sign-on settings on application side.
a. Create Hosted Heritage Online SSO test user - to have a counterpart of B.Simon in Hosted Heritage
Online SSO that is linked to the Azure AD representation of user.

1. In the Azure portal, on the Hosted Heritage Online SSO application integration page, find the Manage
edit the settings.
https://<SUBDOMAIN>.cirqahosting.com/Shibboleth.sso/Login
https://<SUBDOMAIN>.cirqahosting.com/shibboleth
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Hosted Heritage
Online SSO Client support team to get these values. You can also refer to the patterns shown in the Basic SAML

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Hosted Heritage Online
SSO.
2. In the applications list, select Hosted Heritage Online SSO.
Configure Hosted Heritage Online SSO SSO

To configure single sign-on on Hosted Heritage Online SSO side, you need to send the App Federation
Metadata Url to Hosted Heritage Online SSO support team. They set this setting to have the SAML SSO
Create Hosted Heritage Online SSO test user
In this section, you create a user called B.Simon in Hosted Heritage Online SSO. Work with Hosted Heritage
Online SSO support team to add the users in the Hosted Heritage Online SSO platform. Users must be created
Test SSO
When you click the Hosted Heritage Online SSO tile in the Access Panel, you should be automatically signed in to
the Hosted Heritage Online SSO for which you set up SSO. For more information about the Access Panel, see
Try Hosted Heritage Online SSO with Azure AD
Tutorial: Azure Active Directory integration with HPE
SaaS
In this tutorial, you learn how to integrate HPE SaaS with Azure Active Directory (Azure AD ). Integrating HPE
SaaS with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to HPE SaaS.
You can enable your users to be automatically signed-in to HPE SaaS (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with HPE SaaS, you need the following items:
HPE SaaS single sign-on enabled subscription
HPE SaaS supports SP initiated SSO
Adding HPE SaaS from the gallery

To configure the integration of HPE SaaS into Azure AD, you need to add HPE SaaS from the gallery to your list of
managed SaaS apps.
To add HPE SaaS from the gallery, perform the following steps:
4. In the search box, type HPE SaaS, select HPE SaaS from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with HPE SaaS based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in HPE SaaS
To configure and test Azure AD single sign-on with HPE SaaS, you need to complete the following building blocks:
2. Configure HPE SaaS Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create HPE SaaS test user - to have a counterpart of Britta Simon in HPE SaaS that is linked to the Azure AD
To configure Azure AD single sign-on with HPE SaaS, perform the following steps:
1. In the Azure portal, on the HPE SaaS application integration page, select Single sign-on.
dialog.

a. In the Sign on URL text box, type a URL as: https://login.saas.hpe.com/msg
https://<subdomain>.saas.hpe.com
NOTE
The Identifier value is not real. Update this value with the actual Identifier. Contact HPE SaaS Client support team to
portal.
6. On the Set up HPE SaaS section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure HPE SaaS Single Sign-On
To configure single sign-on on HPE SaaS side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to HPE SaaS support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to HPE SaaS.
1. In the Azure portal, select Enterprise Applications, select All applications, then select HPE SaaS.
2. In the applications list, select HPE SaaS.
Create HPE SaaS test user
In this section, you create a user called Britta Simon in HPE SaaS. Work with HPE SaaS support team to add the
users in the HPE SaaS platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the HPE SaaS tile in the Access Panel, you should be automatically signed in to the HPE SaaS for
HR2day by Merces
In this tutorial, you learn how to integrate HR2day by Merces with Azure Active Directory (Azure AD ). Integrating
HR2day by Merces with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to HR2day by Merces.
You can enable your users to be automatically signed-in to HR2day by Merces (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with HR2day by Merces, you need the following items:
HR2day by Merces single sign-on enabled subscription
HR2day by Merces supports SP initiated SSO
Adding HR2day by Merces from the gallery

To configure the integration of HR2day by Merces into Azure AD, you need to add HR2day by Merces from the
To add HR2day by Merces from the gallery, perform the following steps:
4. In the search box, type HR2day by Merces, select HR2day by Merces from result panel then click Add

In this section, you configure and test Azure AD single sign-on with HR2day by Merces based on a test user called
HR2day by Merces needs to be established.
To configure and test Azure AD single sign-on with HR2day by Merces, you need to complete the following
building blocks:
2. Configure HR2day by Merces Single Sign-On - to configure the Single Sign-On settings on application
side.
5. Create HR2day by Merces test user - to have a counterpart of Britta Simon in HR2day by Merces that is
To configure Azure AD single sign-on with HR2day by Merces, perform the following steps:
1. In the Azure portal, on the HR2day by Merces application integration page, select Single sign-on.
dialog.

https://<tenantname>.force.com/<instancename>
https://hr2day.force.com/<companyname>
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact HR2day by Merces
5. Your HR2day by Merces application expects the SAML assertions in a specific format, which requires you to
NOTE
Before you can configure the SAML assertion, you must contact the HR2day by Merces Client support team and
request the value of the unique identifier attribute for your tenant. You need this value to complete the steps in the
next section.
ATTR_LOGINCLAIM join([mail],"102938475Z","@"
f. Click Ok
g. Click Save.
8. On the Set up HR2day by Merces section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure HR2day by Merces Single Sign-On
To configure single sign-on on HR2day by Merces side, you need to send the downloaded Certificate (Base64)
and appropriate copied URLs from Azure portal to HR2day by Merces support team. They set this setting to have
NOTE
Mention to the Merces team that this integration needs the Entity ID to be set with the pattern
https://hr2day.force.com/INSTANCENAME.



d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to HR2day by Merces.
1. In the Azure portal, select Enterprise Applications, select All applications, then select HR2day by
Merces.
2. In the applications list, select HR2day by Merces.

Create HR2day by Merces test user
In this section, you create a user called Britta Simon in HR2day by Merces. Work with HR2day by Merces support
team to add the users in the HR2day by Merces platform. Users must be created and activated before you use
single sign-on.
NOTE
If you need to create a user manually, contact the HR2day by Merces client support team.
Test single sign-on
When you click the HR2day by Merces tile in the Access Panel, you should be automatically signed in to the
HR2day by Merces for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
In this tutorial, you learn how to integrate HRworks Single Sign-On with Azure Active Directory (Azure AD ).
Integrating HRworks Single Sign-On with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to HRworks Single Sign-On.
You can enable your users to be automatically signed-in to HRworks Single Sign-On (Single Sign-On) with
you begin.
Prerequisites
To configure Azure AD integration with HRworks Single Sign-On, you need the following items:
HRworks Single Sign-On single sign-on enabled subscription
HRworks Single Sign-On supports SP initiated SSO
Adding HRworks Single Sign-On from the gallery

To configure the integration of HRworks Single Sign-On into Azure AD, you need to add HRworks Single Sign-On
To add HRworks Single Sign-On from the gallery, perform the following steps:
4. In the search box, type HRworks Single Sign-On, select HRworks Single Sign-On from result panel then

In this section, you configure and test Azure AD single sign-on with HRworks Single Sign-On based on a test user
in HRworks Single Sign-On needs to be established.
To configure and test Azure AD single sign-on with HRworks Single Sign-On, you need to complete the following
building blocks:
2. Configure HRworks Single Sign-On Single Sign-On - to configure the Single Sign-On settings on
application side.
5. Create HRworks Single Sign-On test user - to have a counterpart of Britta Simon in HRworks Single Sign-
On that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with HRworks Single Sign-On, perform the following steps:
1. In the Azure portal, on the HRworks Single Sign-On application integration page, select Single sign-on.
dialog.

https://login.hrworks.de/?companyId=<companyId>&directssologin=true
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact HRworks Single Sign-On Client support
Azure portal.
6. On the Set up HRworks Single Sign-On section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure HRworks Single Sign-On Single Sign-On
1. In a different web browser window, sign in to HRworks Single Sign-On as an Administrator.
2. Click on Administrator > Basics > Security > Single Sign-on from the left side of menu bar and
a. Check the Use Single Sign-on box.

b. Select XML Metadata as Meta data input method.
c. Select Individual NameID identifier as Value for NameID.
d. In Notepad, open the Metadata XML that you downloaded from the Azure portal, copy its content, and
then paste it into the Metadata textbox.
e. Click Save.

b. In the User name field, type the username like BrittaSimon@contoso.com.
d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to HRworks Single Sign-
On.
1. In the Azure portal, select Enterprise Applications, select All applications, then select HRworks Single
Sign-On.
2. In the applications list, select HRworks Single Sign-On.

Create HRworks Single Sign-On test user
To enable Azure AD users, sign in to HRworks Single Sign-On, they must be provisioned into HRworks Single
Sign-On. In HRworks Single Sign-On, provisioning is a manual task.
1. Sign in to HRworks Single Sign-On as an Administrator.
2. Click on Administrator > Persons > Persons > New person from the left side of menu bar.
3. On the Pop-up, click Next.
4. On the Create new person with country for legal terms pop-up, fill the respective details like First
name, Last name and click Create.
Test single sign-on
When you click the HRworks Single Sign-On tile in the Access Panel, you should be automatically signed in to the
HRworks Single Sign-On for which you set up SSO. For more information about the Access Panel, see
HubSpot
In this tutorial, you learn how to integrate HubSpot with Azure Active Directory (Azure AD ).
Integrating HubSpot with Azure AD gives you the following benefits:
You can use Azure AD to control who has access to HubSpot.
Users can be automatically signed in to HubSpot with their Azure AD accounts (single sign-on).
You can manage your accounts in one central location, the Azure portal.
For more information about software as a service (SaaS ) app integration with Azure AD, see Single sign-on to
applications in Azure Active Directory.
Prerequisites
To configure Azure AD integration with HubSpot, you need the following items:
An Azure AD subscription. If you don't have an Azure AD subscription, create a free account before you begin.
A HubSpot subscription with single sign-on enabled.
In this tutorial, you configure and test Azure AD single sign-on in a test environment and integrate HubSpot with
Azure AD.
HubSpot supports the following features:
SP -initiated single sign-on
IDP -initiated single sign-on
Add HubSpot in the Azure portal

To integrate HubSpot with Azure AD, you must add HubSpot to your list of managed SaaS apps.
1. Sign in to the Azure portal.
2. In the left menu, select Azure Active Directory.
3. Select Enterprise applications > All applications.

4. To add an application, select New application.
5. In the search box, enter HubSpot. In the search results, select HubSpot, and then select Add.

In this section, you configure and test Azure AD single sign-on with HubSpot based on a test user named Britta
Simon. For single sign-on to work, you must establish a linked relationship between an Azure AD user and the
related user in HubSpot.
To configure and test Azure AD single sign-on with HubSpot, you must complete the following building blocks:
TASK DESCRIPTION
Configure Azure AD single sign-on Enables your users to use this feature.
Configure HubSpot single sign-on Configures the single sign-on settings in the application.
Create an Azure AD test user Tests Azure AD single sign-on for a user named Britta Simon.
Assign the Azure AD test user Enables Britta Simon to use Azure AD single sign-on.
Create a HubSpot test user Creates a counterpart of Britta Simon in HubSpot that is
linked to the Azure AD representation of the user.
Test single sign-on Verifies that the configuration works.

In this section, you configure Azure AD single sign-on with HubSpot in the Azure portal.
1. In the Azure portal, in the HubSpot application integration pane, select Single sign-on.
2. In the Select a single sign-on method pane, select SAML or SAML/WS -Fed mode to enable single sign-
on.
3. In the Set up Single Sign-On with SAML pane, select Edit (the pencil icon) to open the Basic SAML
Configuration pane.
4. In the Basic SAML Configuration pane, to configure IDP -initiated mode, complete the following steps:
a. In the Identifier box, enter a URL that has the following pattern: https://api.hubspot.com/login-
api/v1/saml/login?portalId=<CUSTOMER ID>.
b. In the Reply URL box, enter a URL that has the following pattern: https://api.hubspot.com/login-
api/v1/saml/acs?portalId=<CUSTOMER ID>.
NOTE
To format the URLs, you can also refer to the patterns shown in the Basic SAML Configuration pane in the Azure
portal.
5. To configure the application in SP -initiated mode:

a. Select Set additional URLs.
b. In the Sign on URL box, enter https://app.hubspot.com/login.
6. In the Set up Single Sign-On with SAML pane, in the SAML Signing Certificate section, select
Download next to Certificate (Base64). Select a download option based on your requirements. Save the
certificate on your computer.
7. In the Set up HubSpot section, copy the following URLs based on your requirements:
Login URL
Azure AD Identifier
Logout URL
Configure HubSpot single sign-on
1. Open a new tab in your browser and sign in to your HubSpot administrator account.
2. Select the Settings icon in the upper-right corner of the page.
3. Select Account Defaults.
4. Scroll down to the Security section, and then select Set up.
5. In the Set up single sign-on section, complete the following steps:

a. In the Audience URl (Service Provider Entity ID ) box, select Copy to copy the value. In the Azure
portal, in the Basic SAML Configuration pane, paste the value in the Identifier box.
b. In the Sign on URl, ACS, Recipient, or Redirect box, select Copy to copy the value. In the Azure
portal, in the Basic SAML Configuration pane, paste the value in the Reply URL box.
c. In HubSpot, in the Identity Provider Identifier or Issuer URL box, paste the value for Azure AD
Identifier that you copied in the Azure portal.
d. In HubSpot, in the Identity Provider Single Sign-On URL box, paste the value for Login URL that
you copied in the Azure portal.
e. In Windows Notepad, open the Certificate(Base64) file that you downloaded. Select and copy the
contents of the file. Then, in HubSpot, paste it in the X.509 Certificate box.
f. Select Verify.

1. In the Azure portal, select Azure Active Directory > Users > All users.
2. Select New user.
3. In the User pane, complete the following steps:

b. In the User name box, enter brittasimon@<your-company-domain>.<extension>. For example,
c. Select the Show password check box. Write down the value that's displayed in the Password box.
d. Select Create.

In this section, you grant Britta Simon access to HubSpot so she can use Azure single sign-on.
1. In the Azure portal, select Enterprise applications > All applications > HubSpot.
2. In the applications list, select HubSpot.
3. In the menu, select Users and groups.
4. Select Add user. Then, in the Add assignment pane, select Users and groups.
5. In the Users and groups pane, select Britta Simon in the list of users. Choose Select.
6. If you are expecting a role value in the SAML assertion, in the Select role pane, select the relevant role for
the user from the list. Choose Select.
7. In the Add Assignment pane, select Assign.
Create a HubSpot test user
To enable Azure AD a user to sign in to HubSpot, the user must be provisioned in HubSpot. In HubSpot,
To provision a user account in HubSpot:
1. Sign in to your HubSpot company site as administrator.
3. Select Users & Teams.
4. Select Create user.
5. In the Add email addess(es) box, enter the email address of the user in the format
brittasimon@contoso.com, and then select Next.
6. In the Create users section, select each tab. On each tab, set the relevant options and permissions for the
user. Then, select Next.
7. To send the invitation to the user, select Send.
NOTE
The user is activated after the user accepts the invitation.
Test single sign-on

In this section, you test your Azure AD single sign-on configuration by using the My Apps portal.
After you set up single sign-on, when you select HubSpot in the My Apps portal, you are automatically signed in
to HubSpot. For more information about the My Apps portal, see Access and use apps in the My Apps portal.
Next steps
To learn more, review these articles:
List of tutorials for integrating SaaS apps with Azure Active Directory
Single sign-on to applications in Azure Active Directory
Huddle
In this tutorial, you learn how to integrate Huddle with Azure Active Directory (Azure AD ). Integrating Huddle with
You can control in Azure AD who has access to Huddle.
You can enable your users to be automatically signed-in to Huddle (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Huddle, you need the following items:
Huddle single sign-on enabled subscription
Huddle supports SP and IDP initiated SSO
Adding Huddle from the gallery

To configure the integration of Huddle into Azure AD, you need to add Huddle from the gallery to your list of
managed SaaS apps.
To add Huddle from the gallery, perform the following steps:
4. In the search box, type Huddle, select Huddle from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Huddle based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Huddle
To configure and test Azure AD single sign-on with Huddle, you need to complete the following building blocks:
2. Configure Huddle Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Huddle test user - to have a counterpart of Britta Simon in Huddle that is linked to the Azure AD
To configure Azure AD single sign-on with Huddle, perform the following steps:
1. In the Azure portal, on the Huddle application integration page, select Single sign-on.
dialog.
NOTE
Your huddle instance will be automatically detected from the domain you enter below.
a. In the Identifier text box,type a URL:
https://login.huddle.net
https://login.huddle.com
https://login.huddle.net/saml/browser-sso
https://login.huddle.com/saml/browser-sso
https://login.huddle.com/saml/idp-initiated-sso
initiated mode:
https://<customsubdomain>.huddle.com
https://us.huddle.com
NOTE
The Sign-on URL value is not real. Update this value with the actual Sign-On URL. Contact Huddle Client support
team to get this value.
7. On the Set up Huddle section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Huddle Single Sign-On
To configure single sign-on on Huddle side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to Huddle support team. They set this setting to have the SAML SSO
NOTE
Single sign-on needs to be enabled by the Huddle support team. You get a notification when the configuration has been
completed.


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Huddle.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Huddle.
2. In the applications list, select Huddle.
Create Huddle test user
To enable Azure AD users to log in to Huddle, they must be provisioned into Huddle. In the case of Huddle,
1. Log in to your Huddle company site as administrator.
2. Click Workspace.
3. Click People > Invite People.
4. In the Create a new invitation section, perform the following steps:
a. In the Choose a team to invite people to join list, select team.

b. Type the Email Address of a valid Azure AD account you want to provision in to Enter email address
for people you'd like to invite textbox.
c. Click Invite.
NOTE
The Azure AD account holder will receive an email including a link to confirm the account before it becomes active.
NOTE
You can use any other Huddle user account creation tools or APIs provided by Huddle to provision Azure AD user accounts.
Test single sign-on
When you click the Huddle tile in the Access Panel, you should be automatically signed in to the Huddle for which
Humanity
In this tutorial, you learn how to integrate Humanity with Azure Active Directory (Azure AD ). Integrating Humanity
You can control in Azure AD who has access to Humanity.
You can enable your users to be automatically signed-in to Humanity (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Humanity, you need the following items:
Humanity single sign-on enabled subscription
Humanity supports SP initiated SSO
Adding Humanity from the gallery

To configure the integration of Humanity into Azure AD, you need to add Humanity from the gallery to your list of
managed SaaS apps.
To add Humanity from the gallery, perform the following steps:
4. In the search box, type Humanity, select Humanity from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Humanity based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Humanity
To configure and test Azure AD single sign-on with Humanity, you need to complete the following building blocks:
2. Configure Humanity Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Humanity test user - to have a counterpart of Britta Simon in Humanity that is linked to the Azure AD
To configure Azure AD single sign-on with Humanity, perform the following steps:
1. In the Azure portal, on the Humanity application integration page, select Single sign-on.
dialog.

https://company.humanity.com/includes/saml/
https://company.humanity.com/app/
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Humanity Client
6. On the Set up Humanity section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Humanity Single Sign-On
1. In a different web browser window, log in to your Humanity company site as an administrator.
3. Under Integration, click Single Sign-On.
4. In the Single Sign-On section, perform the following steps:
a. Select SAML Enabled.

b. Select Allow Password Login.
c. In the SAML Issuer URL textbox, paste the Login URL value, which you have copied from Azure portal.
d. In the Remote Logout URL textbox, paste the Logout URL value, which you have copied from Azure
portal.
e. Open your base-64 encoded certificate in notepad, copy the content of it into your clipboard, and then
paste it to the X.509 Certificate textbox.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Humanity.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Humanity.
2. In the applications list, select Humanity.
Create Humanity test user
In order to enable Azure AD users to log in to Humanity, they must be provisioned into Humanity. In the case of
Humanity, provisioning is a manual task.
1. Log in to your Humanity company site as an administrator.
2. Click Admin.
3. Click Staff.
4. Under Actions, click Add Employees.
5. In the Add Employees section, perform the following steps:

a. Type the First Name, Last Name, and Email of a valid Azure AD account you want to provision into the
related textboxes.
b. Click Save Employees.
NOTE
You can use any other Humanity user account creation tools or APIs provided by Humanity to provision Azure AD user
accounts.
Test single sign-on

When you click the Humanity tile in the Access Panel, you should be automatically signed in to the Humanity for
Tutorial: Integrate Hype with Azure Active Directory
In this tutorial, you'll learn how to integrate Hype with Azure Active Directory (Azure AD ). When you integrate
Hype with Azure AD, you can:
Control in Azure AD who has access to Hype.
Enable your users to be automatically signed-in to Hype with their Azure AD accounts.
Prerequisites
Hype single sign-on (SSO ) enabled subscription.
Hype supports SP initiated SSO
Hype supports Just In Time user provisioning
Adding Hype from the gallery

To configure the integration of Hype into Azure AD, you need to add Hype from the gallery to your list of managed
SaaS apps.
5. In the Add from the gallery section, type Hype in the search box.
6. Select Hype from results panel and then add the app. Wait a few seconds while the app is added to your tenant.

Configure and test Azure AD SSO with Hype using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Hype.
To configure and test Azure AD SSO with Hype, complete the following building blocks:
2. Configure Hype SSO - to configure the Single Sign-On settings on application side.
5. Create Hype test user - to have a counterpart of Britta Simon in Hype that is linked to the Azure AD
1. In the Azure portal, on the Hype application integration page, find the Manage section and select Single
sign-on.
https://<SUBDOMAIN>.hypeinnovation.com/Shibboleth.sso/Login
https://<SUBDOMAIN>.hypeinnovation.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Hype Client
6. On the Set up Hype section, copy the appropriate URL (s) based on your requirement.
Configure Hype SSO
To configure single sign-on on Hype side, you need to send the downloaded Metadata XML and appropriate
copied URLs from Azure portal to Hype support team. They set this setting to have the SAML SSO connection set
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Hype.
2. In the applications list, select Hype.
Create Hype test user
In this section, a user called Britta Simon is created in Hype. Hype supports just-in-time user provisioning, which is
enabled by default. There is no action item for you in this section. If a user doesn't already exist in Hype, a new one
Test SSO
When you click the Hype tile in the Access Panel, you should be automatically signed in to the Hype for which you
Tutorial: Integrate HyperAnna with Azure Active
Directory
In this tutorial, you'll learn how to integrate HyperAnna with Azure Active Directory (Azure AD ). When you
integrate HyperAnna with Azure AD, you can:
Control in Azure AD who has access to HyperAnna.
Enable your users to be automatically signed-in to HyperAnna with their Azure AD accounts.
Prerequisites
HyperAnna single sign-on (SSO ) enabled subscription.
HyperAnna supports SP and IDP initiated SSO
Adding HyperAnna from the gallery

To configure the integration of HyperAnna into Azure AD, you need to add HyperAnna from the gallery to your list
5. In the Add from the gallery section, type HyperAnna in the search box.
6. Select HyperAnna from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.

Configure and test Azure AD SSO with HyperAnna using a test user called B.Simon. For SSO to work, you need
to establish a link relationship between an Azure AD user and the related user in HyperAnna.
To configure and test Azure AD SSO with HyperAnna, complete the following building blocks:
2. Configure HyperAnna SSO - to configure the Single Sign-On settings on application side.
5. Create HyperAnna test user - to have a counterpart of Britta Simon in HyperAnna that is linked to the Azure
1. In the Azure portal, on the HyperAnna application integration page, find the Manage section and select
Single sign-on.
In the Reply URL text box, type a URL using any one of the following pattern:
https://microsoft.hyperanna.com/userservice/auth/saml
https://anna.hyperanna.com/userservice/auth/saml
initiated mode:
In the Sign-on URL text box, type a URL using any one of the following pattern:
https://microsoft.hyperanna.com/
https://anna.hyperanna.com/
7. On the Set up HyperAnna section, copy the appropriate URL (s) based on your requirement.
Configure HyperAnna SSO

To configure single sign-on on HyperAnna side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to HyperAnna support team. They set this setting to have the SAML
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to HyperAnna.
2. In the applications list, select HyperAnna.
Create HyperAnna test user
In this section, you create a user called Britta Simon in HyperAnna. Work with HyperAnna support team to add the
users in the HyperAnna platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the HyperAnna tile in the Access Panel, you should be automatically signed in to the HyperAnna
Tutorial: Azure Active Directory integration with IBM
Kenexa Survey Enterprise
In this tutorial, you learn how to integrate IBM Kenexa Survey Enterprise with Azure Active Directory (Azure AD ).
Integrating IBM Kenexa Survey Enterprise with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to IBM Kenexa Survey Enterprise.
You can enable your users to be automatically signed-in to IBM Kenexa Survey Enterprise (Single Sign-On) with
you begin.
Prerequisites
To configure Azure AD integration with IBM Kenexa Survey Enterprise, you need the following items:
IBM Kenexa Survey Enterprise single sign-on enabled subscription
IBM Kenexa Survey Enterprise supports IDP initiated SSO
Adding IBM Kenexa Survey Enterprise from the gallery

To configure the integration of IBM Kenexa Survey Enterprise into Azure AD, you need to add IBM Kenexa Survey
Enterprise from the gallery to your list of managed SaaS apps.
To add IBM Kenexa Survey Enterprise from the gallery, perform the following steps:
4. In the search box, type IBM Kenexa Survey Enterprise, select IBM Kenexa Survey Enterprise from

In this section, you configure and test Azure AD single sign-on with IBM Kenexa Survey Enterprise based on a test
user in IBM Kenexa Survey Enterprise needs to be established.
To configure and test Azure AD single sign-on with IBM Kenexa Survey Enterprise, you need to complete the
2. Configure IBM Kenexa Survey Enterprise Single Sign-On - to configure the Single Sign-On settings on
application side.
5. Create IBM Kenexa Survey Enterprise test user - to have a counterpart of Britta Simon in IBM Kenexa
Survey Enterprise that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with IBM Kenexa Survey Enterprise, perform the following steps:
1. In the Azure portal, on the IBM Kenexa Survey Enterprise application integration page, select Single
sign-on.
dialog.
https://surveys.kenexa.com/<companycode>
https://surveys.kenexa.com/<companycode>/tools/sso.asp
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact IBM Kenexa Survey
Enterprise Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
5. The IBM Kenexa Survey Enterprise application expects to receive the Security Assertions Markup Language
(SAML ) assertions in a specific format, which requires you to add custom attribute mappings to the
configuration of your SAML token attributes. The value of the user-identifier claim in the response must
match the SSO ID that's configured in the Kenexa system. To map the appropriate user identifier in your
organization as SSO Internet Datagram Protocol (IDP ), work with the IBM Kenexa Survey Enterprise
support team.
By default, Azure AD sets the user identifier as the user principal name (UPN ) value. You can change this
value on the User Attributes tab, as shown in the following screenshot. The integration works only after
you've completed the mapping correctly.
7. On the Set up IBM Kenexa Survey Enterprise section, copy the appropriate URL (s) as per your
requirement.
a. Login URL
c. Logout URL
Configure IBM Kenexa Survey Enterprise Single Sign-On
To configure single sign-on on IBM Kenexa Survey Enterprise side, you need to send the downloaded
Certificate (Base64) and appropriate copied URLs from Azure portal to IBM Kenexa Survey Enterprise support

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to IBM Kenexa Survey
Enterprise.
1. In the Azure portal, select Enterprise Applications, select All applications, then select IBM Kenexa
Survey Enterprise.
2. In the applications list, select IBM Kenexa Survey Enterprise.

Create IBM Kenexa Survey Enterprise test user
In this section, you create a user called Britta Simon in IBM Kenexa Survey Enterprise.
To create users in the IBM Kenexa Survey Enterprise system and map the SSO ID for them, you can work with the
IBM Kenexa Survey Enterprise support team. This SSO ID value should also be mapped to the user identifier value
from Azure AD. You can change this default setting on the Attribute tab.
Test single sign-on
When you click the IBM Kenexa Survey Enterprise tile in the Access Panel, you should be automatically signed in to
the IBM Kenexa Survey Enterprise for which you set up SSO. For more information about the Access Panel, see
Tutorial: Azure Active Directory integration with IBM
OpenPages
In this tutorial, you learn how to integrate IBM OpenPages with Azure Active Directory (Azure AD ). Integrating
IBM OpenPages with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to IBM OpenPages.
You can enable your users to be automatically signed-in to IBM OpenPages (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with IBM OpenPages, you need the following items:
IBM OpenPages single sign-on enabled subscription
IBM OpenPages supports IDP initiated SSO
Adding IBM OpenPages from the gallery

To configure the integration of IBM OpenPages into Azure AD, you need to add IBM OpenPages from the gallery
To add IBM OpenPages from the gallery, perform the following steps:
4. In the search box, type IBM OpenPages, select IBM OpenPages from result panel then click Add button

In this section, you configure and test Azure AD single sign-on with IBM OpenPages based on a test user called
IBM OpenPages needs to be established.
To configure and test Azure AD single sign-on with IBM OpenPages, you need to complete the following building
blocks:
2. Configure IBM OpenPages Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create IBM OpenPages test user - to have a counterpart of Britta Simon in IBM OpenPages that is linked to
To configure Azure AD single sign-on with IBM OpenPages, perform the following steps:
1. In the Azure portal, on the IBM OpenPages application integration page, select Single sign-on.
dialog.
http://<subdomain>.ibm.com:<ID>/openpages
https://<subdomain>.ibm.com:<ID>/samlsps/op
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact IBM OpenPages
6. On the Set up IBM OpenPages section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure IBM OpenPages Single Sign-On
To configure single sign-on on IBM OpenPages side, you need to send the downloaded Federation Metadata
XML and appropriate copied URLs from Azure portal to IBM OpenPages support team. They set this setting to

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to IBM OpenPages.
1. In the Azure portal, select Enterprise Applications, select All applications, then select IBM OpenPages.
2. In the applications list, select IBM OpenPages.
Create IBM OpenPages test user
In this section, you create a user called Britta Simon in IBM OpenPages. Work with IBM OpenPages support team
to add the users in the IBM OpenPages platform. Users must be created and activated before you use single sign-
on.
Test single sign-on
When you click the IBM OpenPages tile in the Access Panel, you should be automatically signed in to the IBM
OpenPages for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Icertis Contract Management Platform
In this tutorial, you learn how to integrate Icertis Contract Management Platform with Azure Active Directory
(Azure AD ). Integrating Icertis Contract Management Platform with Azure AD provides you with the following
benefits:
You can control in Azure AD who has access to Icertis Contract Management Platform.
You can enable your users to be automatically signed-in to Icertis Contract Management Platform (Single Sign-
you begin.
Prerequisites
To configure Azure AD integration with Icertis Contract Management Platform, you need the following items:
Icertis Contract Management Platform single sign-on enabled subscription
Icertis Contract Management Platform supports SP initiated SSO
Adding Icertis Contract Management Platform from the gallery

To configure the integration of Icertis Contract Management Platform into Azure AD, you need to add Icertis
Contract Management Platform from the gallery to your list of managed SaaS apps.
To add Icertis Contract Management Platform from the gallery, perform the following steps:
4. In the search box, type Icertis Contract Management Platform, select Icertis Contract Management
Platform from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Icertis Contract Management Platform based
the related user in Icertis Contract Management Platform needs to be established.
To configure and test Azure AD single sign-on with Icertis Contract Management Platform, you need to complete
the following building blocks:
2. Configure Icertis Contract Management Platform Single Sign-On - to configure the Single Sign-On
5. Create Icertis Contract Management Platform test user - to have a counterpart of Britta Simon in Icertis
Contract Management Platform that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with Icertis Contract Management Platform, perform the following steps:
1. In the Azure portal, on the Icertis Contract Management Platform application integration page, select
Single sign-on.
dialog.

a. In the Sign on URL text box, type a URL using the following pattern: https://<company name>.icertis.com
https://<company name>.icertis.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Icertis Contract
Management Platform Client support team to get these values. You can also refer to the patterns shown in the Basic
6. On the Set up Icertis Contract Management Platform section, copy the appropriate URL (s) as per your
requirement. For Login URL, use the value with the following pattern:
https://login.microsoftonline.com/_my_directory_id_/wsfed
NOTE
my_directory_id is the tenant id of Azure AD subscription.
a. Azure AD Identifier
b. Logout URL
Configure Icertis Contract Management Platform Single Sign-On
To configure single sign-on on Icertis Contract Management Platform side, you need to send the downloaded
Federation Metadata XML and appropriate copied URLs from Azure portal to Icertis Contract Management
Platform support team. They set this setting to have the SAML SSO connection set properly on both sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Icertis Contract
Management Platform.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Icertis Contract
Management Platform.
2. In the applications list, select Icertis Contract Management Platform.

Create Icertis Contract Management Platform test user
In this section, you create a user called Britta Simon in Icertis Contract Management Platform. Work with Icertis
Contract Management Platform support team to add the users in the Icertis Contract Management Platform
Test single sign-on
When you click the Icertis Contract Management Platform tile in the Access Panel, you should be automatically
signed in to the Icertis Contract Management Platform for which you set up SSO. For more information about the
ICIMS
In this tutorial, you learn how to integrate ICIMS with Azure Active Directory (Azure AD ). Integrating ICIMS with
You can control in Azure AD who has access to ICIMS.
You can enable your users to be automatically signed-in to ICIMS (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with ICIMS, you need the following items:
ICIMS single sign-on enabled subscription
ICIMS supports SP initiated SSO
Adding ICIMS from the gallery

To configure the integration of ICIMS into Azure AD, you need to add ICIMS from the gallery to your list of
managed SaaS apps.
To add ICIMS from the gallery, perform the following steps:
4. In the search box, type ICIMS, select ICIMS from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with ICIMS based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in ICIMS
To configure and test Azure AD single sign-on with ICIMS, you need to complete the following building blocks:
2. Configure ICIMS Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create ICIMS test user - to have a counterpart of Britta Simon in ICIMS that is linked to the Azure AD
To configure Azure AD single sign-on with ICIMS, perform the following steps:
1. In the Azure portal, on the ICIMS application integration page, select Single sign-on.
dialog.

a. In the Sign on URL text box, type a URL using the following pattern: https://<tenant name>.icims.com
https://<tenant name>.icims.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact ICIMS Client
6. On the Set up ICIMS section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure ICIMS Single Sign-On
To configure single sign-on on ICIMS side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to ICIMS support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to ICIMS.
1. In the Azure portal, select Enterprise Applications, select All applications, then select ICIMS.
2. In the applications list, select ICIMS.
Create ICIMS test user
In this section, you create a user called Britta Simon in ICIMS. Work with ICIMS support team to add the users in
the ICIMS platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the ICIMS tile in the Access Panel, you should be automatically signed in to the ICIMS for which
integration with IDC
In this tutorial, you'll learn how to integrate IDC with Azure Active Directory (Azure AD ). When you integrate IDC
Control in Azure AD who has access to IDC.
Enable your users to be automatically signed-in to IDC with their Azure AD accounts.
Prerequisites
IDC single sign-on (SSO ) enabled subscription.
IDC supports SP and IDP initiated SSO
Adding IDC from the gallery

To configure the integration of IDC into Azure AD, you need to add IDC from the gallery to your list of managed
SaaS apps.
5. In the Add from the gallery section, type IDC in the search box.
6. Select IDC from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
Configure and test Azure AD single sign-on for IDC

Configure and test Azure AD SSO with IDC using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in IDC.
To configure and test Azure AD SSO with IDC, complete the following building blocks:
2. Configure IDC SSO - to configure the single sign-on settings on application side.
a. Create IDC test user - to have a counterpart of B.Simon in IDC that is linked to the Azure AD

1. In the Azure portal, on the IDC application integration page, find the Manage section and select single
sign-on.
edit the settings.
urn:idc:authentication:saml2:entity:cas:prod-2016:<ClientCode>
https://cas.idc.com:443/login?client_name=<ClientName>
c. In the Relay State text box, type a URL: https://www.idc.com/j_spring_cas_security_check
initiated mode:
In the Sign-on URL text box, type a URL: https://www.idc.com/saml-welcome/<SamlWelcomeCode>
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact IDC Client support
Azure portal.
computer.
7. On the Set up IDC section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to IDC.
2. In the applications list, select IDC.
Configure IDC SSO

To configure single sign-on on IDC side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to IDC support team. They set this setting to have the SAML SSO
Create IDC test user
A user does not have to be created in IDC in advance. The user will created automatically once he uses single sign-
on for the first time.
Test SSO
When you click the IDC tile in the Access Panel, you should be automatically signed in to the IDC for which you set
Try IDC with Azure AD
IdeaScale
In this tutorial, you learn how to integrate IdeaScale with Azure Active Directory (Azure AD ). Integrating IdeaScale
You can control in Azure AD who has access to IdeaScale.
You can enable your users to be automatically signed-in to IdeaScale (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with IdeaScale, you need the following items:
IdeaScale single sign-on enabled subscription
IdeaScale supports SP initiated SSO
Adding IdeaScale from the gallery

To configure the integration of IdeaScale into Azure AD, you need to add IdeaScale from the gallery to your list of
managed SaaS apps.
To add IdeaScale from the gallery, perform the following steps:
4. In the search box, type IdeaScale, select IdeaScale from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with IdeaScale based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in IdeaScale
To configure and test Azure AD single sign-on with IdeaScale, you need to complete the following building blocks:
2. Configure IdeaScale Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create IdeaScale test user - to have a counterpart of Britta Simon in IdeaScale that is linked to the Azure AD
To configure Azure AD single sign-on with IdeaScale, perform the following steps:
1. In the Azure portal, on the IdeaScale application integration page, select Single sign-on.
dialog.

https://<companyname>.ideascale.com
http://<companyname>.ideascale.com
https://<companyname>.ideascale.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact IdeaScale Client
6. On the Set up IdeaScale section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure IdeaScale Single Sign-On
1. In a different web browser window, log in to your IdeaScale company site as an administrator.
2. Go to Community Settings.
3. Go to Security > Single Signon Settings.
4. As Single-Signon Type, select SAML 2.0.
5. On the Single Signon Settings dialog, perform the following steps:

a. In SAML IdP Entity ID textbox, paste the value of Azure Ad Identifier which you have copied from
Azure portal.
b. Open the downloaded metadata file from Azure portal into Notepad, copy the content of it and paste into
the SAML IdP Metadata textbox.
c. In Logout Success URL textbox, paste the value of Logout URL which you have copied from Azure
portal.
d. Click Save Changes.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to IdeaScale.
1. In the Azure portal, select Enterprise Applications, select All applications, then select IdeaScale.
2. In the applications list, select IdeaScale.
Create IdeaScale test user
To enable Azure AD users to log into IdeaScale, they must be provisioned in to IdeaScale. In the case of IdeaScale,
1. Log in to your IdeaScale company site as administrator.
2. Go to Community Settings.
3. Go to Basic Settings > Member Management.

4. Click Add Member.
5. In the Add New Member section, perform the following steps:
a. In the Email Addresses textbox, type the email address of a valid Azure AD account you want to
provision.
b. Click Save Changes.
NOTE
The Azure Active Directory account holder gets an email with a link to confirm the account before it becomes active.
NOTE
You can use any other IdeaScale user account creation tools or APIs provided by IdeaScale to provision Azure AD user
accounts.
Test single sign-on
When you click the IdeaScale tile in the Access Panel, you should be automatically signed in to the IdeaScale for
Tutorial: Azure Active Directory integration with iDiD
Manager
In this tutorial, you learn how to integrate iDiD Manager with Azure Active Directory (Azure AD ). Integrating iDiD
Manager with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to iDiD Manager.
You can enable your users to be automatically signed-in to iDiD Manager (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with iDiD Manager, you need the following items:
iDiD Manager single sign-on enabled subscription
iDiD Manager supports SP and IDP initiated SSO
Adding iDiD Manager from the gallery

To configure the integration of iDiD Manager into Azure AD, you need to add iDiD Manager from the gallery to
To add iDiD Manager from the gallery, perform the following steps:
4. In the search box, type iDiD Manager, select iDiD Manager from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with iDiD Manager based on a test user called
iDiD Manager needs to be established.
To configure and test Azure AD single sign-on with iDiD Manager, you need to complete the following building
blocks:
2. Configure iDiD Manager Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create iDiD Manager test user - to have a counterpart of Britta Simon in iDiD Manager that is linked to the
To configure Azure AD single sign-on with iDiD Manager, perform the following steps:
1. In the Azure portal, on the iDiD Manager application integration page, select Single sign-on.
dialog.
initiated mode:
In the Sign-on URL text box, type a URL using the following pattern: https://idid2.fi/saml/login/<domain>
NOTE
The value is not real. Update the value with the actual Sign-on URL. Contact iDiD Manager Client support team to
Configure iDiD Manager Single Sign-On

To configure single sign-on on iDiD Manager side, you need to send the App Federation Metadata Url to iDiD
Manager support team. They set this setting to have the SAML SSO connection set properly on both sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to iDiD Manager.
1. In the Azure portal, select Enterprise Applications, select All applications, then select iDiD Manager.
2. In the applications list, select iDiD Manager.

Create iDiD Manager test user
In this section, you create a user called Britta Simon in iDiD Manager. Work with iDiD Manager support team to
add the users in the iDiD Manager platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the iDiD Manager tile in the Access Panel, you should be automatically signed in to the iDiD
Manager for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
IDrive
In this tutorial, you learn how to integrate IDrive with Azure Active Directory (Azure AD ). Integrating IDrive with
You can control in Azure AD who has access to IDrive.
You can enable your users to be automatically signed-in to IDrive (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with IDrive, you need the following items:
IDrive single sign-on enabled subscription
IDrive supports SP and IDP initiated SSO
Adding IDrive from the gallery

To configure the integration of IDrive into Azure AD, you need to add IDrive from the gallery to your list of
managed SaaS apps.
To add IDrive from the gallery, perform the following steps:
4. In the search box, type IDrive, select IDrive from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with IDrive based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in IDrive
To configure and test Azure AD single sign-on with IDrive, you need to complete the following building blocks:
2. Configure IDrive Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create IDrive test user - to have a counterpart of Britta Simon in IDrive that is linked to the Azure AD
To configure Azure AD single sign-on with IDrive, perform the following steps:
1. In the Azure portal, on the IDrive application integration page, select Single sign-on.
dialog.
initiated mode:
In the Sign-on URL text box, type a URL: https://www.idrive.com/idrive/login/loginForm
on your computer.
7. On the Set up IDrive section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure IDrive Single Sign-On
To configure single sign-on on IDrive side, you need to send the downloaded Certificate (Raw) and appropriate
copied URLs from Azure portal to IDrive support team. They set this setting to have the SAML SSO connection set

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to IDrive.
1. In the Azure portal, select Enterprise Applications, select All applications, then select IDrive.
2. In the applications list, select IDrive.
Create IDrive test user
In this section, you create a user called Britta Simon in IDrive. Work with IDrive support team to add the users in
the IDrive platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the IDrive tile in the Access Panel, you should be automatically signed in to the IDrive for which
Tutorial: Azure Active Directory integration with Igloo
Software
In this tutorial, you learn how to integrate Igloo Software with Azure Active Directory (Azure AD ). Integrating Igloo
Software with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Igloo Software.
You can enable your users to be automatically signed-in to Igloo Software (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Igloo Software, you need the following items:
Igloo Software single sign-on enabled subscription
Igloo Software supports SP initiated SSO
Igloo Software supports Just In Time user provisioning
Adding Igloo Software from the gallery

To configure the integration of Igloo Software into Azure AD, you need to add Igloo Software from the gallery to
To add Igloo Software from the gallery, perform the following steps:
4. In the search box, type Igloo Software, select Igloo Software from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with Igloo Software based on a test user called
Igloo Software needs to be established.
To configure and test Azure AD single sign-on with Igloo Software, you need to complete the following building
blocks:
2. Configure Igloo Software Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Igloo Software test user - to have a counterpart of Britta Simon in Igloo Software that is linked to the
To configure Azure AD single sign-on with Igloo Software, perform the following steps:
1. In the Azure portal, on the Igloo Software application integration page, select Single sign-on.
dialog.

https://<company name>.igloocommmunities.com

https://<company name>.igloocommmunities.com/saml.digest
https://<company name>.igloocommmunities.com/saml.digest
NOTE
These values are not real. Update these values with the actual Sign-On URL, Identifier and Reply URL. Contact Igloo
6. On the Set up Igloo Software section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Igloo Software Single Sign-On
1. In a different web browser window, log in to your Igloo Software company site as an administrator.
2. Go to the Control Panel.
3. In the Membership tab, click Sign In Settings.
4. In the SAML Configuration section, click Configure SAML Authentication.
5. In the General Configuration section, perform the following steps:

a. In the Connection Name textbox, type a custom name for your configuration.
b. In the IdP Login URL textbox, paste the value of Login URL which you have copied from Azure portal.
c. In the IdP Logout URL textbox, paste the value of Logout URL which you have copied from Azure
portal.
d. Select Logout Response and Request HTTP Type as POST.
into your clipboard, and then paste it to the Public Certificate textbox.
6. In the Response and Authentication Configuration, perform the following steps:
a. As Identity Provider, select Microsoft ADFS.

b. As Identifier Type, select Email Address.
c. In the Email Attribute textbox, type emailaddress.
d. In the First Name Attribute textbox, type givenname.
e. In the Last Name Attribute textbox, type surname.
7. Perform the following steps to complete the configuration:
a. As User creation on Sign in, select Create a new user in your site when they sign in.
b. As Sign in Settings, select Use SAML button on “Sign in” screen.
c. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Igloo Software.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Igloo Software.
2. In the applications list, select Igloo Software.

Create Igloo Software test user
There is no action item for you to configure user provisioning to Igloo Software.
When an assigned user tries to log in to Igloo Software using the access panel, Igloo Software checks whether the
user exists. If there is no user account available yet, it is automatically created by Igloo Software.
Test single sign-on
When you click the Igloo Software tile in the Access Panel, you should be automatically signed in to the Igloo
Software for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Tutorial: Integrate iLMS with Azure Active Directory
In this tutorial, you'll learn how to integrate iLMS with Azure Active Directory (Azure AD ). When you integrate
iLMS with Azure AD, you can:
Control in Azure AD who has access to iLMS.
Enable your users to be automatically signed-in to iLMS with their Azure AD accounts.
Prerequisites
iLMS single sign-on (SSO ) enabled subscription.
In this tutorial, you configure and test Azure AD SSO in a test environment. iLMS supports SP and IDP initiated
SSO
Adding iLMS from the gallery

To configure the integration of iLMS into Azure AD, you need to add iLMS from the gallery to your list of managed
SaaS apps.
5. In the Add from the gallery section, type iLMS in the search box.
6. Select iLMS from results panel and then add the app. Wait a few seconds while the app is added to your tenant.

Configure and test Azure AD SSO with iLMS using a test user called Britta Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in iLMS.
To configure and test Azure AD SSO with iLMS, complete the following building blocks:
2. Configure iLMS SSO - to configure the Single Sign-On settings on application side.
5. Create iLMS test user - to have a counterpart of Britta Simon in iLMS that is linked to the Azure AD
1. In the Azure portal, on the iLMS application integration page, find the Manage section and select Single
sign-on.
4. On the Basic SAML Configuration page, if you wish to configure the application in IDP initiated mode,
a. In the Identifier text box, paste the Identifier value you copy from Service Provider section of SAML
settings in iLMS admin portal.
b. In the Reply URL text box, paste the Endpoint (URL ) value you copy from Service Provider section of
SAML settings in iLMS admin portal having the following pattern
https://www.inspiredlms.com/Login/<instanceName>/consumer.aspx
initiated mode:
In the Sign-on URL text box, paste the Endpoint (URL ) value you copy from Service Provider section of
SAML settings in iLMS admin portal as https://www.inspiredlms.com/Login/<instanceName>/consumer.aspx
6. To enable JIT provisioning, your iLMS application expects the SAML assertions in a specific format, which
NOTE
You have to enable Create Un-recognized User Account in iLMS to map these attributes. Follow the instructions
here to get an idea on the attributes configuration.
7. In addition to above, iLMS application expects few more attributes to be passed back in SAML response. In
the User Claims section on the User Attributes dialog, perform the following steps to add SAML token
division user.department
region user.state
department user.jobtitle
f. Click Ok
g. Click Save.
9. On the Set up iLMS section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure iLMS SSO
1. In a different web browser window, sign in to your iLMS admin portal as an administrator.
2. Click SSO:SAML under Settings tab to open SAML settings and perform the following steps:
3. Expand the Service Provider section and copy the Identifier and Endpoint (URL ) value.
4. Under Identity Provider section, click Import Metadata.

5. Select the Federation Metadata file downloaded from the Azure portal from the SAML Signing
Certificate section.
6. If you want to enable JIT provisioning to create iLMS accounts for un-recognize users, follow below steps:
a. Check Create Un-recognized User Account.
b. Map the attributes in Azure AD with the attributes in iLMS. In the attribute column, specify the attributes
name or the default value.
c. Go to Business Rules tab and perform the following steps:
d. Check Create Un-recognized Regions, Divisions and Departments to create Regions, Divisions, and
Departments that do not already exist at the time of Single Sign-on.
e. Check Update User Profile During Sign-in to specify whether the user’s profile is updated with each
Single Sign-on.
f. If the Update Blank Values for Non Mandatory Fields in User Profile option is checked, optional
profile fields that are blank upon sign in will also cause the user’s iLMS profile to contain blank values for
those fields.
g. Check Send Error Notification Email and enter the email of the user where you want to receive the
error notification email.
7. Click Save button to save the settings.

box.
d. Click Create.
In this section, you'll enable Britta Simon to use Azure single sign-on by granting access to iLMS.
2. In the applications list, select iLMS.
Create iLMS test user
Application supports Just in time user provisioning and after authentication users are created in the application
automatically. JIT will work, if you have clicked the Create Un-recognized User Account checkbox during SAML
configuration setting at iLMS admin portal.
If you need to create an user manually, then follow below steps:
1. Sign in to your iLMS company site as an administrator.
2. Click Register User under Users tab to open Register User page.
3. On the Register User page, perform the following steps.
a. In the First Name textbox, type the first name like Britta.
b. In the Last Name textbox, type the last name like Simon.
c. In the Email ID textbox, type the email address of the user like BrittaSimon@contoso.com.
d. In the Region dropdown, select the value for region.
e. In the Division dropdown, select the value for division.
f. In the Department dropdown, select the value for department.
g. Click Save.
NOTE
You can send registration mail to user by selecting Send Registration Mail checkbox.
Test SSO
When you select the iLMS tile in the Access Panel, you should be automatically signed in to the iLMS for which
Image Relay
In this tutorial, you learn how to integrate Image Relay with Azure Active Directory (Azure AD ). Integrating Image
Relay with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Image Relay.
You can enable your users to be automatically signed-in to Image Relay (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Image Relay, you need the following items:
Image Relay single sign-on enabled subscription
Image Relay supports SP initiated SSO
Adding Image Relay from the gallery

To configure the integration of Image Relay into Azure AD, you need to add Image Relay from the gallery to your
To add Image Relay from the gallery, perform the following steps:
4. In the search box, type Image Relay, select Image Relay from result panel then click Add button to add
the application.

In this section, you configure and test Azure AD single sign-on with Image Relay based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Image
Relay needs to be established.
To configure and test Azure AD single sign-on with Image Relay, you need to complete the following building
blocks:
2. Configure Image Relay Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Image Relay test user - to have a counterpart of Britta Simon in Image Relay that is linked to the
To configure Azure AD single sign-on with Image Relay, perform the following steps:
1. In the Azure portal, on the Image Relay application integration page, select Single sign-on.
dialog.

https://<companyname>.imagerelay.com/
https://<companyname>.imagerelay.com/sso/metadata
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Image Relay Client
6. On the Set up Image Relay section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Image Relay Single Sign-On
1. In another browser window, sign in to your Image Relay company site as an administrator.
2. In the toolbar on the top, click the Users & Permissions workload.
3. Click Create New Permission.
4. In the Single Sign On Settings workload, select the This Group can only sign-in via Single Sign On
check box, and then click Save.
5. Go to Account Settings.
6. Go to the Single Sign On Settings workload.
7. On the SAML Settings dialog, perform the following steps:
a. In Login URL textbox, paste the value of Login URL which you have copied from Azure portal.
b. In Logout URL textbox, paste the value of Logout URL which you have copied from Azure portal.
c. As Name Id Format, select urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.
d. As Binding Options for Requests from the Service Provider (Image Relay), select POST Binding.
e. Under x.509 Certificate, click Update Certificate.
f. Open the downloaded certificate in notepad, copy the content, and then paste it into the x.509 Certificate
textbox.
g. In Just-In-Time User Provisioning section, select the Enable Just-In-Time User Provisioning.
h. Select the permission group (for example, SSO Basic) which is allowed to sign in only through single
sign-on.
i. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Image Relay.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Image Relay.
2. In the applications list, select Image Relay.
Create Image Relay test user
The objective of this section is to create a user called Britta Simon in Image Relay.
To create a user called Britta Simon in Image Relay, perform the following steps:
1. Sign-on to your Image Relay company site as an administrator.
2. Go to Users & Permissions and select Create SSO User.
3. Enter the Email, First Name, Last Name, and Company of the user you want to provision and select the
permission group (for example, SSO Basic) which is the group that can sign in only through single sign-on.
4. Click Create.
Test single sign-on
When you click the Image Relay tile in the Access Panel, you should be automatically signed in to the Image Relay
IMAGE WORKS
In this tutorial, you learn how to integrate IMAGE WORKS with Azure Active Directory (Azure AD ). Integrating
IMAGE WORKS with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to IMAGE WORKS.
You can enable your users to be automatically signed-in to IMAGE WORKS (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with IMAGE WORKS, you need the following items:
IMAGE WORKS single sign-on enabled subscription
IMAGE WORKS supports SP initiated SSO
Adding IMAGE WORKS from the gallery

To configure the integration of IMAGE WORKS into Azure AD, you need to add IMAGE WORKS from the gallery
To add IMAGE WORKS from the gallery, perform the following steps:
4. In the search box, type IMAGE WORKS, select IMAGE WORKS from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with IMAGE WORKS based on a test user called
IMAGE WORKS needs to be established.
To configure and test Azure AD single sign-on with IMAGE WORKS, you need to complete the following building
blocks:
2. Configure IMAGE WORKS Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create IMAGE WORKS test user - to have a counterpart of Britta Simon in IMAGE WORKS that is linked to
To configure Azure AD single sign-on with IMAGE WORKS, perform the following steps:
1. In the Azure portal, on the IMAGE WORKS application integration page, select Single sign-on.
dialog.

https://i-imageworks.jp/iw/<tenantName>/sso/Login.do
https://sp.i-imageworks.jp/iw/<tenantName>/postResponse
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact IMAGE WORKS
6. On the Set up IMAGE WORKS section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure IMAGE WORKS Single Sign-On
To configure single sign-on on IMAGE WORKS side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to IMAGE WORKS support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to IMAGE WORKS.
1. In the Azure portal, select Enterprise Applications, select All applications, then select IMAGE WORKS.
2. In the applications list, select IMAGE WORKS.
Create IMAGE WORKS test user
In this section, you create a user called Britta Simon in IMAGE WORKS. Work with IMAGE WORKS support team
to add the users in the IMAGE WORKS platform. Users must be created and activated before you use single sign-
on.
Test single sign-on
When you click the IMAGE WORKS tile in the Access Panel, you should be automatically signed in to the IMAGE
WORKS for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Imagineer WebVision
In this tutorial, you learn how to integrate Imagineer WebVision with Azure Active Directory (Azure AD ).
Integrating Imagineer WebVision with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Imagineer WebVision.
You can enable your users to be automatically signed-in to Imagineer WebVision (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Imagineer WebVision, you need the following items:
Imagineer WebVision single sign-on enabled subscription
Imagineer WebVision supports SP initiated SSO
Adding Imagineer WebVision from the gallery

To configure the integration of Imagineer WebVision into Azure AD, you need to add Imagineer WebVision from
To add Imagineer WebVision from the gallery, perform the following steps:
4. In the search box, type Imagineer WebVision, select Imagineer WebVision from result panel then click

In this section, you configure and test Azure AD single sign-on with Imagineer WebVision based on a test user
in Imagineer WebVision needs to be established.
To configure and test Azure AD single sign-on with Imagineer WebVision, you need to complete the following
building blocks:
2. Configure Imagineer WebVision Single Sign-On - to configure the Single Sign-On settings on application
side.
5. Create Imagineer WebVision test user - to have a counterpart of Britta Simon in Imagineer WebVision that
To configure Azure AD single sign-on with Imagineer WebVision, perform the following steps:
1. In the Azure portal, on the Imagineer WebVision application integration page, select Single sign-on.
dialog.

https://<YOUR SERVER URL>/<yourapplicationloginpage>
https://<YOUR SERVER URL>/<yourapplicationloginpage>
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Imagineer
WebVision Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
Configure Imagineer WebVision Single Sign-On

To configure single sign-on on Imagineer WebVision side, you need to send the App Federation Metadata Url
to Imagineer WebVision support team. They set this setting to have the SAML SSO connection set properly on
both sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Imagineer WebVision.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Imagineer
WebVision.
2. In the applications list, select Imagineer WebVision.
Create Imagineer WebVision test user
In this section, you create a user called Britta Simon in Imagineer WebVision. Work with Imagineer WebVision
support team to add the users in the Imagineer WebVision platform. Users must be created and activated before
Test single sign-on
When you click the Imagineer WebVision tile in the Access Panel, you should be automatically signed in to the
Imagineer WebVision for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
Tutorial: Azure Active Directory integration with IMPAC Risk
Manager
In this tutorial, you learn how to integrate IMPAC Risk Manager with Azure Active Directory (Azure AD ). Integrating IMPAC Risk
You can control in Azure AD who has access to IMPAC Risk Manager.
You can enable your users to be automatically signed-in to IMPAC Risk Manager (Single Sign-On) with their Azure AD
accounts.
If you want to know more details about SaaS app integration with Azure AD, see What is application access and single sign-on
with Azure Active Directory. If you don't have an Azure subscription, create a free account before you begin.
Prerequisites
To configure Azure AD integration with IMPAC Risk Manager, you need the following items:
IMPAC Risk Manager single sign-on enabled subscription
IMPAC Risk Manager supports SP and IDP initiated SSO
Adding IMPAC Risk Manager from the gallery

To configure the integration of IMPAC Risk Manager into Azure AD, you need to add IMPAC Risk Manager from the gallery to
To add IMPAC Risk Manager from the gallery, perform the following steps:
4. In the search box, type IMPAC Risk Manager, select IMPAC Risk Manager from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with IMPAC Risk Manager based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in IMPAC Risk Manager
To configure and test Azure AD single sign-on with IMPAC Risk Manager, you need to complete the following building blocks:
2. Configure IMPAC Risk Manager Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create IMPAC Risk Manager test user - to have a counterpart of Britta Simon in IMPAC Risk Manager that is linked to the
To configure Azure AD single sign-on with IMPAC Risk Manager, perform the following steps:
1. In the Azure portal, on the IMPAC Risk Manager application integration page, select Single sign-on.
2. On the Select a Single sign-on method dialog, select SAML/WS-Fed mode to enable single sign-on.
3. On the Set up Single Sign-On with SAML page, click Edit icon to open Basic SAML Configuration dialog.
4. On the Basic SAML Configuration section, if you wish to configure the application in IDP initiated mode, perform the
following steps:
a. In the Identifier text box, type a value provided by IMPAC

For Production https://www.riskmanager.co.nz/DotNet/SSOv2/AssertionConsumerService.aspx?

client=<ClientSuffix>
For Staging and Training https://staging.riskmanager.co.nz/DotNet/SSOv2/AssertionConsumerService.aspx?

For Development https://dev.riskmanager.co.nz/DotNet/SSOv2/AssertionConsumerService.aspx?

For QA https://QA.riskmanager.co.nz/DotNet/SSOv2/AssertionConsumerService.aspx?
For Test https://test.riskmanager.co.nz/DotNet/SSOv2/AssertionConsumerService.aspx?

5. Click Set additional URLs and perform the following step if you wish to configure the application in SP initiated mode:
For Production https://www.riskmanager.co.nz/SSOv2/<ClientSuffix>
For Staging and Training https://staging.riskmanager.co.nz/SSOv2/<ClientSuffix>
For Development https://dev.riskmanager.co.nz/SSOv2/<ClientSuffix>
For QA https://QA.riskmanager.co.nz/SSOv2/<ClientSuffix>
For Test https://test.riskmanager.co.nz/SSOv2/<ClientSuffix>
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact IMPAC Risk Manager
Client support team to get these values. You can also refer to the patterns shown in the Basic SAML Configuration section in the
Azure portal.
6. On the Set up Single Sign-On with SAML page, in the SAML Signing Certificate section, click Download to
download the Certificate (Base64) from the given options as per your requirement and save it on your computer.
7. On the Set up IMPAC Risk Manager section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure IMPAC Risk Manager Single Sign-On
To configure single sign-on on IMPAC Risk Manager side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to IMPAC Risk Manager support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to IMPAC Risk Manager.
1. In the Azure portal, select Enterprise Applications, select All applications, then select IMPAC Risk Manager.
2. In the applications list, select IMPAC Risk Manager.

5. In the Users and groups dialog select Britta Simon in the Users list, then click the Select button at the bottom of the
screen.
6. If you are expecting any role value in the SAML assertion then in the Select Role dialog select the appropriate role for the
user from the list, then click the Select button at the bottom of the screen.
Create IMPAC Risk Manager test user
In this section, you create a user called Britta Simon in IMPAC Risk Manager. Work with IMPAC Risk Manager support team to
add the users in the IMPAC Risk Manager platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the IMPAC Risk Manager tile in the Access Panel, you should be automatically signed in to the IMPAC Risk
Manager for which you set up SSO. For more information about the Access Panel, see Introduction to the Access Panel.
integration with In Case of Crisis - Mobile
In this tutorial, you'll learn how to integrate In Case of Crisis - Mobile with Azure Active Directory (Azure AD ).
When you integrate In Case of Crisis - Mobile with Azure AD, you can:
Control in Azure AD who has access to In Case of Crisis - Mobile.
Enable your users to be automatically signed-in to In Case of Crisis - Mobile with their Azure AD accounts.
Prerequisites
In Case of Crisis - Mobile single sign-on (SSO ) enabled subscription.
In Case of Crisis - Mobile supports IDP initiated SSO
NOTE
Adding In Case of Crisis - Mobile from the gallery

To configure the integration of In Case of Crisis - Mobile into Azure AD, you need to add In Case of Crisis - Mobile
5. In the Add from the gallery section, type In Case of Crisis - Mobile in the search box.
6. Select In Case of Crisis - Mobile from results panel and then add the app. Wait a few seconds while the app is
Configure and test Azure AD single sign-on for In Case of Crisis -

Mobile
Configure and test Azure AD SSO with In Case of Crisis - Mobile using a test user called B.Simon. For SSO to
work, you need to establish a link relationship between an Azure AD user and the related user in In Case of Crisis -
Mobile.
To configure and test Azure AD SSO with In Case of Crisis - Mobile, complete the following building blocks:
2. Configure In Case of Crisis - Mobile SSO - to configure the single sign-on settings on application side.
a. Create In Case of Crisis - Mobile test user - to have a counterpart of B.Simon in In Case of Crisis -
Mobile that is linked to the Azure AD representation of user.

1. In the Azure portal, on the In Case of Crisis - Mobile application integration page, find the Manage
edit the settings.
the Save button.
6. Navigate to the Manage section on left side of page, click on Properties tab then copy the User access
URL and save it on your computer.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to In Case of Crisis - Mobile.
2. In the applications list, select In Case of Crisis - Mobile.
Configure In Case of Crisis - Mobile SSO

To configure single sign-on on In Case of Crisis - Mobile side, you need to send the downloaded Certificate
(Raw) and copied User access URL from Azure portal to In Case of Crisis - Mobile support team. They set this
Create In Case of Crisis - Mobile test user
In this section, you create a user called Britta Simon in In Case of Crisis - Mobile. Work with In Case of Crisis -
Mobile support team to add the users in the In Case of Crisis - Mobile platform. Users must be created and
Test SSO
When you click the In Case of Crisis - Mobile tile in the Access Panel, you should be automatically signed in to the
In Case of Crisis - Mobile for which you set up SSO. For more information about the Access Panel, see
Try In Case of Crisis - Mobile with Azure AD
Infinite Campus
In this tutorial, you learn how to integrate Infinite Campus with Azure Active Directory (Azure AD ). Integrating
Infinite Campus with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Infinite Campus.
You can enable your users to be automatically signed-in to Infinite Campus (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Infinite Campus, you need the following items:
Infinite Campus single sign-on enabled subscription
At minimum, you need to be an Azure Active Directory administrator, and have a Campus Product Security Role
of "Student Information System (SIS )" to complete the configuration.
Infinite Campus supports SP initiated SSO
Adding Infinite Campus from the gallery

To configure the integration of Infinite Campus into Azure AD, you need to add Infinite Campus from the gallery to
To add Infinite Campus from the gallery, perform the following steps:
4. In the search box, type Infinite Campus, select Infinite Campus from the result panel then click the Add

In this section, you configure and test Azure AD single sign-on with Infinite Campus based on a test user called
Infinite Campus needs to be established.
To configure and test Azure AD single sign-on with Infinite Campus, you need to complete the following building
blocks:
2. Configure Infinite Campus Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Infinite Campus test user - to have a counterpart of Britta Simon in Infinite Campus that is linked to
To configure Azure AD single sign-on with Infinite Campus, perform the following steps:
1. In the Azure portal, on the Infinite Campus application integration page, select Single sign-on.
dialog.
4. On the Basic SAML Configuration section, perform the following steps (note that the domain will vary with
Hosting Model, but the FULLY -QUALIFIED -DOMAIN value must match your Infinite Campus
installation):
https://<DOMAIN>.infinitecampus.com/campus/SSO/<DISTRICTNAME>/SIS

https://<DOMAIN>.infinitecampus.com/campus/<DISTRICTNAME>
https://<DOMAIN>.infinitecampus.com/campus/SSO/<DISTRICTNAME>
Configure Infinite Campus Single Sign-On

1. In a different web browser window, sign in to Infinite Campus as a Security Administrator.
2. On the left side of menu, click System Administration.
3. Navigate to User Security > SAML Management > SSO Service Provider Configuration.
4. On the SSO Service Provider Configuration page, perform the following steps:
a. Select Enable SAML Single Sign On.

b. Edit the Optional Attribute Name to contain name
c. On the Select an option to retrieve Identity Provider (IDP ) server data section, select Metadata
URL, paste the App Federation Metadata Url value, which you have copied from the Azure portal in the
box, and then click Sync.
d. After clicking Sync the values get auto-populated in SSO Service Provider Configuration page. These
values can be verified to match the values seen in Step 4 above.
e. Click Save.

d. Click Create.
NOTE
If you want all of your Azure users to have single sign-on access to Infinite Campus and rely on Infinite Campus internal
permissions system to control access, you can set the User Assignment Required property of the application to No and
skip the following steps.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Infinite Campus.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Infinite Campus.
2. In the applications list, select Infinite Campus.
Create Infinite Campus test user
Infinite Campus has a demographics centered architecture. Please contact Infinite Campus support team to add the
users in the Infinite Campus platform.
Test single sign-on
When you click the Infinite Campus tile in the Access Panel, you should be automatically signed in to the Infinite
Campus for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Infogix Data3Sixty Govern
In this tutorial, you learn how to integrate Infogix Data3Sixty Govern with Azure Active Directory (Azure AD ).
Integrating Infogix Data3Sixty Govern with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Infogix Data3Sixty Govern.
You can enable your users to be automatically signed-in to Infogix Data3Sixty Govern (Single Sign-On) with
you begin.
Prerequisites
To configure Azure AD integration with Infogix Data3Sixty Govern, you need the following items:
Infogix Data3Sixty Govern single sign-on enabled subscription
Infogix Data3Sixty Govern supports SP and IDP initiated SSO
Infogix Data3Sixty Govern supports Just In Time user provisioning
Adding Infogix Data3Sixty Govern from the gallery

To configure the integration of Infogix Data3Sixty Govern into Azure AD, you need to add Infogix Data3Sixty
Govern from the gallery to your list of managed SaaS apps.
To add Infogix Data3Sixty Govern from the gallery, perform the following steps:
4. In the search box, type Infogix Data3Sixty Govern, select Infogix Data3Sixty Govern from result panel

In this section, you configure and test Azure AD single sign-on with Infogix Data3Sixty Govern based on a test user
in Infogix Data3Sixty Govern needs to be established.
To configure and test Azure AD single sign-on with Infogix Data3Sixty Govern, you need to complete the following
building blocks:
2. Configure Infogix Data3Sixty Govern Single Sign-On - to configure the Single Sign-On settings on
application side.
5. Create Infogix Data3Sixty Govern test user - to have a counterpart of Britta Simon in Infogix Data3Sixty
Govern that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with Infogix Data3Sixty Govern, perform the following steps:
1. In the Azure portal, on the Infogix Data3Sixty Govern application integration page, select Single sign-
on.
dialog.
a. In the Identifier text box, type a URL: https://data3sixty.com/ui
https://<subdomain>.data3sixty.com/sso/acs
initiated mode:
In the Sign-on URL text box, type a URL using the following pattern: https://<subdomain>.data3sixty.com
NOTE
These values are not real. Update these values with the actual Reply URL and Sign-On URL. Contact Infogix
Data3Sixty Govern Client support team to get these values. You can also refer to the patterns shown in the Basic
6. Infogix Data3Sixty Govern application expects the SAML assertions in a specific format. Configure the
username user.mail
f. Click Ok
g. Click Save.
on your computer.
9. On the Set up Infogix Data3Sixty Govern section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Infogix Data3Sixty Govern Single Sign-On
To configure single sign-on on Infogix Data3Sixty Govern side, you need to send the downloaded Certificate
(Raw) and appropriate copied URLs from Azure portal to Infogix Data3Sixty Govern support team. They set this

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Infogix Data3Sixty
Govern.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Infogix
Data3Sixty Govern.
2. In the applications list, select Infogix Data3Sixty Govern.

Create Infogix Data3Sixty Govern test user
In this section, a user called Britta Simon is created in Infogix Data3Sixty Govern. Infogix Data3Sixty Govern
supports just-in-time user provisioning, which is enabled by default. There is no action item for you in this section.
If a user doesn't already exist in Infogix Data3Sixty Govern, a new one is created after authentication.
NOTE
If you need to create a user manually, contact Infogix Data3Sixty Govern support team.
Test single sign-on
When you click the Infogix Data3Sixty Govern tile in the Access Panel, you should be automatically signed in to the
Infogix Data3Sixty Govern for which you set up SSO. For more information about the Access Panel, see
Tutorial: Azure Active Directory integration with Infor
CloudSuite
In this tutorial, you learn how to integrate Infor CloudSuite with Azure Active Directory (Azure AD ). Integrating
Infor CloudSuite with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Infor CloudSuite.
You can enable your users to be automatically signed-in to Infor CloudSuite (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Infor CloudSuite, you need the following items:
Infor CloudSuite single sign-on enabled subscription
Infor CloudSuite supports SP and IDP initiated SSO
Infor CloudSuite supports Just In Time user provisioning
Adding Infor CloudSuite from the gallery

To configure the integration of Infor CloudSuite into Azure AD, you need to add Infor CloudSuite from the gallery
To add Infor CloudSuite from the gallery, perform the following steps:
4. In the search box, type Infor CloudSuite, select Infor CloudSuite from result panel then click Add button

In this section, you configure and test Azure AD single sign-on with Infor CloudSuite based on a test user called
Infor CloudSuite needs to be established.
To configure and test Azure AD single sign-on with Infor CloudSuite, you need to complete the following building
blocks:
2. Configure Infor CloudSuite Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Infor CloudSuite test user - to have a counterpart of Britta Simon in Infor CloudSuite that is linked to
To configure Azure AD single sign-on with Infor CloudSuite, perform the following steps:
1. In the Azure portal, on the Infor CloudSuite application integration page, select Single sign-on.
dialog.
http://mingle-sso.inforcloudsuite.com
http://mingle-sso.se1.inforcloudsuite.com
http://mingle-sso.eu1.inforcloudsuite.com
http://mingle-sso.se2.inforcloudsuite.com
https://mingle-
sso.inforcloudsuite.com:443/sp/ACS.saml2
https://mingle-
sso.se1.inforcloudsuite.com:443/sp/ACS.saml2
https://mingle-
sso.se2.inforcloudsuite.com:443/sp/ACS.saml2
https://mingle-
sso.eu1.inforcloudsuite.com:443/sp/ACS.saml2
initiated mode:
https://mingle-portal.inforcloudsuite.com/Tenant-
Name/
https://mingle-
portal.eu1.inforcloudsuite.com/Tenant-Name/
https://mingle-
portal.se1.inforcloudsuite.com/Tenant-Name/
https://mingle-
portal.se2.inforcloudsuite.com/Tenant-Name/
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact Infor
CloudSuite Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
7. On the Set up Infor CloudSuite section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Infor CloudSuite Single Sign-On
To configure single sign-on on Infor CloudSuite side, you need to send the downloaded Federation Metadata
XML and appropriate copied URLs from Azure portal to Infor CloudSuite support team. They set this setting to

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Infor CloudSuite.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Infor CloudSuite.
2. In the applications list, select Infor CloudSuite.
Create Infor CloudSuite test user
In this section, a user called Britta Simon is created in Infor CloudSuite. Infor CloudSuite supports just-in-time user
exist in Infor CloudSuite, a new one is created after authentication. If you need to create a user manually,
contact Infor CloudSuite support team.
Test single sign-on
When you click the Infor CloudSuite tile in the Access Panel, you should be automatically signed in to the Infor
CloudSuite for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Tutorial: Azure Active Directory integration with Infor
Retail – Information Management
In this tutorial, you learn how to integrate Infor Retail – Information Management with Azure Active Directory
(Azure AD ). Integrating Infor Retail – Information Management with Azure AD provides you with the following
benefits:
You can control in Azure AD who has access to Infor Retail – Information Management.
You can enable your users to be automatically signed-in to Infor Retail – Information Management (Single
you begin.
Prerequisites
To configure Azure AD integration with Infor Retail – Information Management, you need the following items:
Infor Retail – Information Management single sign-on enabled subscription
Infor Retail – Information Management supports SP and IDP initiated SSO
Adding Infor Retail – Information Management from the gallery

To configure the integration of Infor Retail – Information Management into Azure AD, you need to add Infor Retail
– Information Management from the gallery to your list of managed SaaS apps.
To add Infor Retail – Information Management from the gallery, perform the following steps:
4. In the search box, type Infor Retail – Information Management, select Infor Retail – Information
Management from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Infor Retail – Information Management based
the related user in Infor Retail – Information Management needs to be established.
To configure and test Azure AD single sign-on with Infor Retail – Information Management, you need to complete
2. Configure Infor Retail – Information Management Single Sign-On - to configure the Single Sign-On
5. Create Infor Retail – Information Management test user - to have a counterpart of Britta Simon in Infor
Retail – Information Management that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with Infor Retail – Information Management, perform the following steps:
1. In the Azure portal, on the Infor Retail – Information Management application integration page, select
Single sign-on.
dialog.
https://<company name>.mingle.infor.com
http://<company name>.mingledev.infor.com
https://<company name>.mingle.infor.com/sp/ACS.saml2
initiated mode:
https://<company name>.mingle.infor.com/<company code>
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact Infor
Retail – Information Management Client support team to get these values. You can also refer to the patterns shown
7. On the Set up Infor Retail – Information Management section, copy the appropriate URL (s) as per your
requirement.
a. Login URL
c. Logout URL
Configure Infor Retail – Information Management Single Sign-On
To configure single sign-on on Infor Retail – Information Management side, you need to send the downloaded
Metadata XML and appropriate copied URLs from Azure portal to Infor Retail – Information Management

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Infor Retail – Information
Management.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Infor Retail –
Information Management.
2. In the applications list, select Infor Retail – Information Management.

Create Infor Retail – Information Management test user
In this section, you create a user called Britta Simon in Infor Retail – Information Management. Work with Infor
Retail – Information Management support team to add the users in the Infor Retail – Information Management
Test single sign-on
When you click the Infor Retail – Information Management tile in the Access Panel, you should be automatically
signed in to the Infor Retail – Information Management for which you set up SSO. For more information about the
Inkling
In this tutorial, you learn how to integrate Inkling with Azure Active Directory (Azure AD ). Integrating Inkling with
You can control in Azure AD who has access to Inkling.
You can enable your users to be automatically signed-in to Inkling (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Inkling, you need the following items:
Inkling single sign-on enabled subscription
Inkling supports IDP initiated SSO
Adding Inkling from the gallery

To configure the integration of Inkling into Azure AD, you need to add Inkling from the gallery to your list of
managed SaaS apps.
To add Inkling from the gallery, perform the following steps:
4. In the search box, type Inkling, select Inkling from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Inkling based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Inkling
To configure and test Azure AD single sign-on with Inkling, you need to complete the following building blocks:
2. Configure Inkling Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Inkling test user - to have a counterpart of Britta Simon in Inkling that is linked to the Azure AD
To configure Azure AD single sign-on with Inkling, perform the following steps:
1. In the Azure portal, on the Inkling application integration page, select Single sign-on.
dialog.
https://api.inkling.com/saml/v2/metadata/<user-id>
https://api.inkling.com/saml/v2/acs/<user-id>
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact Inkling Client support
Azure portal.
6. On the Set up Inkling section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Inkling Single Sign-On
To configure single sign-on on Inkling side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to Inkling support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Inkling.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Inkling.
2. In the applications list, select Inkling.
Create Inkling test user
In this section, you create a user called Britta Simon in Inkling. Work with Inkling support team to add the users in
the Inkling platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Inkling tile in the Access Panel, you should be automatically signed in to the Inkling for which
Innotas
In this tutorial, you learn how to integrate Innotas with Azure Active Directory (Azure AD ). Integrating Innotas with
You can control in Azure AD who has access to Innotas.
You can enable your users to be automatically signed-in to Innotas (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Innotas, you need the following items:
Innotas single sign-on enabled subscription
Innotas supports SP initiated SSO
Innotas supports Just In Time user provisioning
Adding Innotas from the gallery

To configure the integration of Innotas into Azure AD, you need to add Innotas from the gallery to your list of
managed SaaS apps.
To add Innotas from the gallery, perform the following steps:
4. In the search box, type Innotas, select Innotas from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Innotas based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Innotas
To configure and test Azure AD single sign-on with Innotas, you need to complete the following building blocks:
2. Configure Innotas Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Innotas test user - to have a counterpart of Britta Simon in Innotas that is linked to the Azure AD
To configure Azure AD single sign-on with Innotas, perform the following steps:
1. In the Azure portal, on the Innotas application integration page, select Single sign-on.
dialog.

In the Sign-on URL text box, type a URL using the following pattern: https://<tenant-name>.Innotas.com
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact Innotas Client support team to get the
6. On the Set up Innotas section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Innotas Single Sign-On
To configure single sign-on on Innotas side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to Innotas support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Innotas.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Innotas.
2. In the applications list, select Innotas.
Create Innotas test user
There is no action item for you to configure user provisioning to Innotas. When an assigned user tries to sign in to
Innotas using the access panel, Innotas checks whether the user exists. If there is no user account available yet, it is
automatically created by Innotas.
Test single sign-on
When you click the Innotas tile in the Access Panel, you should be automatically signed in to the Innotas for which
Tutorial: Azure Active Directory integration with Innoverse
In this tutorial, you learn how to integrate Innoverse with Azure Active Directory (Azure AD ). Integrating Innoverse with
You can control in Azure AD who has access to Innoverse.
You can enable your users to be automatically signed-in to Innoverse (Single Sign-On) with their Azure AD accounts.
If you want to know more details about SaaS app integration with Azure AD, see What is application access and single sign-
Prerequisites
To configure Azure AD integration with Innoverse, you need the following items:
Innoverse single sign-on enabled subscription
Innoverse supports SP and IDP initiated SSO
Innoverse supports Just In Time user provisioning
Adding Innoverse from the gallery

To configure the integration of Innoverse into Azure AD, you need to add Innoverse from the gallery to your list of managed
SaaS apps.
To add Innoverse from the gallery, perform the following steps:
4. In the search box, type Innoverse, select Innoverse from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Innoverse based on a test user called Britta Simon. For
single sign-on to work, a link relationship between an Azure AD user and the related user in Innoverse needs to be
established.
To configure and test Azure AD single sign-on with Innoverse, you need to complete the following building blocks:
2. Configure Innoverse Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Innoverse test user - to have a counterpart of Britta Simon in Innoverse that is linked to the Azure AD
To configure Azure AD single sign-on with Innoverse, perform the following steps:
1. In the Azure portal, on the Innoverse application integration page, select Single sign-on.
a. In the Identifier text box, type a URL using the following pattern: https://<domainname>.innover.se
https://<domainname>.innover.se/auth/saml2/login
mode:
https://<domainname>.innover.se/auth/saml2/login
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact Innoverse Client
support team to get these values. You can also refer to the patterns shown in the Basic SAML Configuration section in the
Azure portal.
6. Innoverse application expects the SAML assertions in a specific format. Configure the following claims for this
application. You can manage the values of these attributes from the User Attributes section on application integration
page. On the Set up Single Sign-On with SAML page, click Edit button to open User Attributes dialog.
7. In the User Claims section on the User Attributes dialog, configure SAML token attribute as shown in the image
above and perform the following steps:
displayname user.userprincipalname http://schemas.xmlsoap.org/ws/2005/05/identity/claims
c. Enter the Namespace.
f. Click Ok
g. Click Save.
8. On the Set up Single Sign-On with SAML page, In the SAML Signing Certificate section, click copy icon to copy
App Federation Metadata url and save it on your computer.
Configure Innoverse Single Sign-On

To configure single sign-on on Innoverse side, you need to send the copied Federation Metadata Url to Innoverse support

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Innoverse.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Innoverse.
2. In the applications list, type and select Innoverse.

screen.
6. If you are expecting any role value in the SAML assertion then in the Select Role dialog select the appropriate role for
the user from the list, then click the Select button at the bottom of the screen.
Create Innoverse test user
In this section, a user called Britta Simon is created in Innoverse. Innoverse supports just-in-time provisioning, which is
enabled by default. There is no action item for you in this section. If a user doesn't already exist in Innoverse, a new one is
created when you attempt to access Innoverse.
Test single sign-on
When you click the Innoverse tile in the Access Panel, you should be automatically signed in to the Innoverse for which you
Insider Track
In this tutorial, you learn how to integrate Insider Track with Azure Active Directory (Azure AD ). Integrating Insider
Track with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Insider Track.
You can enable your users to be automatically signed-in to Insider Track (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Insider Track, you need the following items:
Insider Track single sign-on enabled subscription
Insider Track supports SP initiated SSO
Adding Insider Track from the gallery

To configure the integration of Insider Track into Azure AD, you need to add Insider Track from the gallery to your
To add Insider Track from the gallery, perform the following steps:
4. In the search box, type Insider Track, select Insider Track from result panel then click Add button to add
the application.

In this section, you configure and test Azure AD single sign-on with Insider Track based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Insider
Track needs to be established.
To configure and test Azure AD single sign-on with Insider Track, you need to complete the following building
blocks:
2. Configure Insider Track Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Insider Track test user - to have a counterpart of Britta Simon in Insider Track that is linked to the
To configure Azure AD single sign-on with Insider Track, perform the following steps:
1. In the Azure portal, on the Insider Track application integration page, select Single sign-on.
dialog.

https://<companyname>/InsiderTrack.Portal.<companyname>/Sso/
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact Insider Track Client support team to get
6. On the Set up Insider Track section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Insider Track Single Sign-On
To configure single sign-on on Insider Track side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to Insider Track support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Insider Track.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Insider Track.
2. In the applications list, select Insider Track.
Create Insider Track test user
In this section, you create a user called Britta Simon in Insider Track. Work with Insider Track support team to add
the users in the Insider Track platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Insider Track tile in the Access Panel, you should be automatically signed in to the Insider Track
InsideView
In this tutorial, you'll learn how to integrate InsideView with Azure Active Directory (Azure AD ). This integration
provides these benefits:
You can use Azure AD to control who has access to InsideView.
You can enable your users to be automatically signed in to InsideView (single sign-on) with their Azure AD
accounts.
Directory.
If you don't have an Azure subscription, create a free account before you begin.
Prerequisites
To configure Azure AD integration with InsideView, you need to have:
An InsideView subscription that has single sign-on enabled.
In this tutorial, you'll configure and test Azure AD single sign-on in a test environment.
InsideView supports IdP -initiated SSO.
Add InsideView from the gallery

To set up the integration of InsideView into Azure AD, you need to add InsideView from the gallery to your list of
managed SaaS apps.
1. In the Azure portal, in the left pane, select Azure Active Directory:
2. Go to Enterprise applications > All applications:

3. To add an application, select New application at the top of the window:
4. In the search box, enter InsideView. Select InsideView in the search results and then select Add.

In this section, you'll configure and test Azure AD single sign-on with InsideView by using a test user named Britta
Simon. To enable single sign-on, you need to establish a relationship between an Azure AD user and the
corresponding user in InsideView.
To configure and test Azure AD single sign-on with InsideView, you need to complete these steps:
1. Configure Azure AD single sign-on to enable the feature for your users.
2. Configure InsideView single sign-on on the application side.
3. Create an Azure AD test user to test Azure AD single sign-on.
4. Assign the Azure AD test user to enable Azure AD single sign-on for the user.
5. Create an InsideView test user that's linked to the Azure AD representation of the user.
In this section, you'll enable Azure AD single sign-on in the Azure portal.
To configure Azure AD single sign-on with InsideView, take these steps:
1. In the Azure portal, on the InsideView application integration page, select Single sign-on:
2. In the Select a single sign-on method dialog box, select SAML/WS -Fed mode to enable single sign-on:
Configuration dialog box:
4. In the Basic SAML Configuration dialog box, take the following steps.
In the Reply URL box, enter a URL in this pattern:
https://my.insideview.com/iv/<STS Name>/login.iv
NOTE
This value is a placeholder. You need to use the actual reply URL. Contact the InsideView support team to get the
value. You can also refer to the patterns shown in the Basic SAML Configuration dialog box in the Azure portal.
Download link next to Certificate (Raw), per your requirements, and save the certificate on your
computer:
6. In the Set up InsideView section, copy the appropriate URLs, based on your requirements:
a. Login URL.
b. Azure AD Identifier.
c. Logout URL.
Configure InsideView single sign-on
1. In a new web browser window, sign in to your InsideView company site as an admin.
2. At the top of the window, select Admin, SingleSignOn Settings, and then Add SAML.
3. In the Add a New SAML section, take the following steps.
a. In the STS Name box, enter a name for your configuration.

b. In the SamlP/WS -Fed Unsolicited EndPoint box, paste the Login URL value that you copied from
the Azure portal.
c. Open the Raw certificate that you downloaded from the Azure portal. Copy the contents of the
certificate to the clipboard, and then paste the contents into the STS Certificate box.
d. In the Crm User Id Mapping box, enter
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress.
e. In the Crm Email Mapping box, enter
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress.
f. In the Crm First Name Mapping box, enter
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname.
g. In the Crm lastName Mapping box, enter
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname.
h. Select Save.
In this section, you'll create a test user named Britta Simon in the Azure portal.
1. In the Azure portal, select Azure Active Directory in the left pane, select Users, and then select All users:
2. Select New user at the top of the window:

b. In the User name box, enter BrittaSimon@<yourcompanydomain>.<extension>. (For example,
BrittaSimon@contoso.com.)
c. Select Show Password, and then write down the value that's in the Password box.
d. Select Create.
In this section, you'll enable Britta Simon to use Azure single sign-on by granting her access to InsideView.
1. In the Azure portal, select Enterprise applications, select All applications, and then select InsideView.
2. In the list of applications, select InsideView.
3. In the left pane, select Users and groups:
5. In the Users and groups dialog box, select Britta Simon in the users list, and then click the Select button
at the bottom of the window.
6. If you expect a role value in the SAML assertion, in the Select Role dialog box, select the appropriate role
for the user from the list. Click the Select button at the bottom of the window.
Create an InsideView test user
To enable Azure AD users to sign in to InsideView, you need to add them to InsideView. You need to add them
manually.
To create users or contacts in InsideView, contact the InsideView support team.
NOTE
You can use any user account creation tool or API provided by InsideView to provision Azure AD user accounts.
Test single sign-on

Now you need to test your Azure AD single sign-on configuration by using the Access Panel.
When you select the InsideView tile in the Access Panel, you should be automatically signed in to the InsideView
instance for which you set up SSO. For more information about the Access Panel, see Access and use apps on the
My Apps portal.
Tutorials for integrating SaaS applications with Azure Active Directory
Insight4GRC
In this tutorial, you learn how to integrate Insight4GRC with Azure Active Directory (Azure AD ). Integrating
Insight4GRC with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Insight4GRC.
You can enable your users to be automatically signed-in to Insight4GRC (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Insight4GRC, you need the following items:
Insight4GRC single sign-on enabled subscription
Insight4GRC supports SP and IDP initiated SSO
Insight4GRC supports Just In Time user provisioning
Adding Insight4GRC from the gallery

To configure the integration of Insight4GRC into Azure AD, you need to add Insight4GRC from the gallery to your
To add Insight4GRC from the gallery, perform the following steps:
4. In the search box, type Insight4GRC, select Insight4GRC from result panel then click Add button to add
the application.

In this section, you configure and test Azure AD single sign-on with Insight4GRC based on a test user called Britta
Insight4GRC needs to be established.
To configure and test Azure AD single sign-on with Insight4GRC, you need to complete the following building
blocks:
2. Configure Insight4GRC Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Insight4GRC test user - to have a counterpart of Britta Simon in Insight4GRC that is linked to the
To configure Azure AD single sign-on with Insight4GRC, perform the following steps:
1. In the Azure portal, on the Insight4GRC application integration page, select Single sign-on.
dialog.
https://<subdomain>.Insight4GRC.com/SAML
https://<subdomain>.Insight4GRC.com/Public/SAML/ACS.aspx
initiated mode:
https://<subdomain>.Insight4GRC.com/Public/Login.aspx
NOTE
Insight4GRC Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
Configure Insight4GRC Single Sign-On

To configure single sign-on on Insight4GRC side, you need to send the App Federation Metadata Url to
Insight4GRC support team. They set this setting to have the SAML SSO connection set properly on both sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Insight4GRC.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Insight4GRC.
2. In the applications list, select Insight4GRC.
Create Insight4GRC test user
In this section, a user called Britta Simon is created in Insight4GRC. Insight4GRC supports just-in-time user
exist in Insight4GRC, a new one is created after authentication.
NOTE
If you need to create a user manually, contact Insight4GRC Client support team.
Test single sign-on

When you click the Insight4GRC tile in the Access Panel, you should be automatically signed in to the Insight4GRC
Insignia SAML SSO
In this tutorial, you learn how to integrate Insignia SAML SSO with Azure Active Directory (Azure AD ). Integrating
Insignia SAML SSO with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Insignia SAML SSO.
You can enable your users to be automatically signed-in to Insignia SAML SSO (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Insignia SAML SSO, you need the following items:
Insignia SAML SSO single sign-on enabled subscription
Insignia SAML SSO supports SP initiated SSO
Adding Insignia SAML SSO from the gallery

To configure the integration of Insignia SAML SSO into Azure AD, you need to add Insignia SAML SSO from the
To add Insignia SAML SSO from the gallery, perform the following steps:
4. In the search box, type Insignia SAML SSO, select Insignia SAML SSO from result panel then click Add

In this section, you configure and test Azure AD single sign-on with Insignia SAML SSO based on a test user called
Insignia SAML SSO needs to be established.
To configure and test Azure AD single sign-on with Insignia SAML SSO, you need to complete the following
building blocks:
2. Configure Insignia SAML SSO Single Sign-On - to configure the Single Sign-On settings on application
side.
5. Create Insignia SAML SSO test user - to have a counterpart of Britta Simon in Insignia SAML SSO that is
To configure Azure AD single sign-on with Insignia SAML SSO, perform the following steps:
1. In the Azure portal, on the Insignia SAML SSO application integration page, select Single sign-on.
dialog.

https://<customername>.insigniails.com/ils
https://<customername>.insigniails.com/
https://<customername>.insigniailsusa.com/
https://<customername>.insigniailsusa.com/<uniqueid>
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Insignia SAML SSO
6. On the Set up Insignia SAML SSO section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Insignia SAML SSO Single Sign-On
To configure single sign-on on Insignia SAML SSO side, you need to send the downloaded Certificate (Base64)
and appropriate copied URLs from Azure portal to Insignia SAML SSO support team. They set this setting to have

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Insignia SAML SSO.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Insignia SAML
SSO.
2. In the applications list, select Insignia SAML SSO.

Create Insignia SAML SSO test user
In this section, you create a user called Britta Simon in Insignia SAML SSO. Work with Insignia SAML SSO
support team to add the users in the Insignia SAML SSO platform. Users must be created and activated before
Test single sign-on
When you click the Insignia SAML SSO tile in the Access Panel, you should be automatically signed in to the
Insignia SAML SSO for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
Insperity ExpensAble
In this tutorial, you learn how to integrate Insperity ExpensAble with Azure Active Directory (Azure AD ).
Integrating Insperity ExpensAble with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Insperity ExpensAble.
You can enable your users to be automatically signed-in to Insperity ExpensAble (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Insperity ExpensAble, you need the following items:
Insperity ExpensAble single sign-on enabled subscription
Insperity ExpensAble supports SP initiated SSO
Adding Insperity ExpensAble from the gallery

To configure the integration of Insperity ExpensAble into Azure AD, you need to add Insperity ExpensAble from the
To add Insperity ExpensAble from the gallery, perform the following steps:
4. In the search box, type Insperity ExpensAble, select Insperity ExpensAble from the result panel then
click the Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Insperity ExpensAble based on a test user
in Insperity ExpensAble needs to be established.
To configure and test Azure AD single sign-on with Insperity ExpensAble, you need to complete the following
building blocks:
2. Configure Insperity ExpensAble Single Sign-On - to configure the Single Sign-On settings on application
side.
5. Create Insperity ExpensAble test user - to have a counterpart of Britta Simon in Insperity ExpensAble that is
To configure Azure AD single sign-on with Insperity ExpensAble, perform the following steps:
1. In the Azure portal, on the Insperity ExpensAble application integration page, select Single sign-on.
dialog.

https://server.expensable.com/esapp/Authenticate?companyId=<company ID>
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact Insperity ExpensAble Client support
Azure portal.
6. On the Set up Insperity ExpensAble section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Insperity ExpensAble Single Sign-On
To configure single sign-on on Insperity ExpensAble side, you need to send the downloaded Certificate
(Base64) and appropriate copied URLs from Azure portal to Insperity ExpensAble support team. They set this

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Insperity ExpensAble.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Insperity
ExpensAble.
2. In the applications list, select Insperity ExpensAble.
Create Insperity ExpensAble test user
In this section, you create a user called Britta Simon in Insperity ExpensAble. Work with Insperity ExpensAble
support team to add the users in the Insperity ExpensAble platform. Users must be created and activated before
Test single sign-on
When you click the Insperity ExpensAble tile in the Access Panel, you should be automatically signed in to the
Insperity ExpensAble for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
InstaVR Viewer
In this tutorial, you learn how to integrate InstaVR Viewer with Azure Active Directory (Azure AD ). Integrating
InstaVR Viewer with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to InstaVR Viewer.
You can enable your users to be automatically signed-in to InstaVR Viewer (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with InstaVR Viewer, you need the following items:
InstaVR Viewer single sign-on enabled subscription
InstaVR Viewer supports SP initiated SSO
InstaVR Viewer supports Just In Time user provisioning
Adding InstaVR Viewer from the gallery

To configure the integration of InstaVR Viewer into Azure AD, you need to add InstaVR Viewer from the gallery to
To add InstaVR Viewer from the gallery, perform the following steps:
4. In the search box, type InstaVR Viewer, select InstaVR Viewer from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with InstaVR Viewer based on a test user called
InstaVR Viewer needs to be established.
To configure and test Azure AD single sign-on with InstaVR Viewer, you need to complete the following building
blocks:
2. Configure InstaVR Viewer Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create InstaVR Viewer test user - to have a counterpart of Britta Simon in InstaVR Viewer that is linked to
To configure Azure AD single sign-on with InstaVR Viewer, perform the following steps:
1. In the Azure portal, on the InstaVR Viewer application integration page, select Single sign-on.
dialog.

https://console.instavr.co/auth/saml/login/<WEBPackagedURL>
NOTE
There is no fixed pattern for Sign on URL. It is generated when the InstaVR Viewer customer does web packaging. It is
unique for every customer and package. For getting the exact Sign on URL you need to login to your InstaVR Viewer
instance and do web packaging.
https://console.instavr.co/auth/saml/sp/<WEBPackagedURL>
NOTE
The Identifier value is not real. Update this value with the actual Identifier value which is explained later in this tutorial.
Download to download the Certificate (Base64) and Federation Metadata File from the given options
as per your requirement and save it on your computer.
6. On the Set up InstaVR Viewer section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure InstaVR Viewer Single Sign-On
1. Open a new web browser window and log into your InstaVR Viewer company site as an administrator.
2. Click on User Icon and select Account.
3. Scroll down to the SAML Auth and perform the following steps:
a. In the SSO URL textbox, paste the Login URL value, which you have copied from the Azure portal.
b. In the Logout URL textbox, paste the Logout URL value, which you have copied from the Azure portal.
c. In the Entity ID textbox, paste the Azure Ad Identifier value, which you have copied from the Azure
portal.
d. To upload your downloaded Certificate file, click Update.
e. To upload your downloaded Federation Metadata file, click Update.
f. Copy the Entity ID value and paste into the Identifier (Entity ID ) text box on the Basic SAML


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to InstaVR Viewer.
1. In the Azure portal, select Enterprise Applications, select All applications, then select InstaVR Viewer.
2. In the applications list, type and select InstaVR Viewer.

Create InstaVR Viewer test user
In this section, a user called Britta Simon is created in InstaVR Viewer. InstaVR Viewer supports just-in-time user
exist in InstaVR Viewer, a new one is created after authentication. If you face any problems, please contact to
InstaVR Viewer support team.
Test single sign-on
1. Open a new web browser window and log into your InstaVR Viewer company site as an administrator.
2. Select Package from the left navigation panel and select Make package for Web.
3. Select Download.
4. Select Open Hosted Page after that it will be redirected to Azure AD for login.
5. Enter your Azure AD credentials to successfully login to the Azure AD via SSO.
Tutorial: Integrate Sage Intacct with Azure Active
Directory
In this tutorial, you'll learn how to integrate Sage Intacct with Azure Active Directory (Azure AD ). When you
integrate Sage Intacct with Azure AD, you can:
Control in Azure AD who has access to Sage Intacct.
Enable your users to be automatically signed-in to Sage Intacct with their Azure AD accounts.
Prerequisites
Sage Intacct single sign-on (SSO ) enabled subscription.
Sage Intacct supports IDP initiated SSO
Adding Sage Intacct from the gallery

To configure the integration of Sage Intacct into Azure AD, you need to add Sage Intacct from the gallery to your
5. In the Add from the gallery section, type Sage Intacct in the search box.
6. Select Sage Intacct from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Sage Intacct

Configure and test Azure AD SSO with Sage Intacct using a test user called B.Simon. For SSO to work, you need
to establish a link relationship between an Azure AD user and the related user in Sage Intacct.
To configure and test Azure AD SSO with Sage Intacct, complete the following building blocks:
a. Assign the Azure AD test user - to enable B.Simon to use Azure AD single sign-on.
b. Create an Azure AD test user - to test Azure AD single sign-on with B.Simon.
2. Configure Sage Intacct SSO - to configure the Single Sign-On settings on application side.
a. Create Sage Intacct test user - to have a counterpart of B.Simon in Sage Intacct that is linked to the
1. In the Azure portal, on the Sage Intacct application integration page, find the Manage section and select
Single sign-on.
In the Reply URL text box, type a URL: https://www.intacct.com/ia/acct/sso_response.phtml
5. Sage Intacct application expects the SAML assertions in a specific format, which requires you to add custom
default attributes. Click Edit icon to open User Attributes dialog..
6. In addition to above, Sage Intacct application expects few more attributes to be passed back in SAML
Company Name Sage Intacct Company ID
name Value should be same as the Sage Intacct User ID, which
you enter in the Create Sage Intacct test user section,
which is explained later in the tutorial
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/n Value should be same as the Sage Intacct Federated SSO

ameidentifier User ID, which you enter in the Create Sage Intacct test
user section, which is explained later in the tutorial
f. Click Ok
g. Click Save.
8. On the Set up Sage Intacct section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Sage Intacct.
2. In the applications list, select Sage Intacct.
Configure Sage Intacct SSO

1. In a different web browser window, sign in to your Sage Intacct company site as an administrator.
2. Click the Company tab, and then click Company Info.
3. Click the Security tab, and then click Edit.

4. In the Single sign on (SSO ) section, perform the following steps:
a. Select Enable single sign on.

b. As Identity provider type, select SAML 2.0.
c. In Issuer URL textbox, paste the value of Azure AD Identifier, which you have copied from Azure portal.
d. In Login URL textbox, paste the value of Login URL, which you have copied from Azure portal.
paste it to the Certificate box.
f. Click Save.
Create Sage Intacct test user
To set up Azure AD users so they can sign in to Sage Intacct, they must be provisioned into Sage Intacct. For Sage
Intacct, provisioning is a manual task.
To provision user accounts, perform the following steps:
1. Sign in to your Sage Intacct tenant.
2. Click the Company tab, and then click Users.
3. Click the Add tab.
4. In the User Information section, perform the following steps:
a. Enter the User ID, the Last name, First name, the Email address, the Title, and the Phone of an Azure
AD account that you want to provision into the User Information section.
NOTE
Make sure that the User ID in above screenshot and the Source Attribute value which is mapped with the name
attribute in the User Attributes section in the Azure portal should be same.
b. Select the Admin privileges of an Azure AD account that you want to provision.
c. Click Save.
d. The Azure AD account holder receives an email and follows a link to confirm their account before it
becomes active.
5. Click Single sign-on tab and make sure that the Federated SSO user ID in below screenshot and the
Source Attribute value which is mapped with the
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier in the User Attributes section in the
Azure portal should be same.
NOTE
To provision Azure AD user accounts, you can use other Sage Intacct user account creation tools or APIs that are provided by
Sage Intacct.
Test SSO
When you click the Sage Intacct tile in the Access Panel, you should be automatically signed in to the Sage Intacct
InTime
In this tutorial, you learn how to integrate InTime with Azure Active Directory (Azure AD ). Integrating InTime with
You can control in Azure AD who has access to InTime.
You can enable your users to be automatically signed-in to InTime (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with InTime, you need the following items:
InTime single sign-on enabled subscription
InTime supports SP initiated SSO
Adding InTime from the gallery

To configure the integration of InTime into Azure AD, you need to add InTime from the gallery to your list of
managed SaaS apps.
To add InTime from the gallery, perform the following steps:
4. In the search box, type InTime, select InTime from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with InTime based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in InTime
To configure and test Azure AD single sign-on with InTime, you need to complete the following building blocks:
2. Configure InTime Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create InTime test user - to have a counterpart of Britta Simon in InTime that is linked to the Azure AD
To configure Azure AD single sign-on with InTime, perform the following steps:
1. In the Azure portal, on the InTime application integration page, select Single sign-on.
dialog.

a. In the Sign on URL text box, type a URL: https://intime6.intimesoft.com/mytime/login/login.xhtml
b. In the Identifier (Entity ID ) text box, type a URL: https://auth.intimesoft.com/auth/realms/master
5. Your InTime application expects the SAML assertions in a specific format, which requires you to add custom
default attributes, where as nameidentifier is mapped with user.userprincipalname. InTime application
7. On the Set up InTime section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure InTime Single Sign-On
To configure single sign-on on InTime side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to InTime support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to InTime.
1. In the Azure portal, select Enterprise Applications, select All applications, then select InTime.
2. In the applications list, select InTime.

Create InTime test user
In this section, you create a user called Britta Simon in InTime. Work with InTime support team to add the users in
the InTime platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the InTime tile in the Access Panel, you should be automatically signed in to the InTime for which
Intralinks
In this tutorial, you learn how to integrate Intralinks with Azure Active Directory (Azure AD ). Integrating Intralinks
You can control in Azure AD who has access to Intralinks.
You can enable your users to be automatically signed-in to Intralinks (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Intralinks, you need the following items:
Intralinks single sign-on enabled subscription
Intralinks supports SP initiated SSO
Adding Intralinks from the gallery

To configure the integration of Intralinks into Azure AD, you need to add Intralinks from the gallery to your list of
managed SaaS apps.
To add Intralinks from the gallery, perform the following steps:
4. In the search box, type Intralinks, select Intralinks from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Intralinks based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Intralinks
To configure and test Azure AD single sign-on with Intralinks, you need to complete the following building blocks:
2. Configure Intralinks Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Intralinks test user - to have a counterpart of Britta Simon in Intralinks that is linked to the Azure AD
To configure Azure AD single sign-on with Intralinks, perform the following steps:
1. In the Azure portal, on the Intralinks application integration page, select Single sign-on.
dialog.

https://<company name>.Intralinks.com/?PartnerIdpId=https://sts.windows.net/<AzureADTenantID>
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact Intralinks Client support team to get the
6. On the Set up Intralinks section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Intralinks Single Sign-On
To configure single sign-on on Intralinks side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to Intralinks support team. They set this setting to have the SAML

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Intralinks.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Intralinks.
2. In the applications list, select Intralinks.
Create Intralinks test user
In this section, you create a user called Britta Simon in Intralinks. Work with Intralinks support team to add the
users in the Intralinks platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Intralinks tile in the Access Panel, you should be automatically signed in to the Intralinks for
integration with iPass SmartConnect
In this tutorial, you'll learn how to integrate iPass SmartConnect with Azure Active Directory (Azure AD ). When
you integrate iPass SmartConnect with Azure AD, you can:
Control in Azure AD who has access to iPass SmartConnect.
Enable your users to be automatically signed-in to iPass SmartConnect with their Azure AD accounts.
Prerequisites
iPass SmartConnect single sign-on (SSO ) enabled subscription.
iPass SmartConnect supports SP and IDP initiated SSO
iPass SmartConnect supports Just In Time user provisioning
NOTE
Adding iPass SmartConnect from the gallery

To configure the integration of iPass SmartConnect into Azure AD, you need to add iPass SmartConnect from the
5. In the Add from the gallery section, type iPass SmartConnect in the search box.
6. Select iPass SmartConnect from results panel and then add the app. Wait a few seconds while the app is
Configure and test Azure AD single sign-on for iPass SmartConnect

Configure and test Azure AD SSO with iPass SmartConnect using a test user called B.Simon. For SSO to work,
you need to establish a link relationship between an Azure AD user and the related user in iPass SmartConnect.
To configure and test Azure AD SSO with iPass SmartConnect, complete the following building blocks:
2. Configure iPass SmartConnect SSO - to configure the single sign-on settings on application side.
Create iPass SmartConnect test user - to have a counterpart of B.Simon in iPass SmartConnect that is

1. In the Azure portal, on the iPass SmartConnect application integration page, find the Manage section and
edit the settings.
initiated mode:
In the Sign-on URL text box, type a URL: https://om-activation.ipass.com/ClientActivation/ssolanding.go
6. Click Save.
7. iPass SmartConnect application expects the SAML assertions in a specific format, which requires you to add
8. In addition to above, iPass SmartConnect application expects few more attributes to be passed back in
username user.userprincipalname
computer.
10. On the Set up iPass SmartConnect section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to iPass SmartConnect.
2. In the applications list, select iPass SmartConnect.
Configure iPass SmartConnect SSO

To configure single sign-on on iPass SmartConnect side, you need to send the downloaded Federation
Metadata XML and appropriate copied URLs from Azure portal to iPass SmartConnect support team. They set
Create iPass SmartConnect test user
In this section, you create a user called Britta Simon in iPass SmartConnect. Work with iPass SmartConnect
support team to add the users or the domain that must be added to an allow list for the iPass SmartConnect
platform. If the domain is added by the team, users will get automatically provisioned to the iPass SmartConnect
Test SSO
When you click the iPass SmartConnect tile in the Access Panel, you should be automatically signed in to the iPass
SmartConnect for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Try iPass SmartConnect with Azure AD
Tutorial: Azure Active Directory integration with iProva
In this tutorial, you learn how to integrate iProva with Azure Active Directory (Azure AD ). Integrating iProva with Azure AD
provides you with the following benefits:
You can control in Azure AD who has access to iProva.
You can enable your users to be automatically signed-in to iProva (Single Sign-On) with their Azure AD accounts.
Prerequisites
To configure Azure AD integration with iProva, you need the following items:
iProva single sign-on enabled subscription
iProva supports SP initiated SSO
Adding iProva from the gallery

To configure the integration of iProva into Azure AD, you need to add iProva from the gallery to your list of managed SaaS
apps.
To add iProva from the gallery, perform the following steps:
4. In the search box, type iProva, select iProva from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with iProva based on a test user called Britta Simon. For
single sign-on to work, a link relationship between an Azure AD user and the related user in iProva needs to be established.
To configure and test Azure AD single sign-on with iProva, you need to complete the following building blocks:
1. Retrieve configuration information from iProva as a preparation for the next steps.
3. Configure iProva Single Sign-On - to configure the Single Sign-On settings on application side.
6. Create iProva test user - to have a counterpart of Britta Simon in iProva that is linked to the Azure AD representation of
user.
Retrieve configuration information from iProva
In this section, you retrieve information from iProva to configure Azure AD single sign-on.
1. Open a web browser, and go to the SAML2 info page in iProva by using the following URL pattern:
https://SUBDOMAIN.iprova.nl/saml2info
https://SUBDOMAIN.iprova.be/saml2info
2. Leave the browser tab open while you proceed with the next steps in another browser tab.
To configure Azure AD single sign-on with iProva, perform the following steps:
1. In the Azure portal, on the iProva application integration page, select Single sign-on.

a. Fill the Identifier box with the value that's displayed behind the label EntityID on the iProva SAML2 info page.
This page is still open in your other browser tab.
b. Fill the Reply-URL box with the value that's displayed behind the label Reply URL on the iProva SAML2 info
page. This page is still open in your other browser tab.
c. Fill the Sign-on URL box with the value that's displayed behind the label Sign-on URL on the iProva SAML2 info
page. This page is still open in your other browser tab.
5. iProva application expects the SAML assertions in a specific format. Configure the following claims for this
application. You can manage the values of these attributes from the User Attributes section on application integration
page. On the Set up Single Sign-On with SAML page, click Edit button to open User Attributes dialog.
6. In the User Claims section on the User Attributes dialog, edit the claims by using Edit icon or add the claims by
using Add new claim to configure SAML token attribute as shown in the image above and perform the following
steps:
samaccountname user.onpremisessamaccountname http://schemas.xmlsoap.org/ws/2005/05/identity/claims
c. In the Namespace textbox, type the namespace value shown for that row.
f. Click Ok
g. Click Save.
7. On the Set up Single Sign-On with SAML page, In the SAML Signing Certificate section, click copy button to
copy App Federation Metadata Url and save it on your computer.
Configure iProva Single Sign-On

1. Sign in to iProva by using the Administrator account.
2. Open the Go to menu.
3. Select Application management.
4. Select General in the System settings panel.
5. Select Edit.
6. Scroll down to Access control.
7. Find the setting Users are automatically logged on with their network accounts, and change it to Yes,
authentication via SAML. Additional options now appear.
8. Select Set up.
9. Select Next.
10. iProva asks if you want to download federation data from a URL or upload it from a file. Select the From URL option.
11. Paste the metadata URL you saved in the last step of the "Configure Azure AD single sign-on" section.
12. Select the arrow-shaped button to download the metadata from Azure AD.
13. When the download is complete, the confirmation message Valid Federation Data file downloaded appears.
14. Select Next.
15. Skip the Test login option for now, and select Next.
16. In the Claim to use drop-down box, select windowsaccountname.
17. Select Finish.
18. You now return to the Edit general settings screen. Scroll down to the bottom of the page, and select OK to save
your configuration.

b. In the User name field type brittasimon@yourcompanydomain.extension . For example, BrittaSimon@contoso.com
d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to iProva.
1. In the Azure portal, select Enterprise Applications, select All applications, then select iProva.
2. In the applications list, select iProva.
screen.
Create iProva test user
1. Sign in to iProva by using the Administrator account.
2. Open the Go to menu.
3. Select Application management.
4. Select Users in the Users and user groups panel.
5. Select Add.
6. In the Username box, enter the username of user like BrittaSimon@contoso.com .
7. In the Full name box, enter a full name of user like BrittaSimon.
8. Select the No password (use single sign-on) option.
9. In the E-mail address box, enter the email address of user like BrittaSimon@contoso.com .
10. Scroll down to the end of the page, and select Finish.
Test single sign-on
When you click the iProva tile in the Access Panel, you should be automatically signed in to the iProva for which you set up
IQNavigator VMS
In this tutorial, you learn how to integrate IQNavigator VMS with Azure Active Directory (Azure AD ). Integrating
IQNavigator VMS with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to IQNavigator VMS.
You can enable your users to be automatically signed-in to IQNavigator VMS (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with IQNavigator VMS, you need the following items:
IQNavigator VMS single sign-on enabled subscription
IQNavigator VMS supports IDP initiated SSO
Adding IQNavigator VMS from the gallery

To configure the integration of IQNavigator VMS into Azure AD, you need to add IQNavigator VMS from the
To add IQNavigator VMS from the gallery, perform the following steps:
4. In the search box, type IQNavigator VMS, select IQNavigator VMS from result panel then click Add

In this section, you configure and test Azure AD single sign-on with IQNavigator VMS based on a test user called
IQNavigator VMS needs to be established.
To configure and test Azure AD single sign-on with IQNavigator VMS, you need to complete the following
building blocks:
2. Configure IQNavigator VMS Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create IQNavigator VMS test user - to have a counterpart of Britta Simon in IQNavigator VMS that is linked
To configure Azure AD single sign-on with IQNavigator VMS, perform the following steps:
1. In the Azure portal, on the IQNavigator VMS application integration page, select Single sign-on.
dialog.

a. In the Identifier text box, type a URL: iqn.com
https://<subdomain>.iqnavigator.com/security/login?client_name=https://sts.window.net/<instance name>

d. In the Relay State text box, type a URL using the following pattern: https://<subdomain>.iqnavigator.com
NOTE
These values are not real. Update these values with the actual Reply URL and Relay State. Contact IQNavigator VMS
5. IQNavigator application expect the unique user identifier value in the Name Identifier claim. Customer can
map the correct value for the Name Identifier claim. In this case we have mapped the
user.UserPrincipalName for the demo purpose. But according to your organization settings you should map
the correct value for it.
Configure IQNavigator VMS Single Sign-On
To configure single sign-on on IQNavigator VMS side, you need to send the App Federation Metadata Url to
IQNavigator VMS support team. They set this setting to have the SAML SSO connection set properly on both
sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to IQNavigator VMS.
1. In the Azure portal, select Enterprise Applications, select All applications, then select IQNavigator
VMS.
2. In the applications list, select IQNavigator VMS.

Create IQNavigator VMS test user
In this section, you create a user called Britta Simon in IQNavigator VMS. Work with IQNavigator VMS support
team to add the users in the IQNavigator VMS platform. Users must be created and activated before you use
single sign-on.
Test single sign-on
When you click the IQNavigator VMS tile in the Access Panel, you should be automatically signed in to the
IQNavigator VMS for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
iQualify LMS
In this tutorial, you learn how to integrate iQualify LMS with Azure Active Directory (Azure AD ). Integrating
iQualify LMS with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to iQualify LMS.
You can enable your users to be automatically signed-in to iQualify LMS (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with iQualify LMS, you need the following items:
iQualify LMS single sign-on enabled subscription
iQualify LMS supports SP and IDP initiated SSO
iQualify LMS supports Just In Time user provisioning
Adding iQualify LMS from the gallery

To configure the integration of iQualify LMS into Azure AD, you need to add iQualify LMS from the gallery to your
To add iQualify LMS from the gallery, perform the following steps:
4. In the search box, type iQualify LMS, select iQualify LMS from result panel then click Add button to add
the application.

In this section, you configure and test Azure AD single sign-on with iQualify LMS based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in iQualify
LMS needs to be established.
To configure and test Azure AD single sign-on with iQualify LMS, you need to complete the following building
blocks:
2. Configure iQualify LMS Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create iQualify LMS test user - to have a counterpart of Britta Simon in iQualify LMS that is linked to the
To configure Azure AD single sign-on with iQualify LMS, perform the following steps:
1. In the Azure portal, on the iQualify LMS application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type a URL using the following pattern: | | |--|--| | Production Environment:
https://<yourorg>.iqualify.com/ | | Test Environment: https://<yourorg>.iqualify.io |
b. In the Reply URL text box, type a URL using the following pattern: | | |--|--| | Production Environment:
https://<yourorg>.iqualify.com/auth/saml2/callback | | Test Environment:
https://<yourorg>.iqualify.io/auth/saml2/callback |
initiated mode:
In the Sign-on URL text box, type a URL using the following pattern: | | |--|--| | Production Environment:
https://<yourorg>.iqualify.com/login | | Test Environment: https://<yourorg>.iqualify.io/login |
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact iQualify
LMS Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
6. Your iQualify LMS application expects the SAML assertions in a specific format, which requires you to add
person_id "your attribute"
f. Click Ok
g. Click Save.
NOTE
The person_id attribute is Optional
9. On the Set up iQualify LMS section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure iQualify LMS Single Sign-On
1. Open a new browser window, and then sign in to your iQualify environment as an administrator.
2. Once you are logged in, click on your avatar at the top right, then click on Account settings
3. In the account settings area, click on the ribbon menu on the left and click on INTEGRATIONS
4. Under INTEGRATIONS, click on the SAML icon.
5. In the SAML Authentication Settings dialog box, perform the following steps:
a. In the SAML SINGLE SIGN -ON SERVICE URL box, paste the Login URL value copied from the Azure
AD application configuration window.
b. In the SAML LOGOUT URL box, paste the Logout URL value copied from the Azure AD application
configuration window.
c. Open the downloaded certificate file in notepad, copy the content, and then paste it in the PUBLIC
CERTIFICATE box.
d. In LOGIN BUTTON LABEL enter the name for the button to be displayed on login page.
e. Click SAVE.
f. Click UPDATE.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to iQualify LMS.
1. In the Azure portal, select Enterprise Applications, select All applications, then select iQualify LMS.
2. In the applications list, select iQualify LMS.
Create iQualify LMS test user
In this section, a user called Britta Simon is created in iQualify LMS. iQualify LMS supports just-in-time user
exist in iQualify LMS, a new one is created after authentication.
Test single sign-on
When you click the iQualify LMS tile in the Access Panel, you should get login page of your iQualify LMS
application.
Click Sign in with Azure AD button and you should get automatically signed-on to your iQualify LMS
application.
Tutorial: Azure Active Directory integration with Iris
Intranet
In this tutorial, you learn how to integrate Iris Intranet with Azure Active Directory (Azure AD ). Integrating Iris
Intranet with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Iris Intranet.
You can enable your users to be automatically signed-in to Iris Intranet (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Iris Intranet, you need the following items:
Iris Intranet single sign-on enabled subscription
Iris Intranet supports SP initiated SSO
Iris Intranet supports just-in-time user provisioning
Adding Iris Intranet from the gallery

To configure the integration of Iris Intranet into Azure AD, you need to add Iris Intranet from the gallery to your list
To add Iris Intranet from the gallery, perform the following steps:
4. In the search box, type Iris Intranet, select Iris Intranet from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Iris Intranet based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Iris
Intranet needs to be established.
To configure and test Azure AD single sign-on with Iris Intranet, you need to complete the following building
blocks:
2. Configure Iris Intranet Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Iris Intranet test user - to have a counterpart of Britta Simon in Iris Intranet that is linked to the Azure
To configure Azure AD single sign-on with Iris Intranet, perform the following steps:
1. In the Azure portal, on the Iris Intranet application integration page, select Single sign-on.
dialog.

https://<SUBDOMAIN>.irisintranet.com
https://<SUBDOMAIN>.irisintranet.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Iris Intranet Client
Configure Iris Intranet Single Sign-On

To configure single sign-on on Iris Intranet side, you need to send the App Federation Metadata Url to Iris
Intranet support team. They set this setting to have the SAML SSO connection set properly on both sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Iris Intranet.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Iris Intranet.
2. In the applications list, select Iris Intranet.
Create Iris Intranet test user
In this section, a user called Britta Simon is created in Iris Intranet. Iris Intranet supports just-in-time user
exist in Iris Intranet, a new one is created after authentication.
Test single sign-on
When you click the Iris Intranet tile in the Access Panel, you should be automatically signed in to the Iris Intranet
IriusRisk
In this tutorial, you learn how to integrate IriusRisk with Azure Active Directory (Azure AD ). Integrating IriusRisk
You can control in Azure AD who has access to IriusRisk.
You can enable your users to be automatically signed-in to IriusRisk (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with IriusRisk, you need the following items:
IriusRisk single sign-on enabled subscription
IriusRisk supports SP initiated SSO
IriusRisk supports Just In Time user provisioning
Adding IriusRisk from the gallery

To configure the integration of IriusRisk into Azure AD, you need to add IriusRisk from the gallery to your list of
managed SaaS apps.
To add IriusRisk from the gallery, perform the following steps:
4. In the search box, type IriusRisk, select IriusRisk from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with IriusRisk based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in IriusRisk
To configure and test Azure AD single sign-on with IriusRisk, you need to complete the following building blocks:
2. Configure IriusRisk Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create IriusRisk test user - to have a counterpart of Britta Simon in IriusRisk that is linked to the Azure AD
To configure Azure AD single sign-on with IriusRisk, perform the following steps:
1. In the Azure portal, on the IriusRisk application integration page, select Single sign-on.
dialog.

https://<companyname>.iriusrisk.com/ui#!login
b. In the Identifier (Entity ID ) text box, type the value: iriusrisk-sp
NOTE
The Sign-on URL value is not real. Update this value with the actual Sign-On URL. Contact IriusRisk Client support
Azure portal.
6. On the Set up IriusRisk section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure IriusRisk Single Sign-On
To configure single sign-on on IriusRisk side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to IriusRisk support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to IriusRisk.
1. In the Azure portal, select Enterprise Applications, select All applications, then select IriusRisk.
2. In the applications list, select IriusRisk.
Create IriusRisk test user
In this section, a user called Britta Simon is created in IriusRisk. IriusRisk supports just-in-time user provisioning,
IriusRisk, a new one is created after authentication.
Test single sign-on
When you click the IriusRisk tile in the Access Panel, you should be automatically signed in to the IriusRisk for
integration with iServer Portal
In this tutorial, you'll learn how to integrate iServer Portal with Azure Active Directory (Azure AD ). When you
integrate iServer Portal with Azure AD, you can:
Control in Azure AD who has access to iServer Portal.
Enable your users to be automatically signed-in to iServer Portal with their Azure AD accounts.
Prerequisites
iServer Portal single sign-on (SSO ) enabled subscription.
iServer Portal supports SP and IDP initiated SSO
Adding iServer Portal from the gallery

To configure the integration of iServer Portal into Azure AD, you need to add iServer Portal from the gallery to
5. In the Add from the gallery section, type iServer Portal in the search box.
6. Select iServer Portal from results panel and then add the app. Wait a few seconds while the app is added to
your tenant.
Configure and test Azure AD single sign-on for iServer Portal

Configure and test Azure AD SSO with iServer Portal using a test user called B.Simon. For SSO to work, you
need to establish a link relationship between an Azure AD user and the related user in iServer Portal.
To configure and test Azure AD SSO with iServer Portal, complete the following building blocks:
2. Configure iServer Portal SSO - to configure the single sign-on settings on application side.
a. Create iServer Portal test user - to have a counterpart of B.Simon in iServer Portal that is linked to the

1. In the Azure portal, on the iServer Portal application integration page, find the Manage section and select
single sign-on.
edit the settings.
a. In the Identifier text box, type a URL using the following pattern: iserver-portal-<myiserverportal>
https://<myiserverportal.com>/SAML/login
initiated mode:
https://<myiserverportal.com>/SAML/login
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact iServer
Portal Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
8. On the Set up iServer Portal section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to iServer Portal.
2. In the applications list, select iServer Portal.
Configure iServer Portal SSO

To configure single sign-on on iServer Portal side, you need to send the Thumbprint Value and appropriate
copied URLs from Azure portal to iServer Portal support team. They set this setting to have the SAML SSO
Create iServer Portal test user
In this section, you create a user called B.Simon in iServer Portal. Work with iServer Portal support team to add the
users in the iServer Portal platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the iServer Portal tile in the Access Panel, you should be automatically signed in to the iServer
Portal for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Try iServer Portal with Azure AD
Tutorial: Azure Active Directory integration with ITRP
In this tutorial, you'll learn how to integrate ITRP with Azure Active Directory (Azure AD ). This integration provides
these benefits:
You can use Azure AD to control who has access to ITRP.
You can enable your users to be automatically signed in to ITRP (single sign-on) with their Azure AD accounts.
Directory.
Prerequisites
To configure Azure AD integration with ITRP, you need to have:
An ITRP subscription that has single sign-on enabled.
ITRP supports SP -initiated SSO.
Add ITRP from the gallery

To set up the integration of ITRP into Azure AD, you need to add ITRP from the gallery to your list of managed
SaaS apps.

4. In the search box, enter ITRP. Select ITRP in the search results and then select Add.

In this section, you'll configure and test Azure AD single sign-on with ITRP by using a test user named Britta
corresponding user in ITRP.
To configure and test Azure AD single sign-on with ITRP, you need to complete these steps:
2. Configure ITRP single sign-on on the application side.
5. Create an ITRP test user that's linked to the Azure AD representation of the user.
To configure Azure AD single sign-on with ITRP, take these steps:
1. In the Azure portal, on the ITRP application integration page, select Single sign-on:
a. In the Sign on URL box, enter a URL in this pattern:
https://<tenant-name>.itrp.com
b. In the Identifier (Entity ID ) box, enter a URL in this pattern:

https://<tenant-name>.itrp.com
NOTE
These values are placeholders. You need to use the actual sign-on URL and identifier. Contact the ITRP support team
to get the values. You can also refer to the patterns shown in the Basic SAML Configuration dialog box in the Azure
portal.
5. In the SAML Signing Certificate section, select the Edit icon to open the SAML Signing Certificate
dialog box:
6. In the SAML Signing Certificate dialog box, copy the Thumbprint value and save it:
7. In the Set up ITRP section, copy the appropriate URLs, based on your requirements:
a. Login URL.
c. Logout URL.
Configure ITRP single sign-on
1. In a new web browser window, sign in to your ITRP company site as an admin.
2. At the top of the window, select the Settings icon:
3. In the left pane, select Single Sign-On:
4. In the Single Sign-On configuration section, take the following steps.

a. Select Enabled.
b. In the Remote logout URL box, paste the Logout URL value that you copied from the Azure portal.
c. In the SAML SSO URL box, paste the Login URL value that you copied from the Azure portal.
d. In the Certificate fingerprint box, paste the Thumbprint value of the certificate, which you copied
e. Select Save.
2. Select New user at the top of the screen:

d. Select Create.
In this section, you'll enable Britta Simon to use Azure single sign-on by granting her access to ITRP.
1. In the Azure portal, select Enterprise applications, select All applications, and then select ITRP.
2. In the list of applications, select ITRP.
Create an ITRP test user
To enable Azure AD users to sign in to ITRP, you need to add them to ITRP. You need to add them manually.
To create a user account, take these steps:
1. Sign in to your ITRP tenant.
2. At the top of the window, select the Records icon:
3. In the menu, select People:
4. Select the plus sign (+) to add a new person:
5. In the Add New Person dialog box, take the following steps.
a. Enter the name and email address of a valid Azure AD account that you want to add.
b. Select Save.
NOTE
You can use any user account creation tool or API provided by ITRP to provision Azure AD user accounts.
Test single sign-on

When you select the ITRP tile in the Access Panel, you should be automatically signed in to the ITRP instance for
which you set up SSO. For more information about the Access Panel, see Access and use apps on the My Apps
portal.
itslearning
In this tutorial, you learn how to integrate itslearning with Azure Active Directory (Azure AD ). Integrating
itslearning with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to itslearning.
You can enable your users to be automatically signed-in to itslearning (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with itslearning, you need the following items:
itslearning single sign-on enabled subscription
itslearning supports SP initiated SSO
Adding itslearning from the gallery

To configure the integration of itslearning into Azure AD, you need to add itslearning from the gallery to your list
To add itslearning from the gallery, perform the following steps:
4. In the search box, type itslearning, select itslearning from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with itslearning based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in itslearning
To configure and test Azure AD single sign-on with itslearning, you need to complete the following building blocks:
2. Configure itslearning Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create itslearning test user - to have a counterpart of Britta Simon in itslearning that is linked to the Azure
To configure Azure AD single sign-on with itslearning, perform the following steps:
1. In the Azure portal, on the itslearning application integration page, select Single sign-on.
dialog.

a. In the Sign on URL text box, type the URL:
https://www.itslearning.com/index.aspx
https://us1.itslearning.com/index.aspx
b. In the Identifier (Entity ID ) text box, type the URL: urn:mace:saml2v2.no:services:com.itslearning
6. On the Set up itslearning section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure itslearning Single Sign-On
To configure single sign-on on itslearning side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to itslearning support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to itslearning.
1. In the Azure portal, select Enterprise Applications, select All applications, then select itslearning.
2. In the applications list, select itslearning.
Create itslearning test user
In this section, you create a user called Britta Simon in itslearning. Work with itslearning support team to add the
users in the itslearning platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the itslearning tile in the Access Panel, you should be automatically signed in to the itslearning for
Tutorial: Azure Active Directory integration with Ivanti
Service Manager (ISM)
In this tutorial, you learn how to integrate Ivanti Service Manager (ISM ) with Azure Active Directory (Azure AD ).
Integrating Ivanti Service Manager (ISM ) with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Ivanti Service Manager (ISM ).
You can enable your users to be automatically signed-in to Ivanti Service Manager (ISM ) (Single Sign-On) with
you begin.
Prerequisites
To configure Azure AD integration with Ivanti Service Manager (ISM ), you need the following items:
Ivanti Service Manager (ISM ) single sign-on enabled subscription
Ivanti Service Manager (ISM ) supports SP and IDP initiated SSO
Ivanti Service Manager (ISM ) supports Just In Time user provisioning
Adding Ivanti Service Manager (ISM) from the gallery

To configure the integration of Ivanti Service Manager (ISM ) into Azure AD, you need to add Ivanti Service
Manager (ISM ) from the gallery to your list of managed SaaS apps.
To add Ivanti Service Manager (ISM ) from the gallery, perform the following steps:
4. In the search box, type Ivanti Service Manager (ISM ), select Ivanti Service Manager (ISM ) from result

In this section, you configure and test Azure AD single sign-on with Ivanti Service Manager (ISM ) based on a test
user in Ivanti Service Manager (ISM ) needs to be established.
To configure and test Azure AD single sign-on with Ivanti Service Manager (ISM ), you need to complete the
2. Configure Ivanti Service Manager (ISM ) Single Sign-On - to configure the Single Sign-On settings on
application side.
5. Create Ivanti Service Manager (ISM ) test user - to have a counterpart of Britta Simon in Ivanti Service
Manager (ISM ) that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with Ivanti Service Manager (ISM ), perform the following steps:
1. In the Azure portal, on the Ivanti Service Manager (ISM ) application integration page, select Single
sign-on.
dialog.
https://<customer>.saasit.com/
https://<customer>.saasiteu.com/
https://<customer>.saasitau.com/
https://<customer>/handlers/sso/SamlAssertionConsumerHandler.ashx
initiated mode:
In the Sign-on URL text box, type a URL using the following pattern: https://<customer>.saasit.com/
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact Ivanti
Service Manager (ISM) Client support team to get these values. You can also refer to the patterns shown in the Basic
on your computer.
7. On the Set up Ivanti Service Manager (ISM ) section, copy the appropriate URL (s) as per your
requirement.
a. Login URL
c. Logout URL
Configure Ivanti Service Manager (ISM ) Single Sign-On
To configure single sign-on on Ivanti Service Manager (ISM ) side, you need to send the downloaded
Certificate (Raw) and appropriate copied URLs from Azure portal to Ivanti Service Manager (ISM ) support team.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Ivanti Service Manager
(ISM ).
1. In the Azure portal, select Enterprise Applications, select All applications, then select Ivanti Service
Manager (ISM ).
2. In the applications list, select Ivanti Service Manager (ISM ).

Create Ivanti Service Manager (ISM ) test user
In this section, a user called Britta Simon is created in Ivanti Service Manager (ISM ). Ivanti Service Manager (ISM )
If a user doesn't already exist in Ivanti Service Manager (ISM ), a new one is created after authentication.
NOTE
If you need to create a user manually, contact Ivanti Service Manager (ISM) support team.
Test single sign-on
When you click the Ivanti Service Manager (ISM ) tile in the Access Panel, you should be automatically signed in to
the Ivanti Service Manager (ISM ) for which you set up SSO. For more information about the Access Panel, see
Tutorial: Integrate iWellnessNow with Azure Active
Directory
In this tutorial, you'll learn how to integrate iWellnessNow with Azure Active Directory (Azure AD ). When you
integrate iWellnessNow with Azure AD, you can:
Control in Azure AD who has access to iWellnessNow.
Enable your users to be automatically signed-in to iWellnessNow with their Azure AD accounts.
Prerequisites
iWellnessNow single sign-on (SSO ) enabled subscription.
iWellnessNow supports SP and IDP initiated SSO
Adding iWellnessNow from the gallery

To configure the integration of iWellnessNow into Azure AD, you need to add iWellnessNow from the gallery to
5. In the Add from the gallery section, type iWellnessNow in the search box.
6. Select iWellnessNow from results panel and then add the app. Wait a few seconds while the app is added to
your tenant.

Configure and test Azure AD SSO with iWellnessNow using a test user called B.Simon. For SSO to work, you
need to establish a link relationship between an Azure AD user and the related user in iWellnessNow.
To configure and test Azure AD SSO with iWellnessNow, complete the following building blocks:
2. Configure iWellnessNow SSO - to configure the Single Sign-On settings on application side.
5. Create iWellnessNow test user - to have a counterpart of B.Simon in iWellnessNow that is linked to the
1. In the Azure portal, on the iWellnessNow application integration page, find the Manage section and select
Single sign-on.
configure in IDP initiated mode, perform the following steps:
NOTE
requirement.
5. If you don't have Service Provider metadata file and wish to configure the application in IDP initiated
mode, perform the following steps:
a. In the Identifier textbox, type a URL using the following pattern: http://<CustomerName>.iwellnessnow.com
b. In the Reply URL textbox, type a URL using the following pattern:
https://<CustomerName>.iwellnessnow.com/ssologin
initiated mode:
https://<CustomerName>.iwellnessnow.com/
NOTE
These values are not real. Update these values with the actual Sign-on URL, Identifier and Reply URL. Contact
iWellnessNow Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
8. On the Set up iWellnessNow section, copy the appropriate URL (s) based on your requirement.
Configure iWellnessNow SSO

To configure single sign-on on iWellnessNow side, you need to send the downloaded Federation Metadata
XML and appropriate copied URLs from Azure portal to iWellnessNow support team. They set this setting to have
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to iWellnessNow.
2. In the applications list, select iWellnessNow.
Create iWellnessNow test user
In this section, you create a user called Britta Simon in iWellnessNow. Work with iWellnessNow support team to
add the users in the iWellnessNow platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the iWellnessNow tile in the Access Panel, you should be automatically signed in to the
iWellnessNow for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Tutorial: Azure Active Directory SSO integration with
Jamf Pro
In this tutorial, you'll learn how to integrate Jamf Pro with Azure Active Directory (Azure AD ). When you integrate
Jamf Pro with Azure AD, you can:
Use Azure AD to control who has access to Jamf Pro.
Automatically sign in your users to Jamf Pro with their Azure AD accounts.
To learn more about SaaS app integration with Azure AD, see Single sign-on with Azure Active Directory.
Prerequisites
A Jamf Pro subscription that's single sign-on (SSO ) enabled.
In this tutorial, you configure and test Azure AD SSO in a test environment. Jamf Pro supports SP -initiated and
IdP -initiated SSO.
Add Jamf Pro from the gallery

To configure the integration of Jamf Pro into Azure AD, you need to add Jamf Pro from the gallery to your list of
managed SaaS apps.
1. Sign in to the Azure portal by using either a work or school account or your personal Microsoft account.
2. In the left pane, select the Azure Active Directory service.
5. In the Add from the gallery section, enter Jamf Pro in the search box.
6. Select Jamf Pro from results panel, and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test SSO in Azure AD for Jamf Pro

Configure and test Azure AD SSO with Jamf Pro by using a test user called B.Simon. For SSO to work, you need
to establish a link relationship between an Azure AD user and the related user in Jamf Pro.
In this section, you configure and test Azure AD SSO with Jamf Pro.
1. Configure SSO in Azure AD so that your users can use this feature.
a. Create an Azure AD test user to test Azure AD SSO with the B.Simon account.
b. Assign the Azure AD test user so that B.Simon can use SSO in Azure AD.
2. Configure SSO in Jamf Pro to configure the SSO settings on the application side.
a. Create a Jamf Pro test user to have a counterpart of B.Simon in Jamf Pro that's linked to the Azure AD
Create a Jamf Pro test user to have a counterpart of B.Simon in Jamf Pro that's linked to the Azure AD
3. Test the SSO configuration to verify that the configuration works.
Configure SSO in Azure AD

In this section, you enable Azure AD SSO in the Azure portal.
1. In the Azure portal, on the Jamf Pro application integration page, find the Manage section and select
Single Sign-On.
2. On the Select a Single Sign-On Method page, select SAML.
3. On the Set up Single Sign-On with SAML page, select the pen icon for Basic SAML Configuration to
edit the settings.
4. On the Basic SAML Configuration section, if you want to configure the application in IdP -initiated
mode, enter the values for the following fields:
a. In the Identifier text box, enter a URL that uses the following formula:
https://<subdomain>.jamfcloud.com/saml/metadata
b. In the Reply URL text box, enter a URL that uses the following formula:
https://<subdomain>.jamfcloud.com/saml/SSO
5. Select Set additional URLs. If you want to configure the application in SP -initiated mode, in the Sign-on
URL text box, enter a URL that uses the following formula: https://<subdomain>.jamfcloud.com
NOTE
These values aren't real. Update these values with the actual identifier, reply URL, and sign-on URL. You'll get the
actual identifier value from the Single Sign-On section in Jamf Pro portal, which is explained later in the tutorial. You
can extract the actual subdomain value from the identifier value and use that subdomain information as your sign-on
URL and reply URL. You can also refer to the formulas shown in the Basic SAML Configuration section in the Azure
portal.
6. On the Set up Single Sign-On with SAML page, go to the SAML Signing Certificate section, select the
copy button to copy App Federation Metadata URL, and then save it to your computer.

In this section, you create a test user in the Azure portal called B.Simon.
1. In the left pane in the Azure portal, select Azure Active Directory, select Users, and then select All users.
b. In the User name field, enter [name]@[companydomain].[extension]. For example, B.Simon@contoso.com .
box.
d. Select Create.
In this section, you grant B.Simon access to Jamf Pro.
2. In the applications list, select Jamf Pro.
4. Select Add user, then select Users and groups in the Add Assignment dialog box.
5. In the Users and groups dialog box, select B.Simon from the Users list, and then select the Select button
appropriate role for the user. Then, select the Select button at the bottom of the screen.
Configure SSO in Jamf Pro

1. To automate the configuration within Jamf Pro, install the My Apps Secure Sign-in browser extension
by selecting Install the extension.
2. After adding the extension to the browser, select Set up Jamf Pro. When the Jamf Pro application opens,
provide the administrator credentials to sign in. The browser extension will automatically configure the
application and automate steps 3 through 7.
3. To set up Jamf Pro manually, open a new web browser window and sign in to your Jamf Pro company site
as an administrator. Then, take the following steps.
4. Select the Settings icon from the upper-right corner of the page.
5. Select Single Sign-On.
6. On the Single Sign-On page, take the following steps.

a. Select the Enable Single Sign-On Authentication check box.
b. Select Other as an option from the IDENTITY PROVIDER drop-down menu.
c. In the OTHER PROVIDER field, enter Azure AD.
d. Copy the ENTITY ID value and paste it into the Identifier (Entity ID ) field in the Basic SAML
NOTE
Use the value in the <SUBDOMAIN> field to complete the sign-on URL and reply URL in the Basic SAML
e. Select Metadata URL from the IDENTITY PROVIDER METADATA SOURCE drop-down menu. In the
field that appears, paste the App Federation Metadata Url value that you've copied from the Azure portal.
7. On the same page, scroll down to the User Mapping section. Then, take the following steps.
a. Select the NameID option for IDENTITY PROVIDER USER MAPPING. By default, this option is set
to NameID, but you can define a custom attribute.
b. Select Email for JAMF PRO USER MAPPING. Jamf Pro maps SAML attributes sent by the IdP first by
users and then by groups. When a user tries to access Jamf Pro, Jamf Pro gets information about the user
from the Identity Provider and matches it against all Jamf Pro user accounts. If the incoming user account
isn't found, then Jamf Pro attempts to match it by group name.
c. Paste the value http://schemas.microsoft.com/ws/2008/06/identity/claims/groups in the IDENTITY
PROVIDER GROUP ATTRIBUTE NAME field.
d. Select Allow users to bypass the Single Sign-On authentication. As a result, users won't be
redirected to the Identity Provider sign-in page for authentication and can sign in to Jamf Pro directly
instead. When a user tries to access Jamf Pro via the Identity Provider, IdP -initiated SSO authentication and
authorization occurs.
e. Select Save.
Create a Jamf Pro test user
In order for Azure AD users to sign in to Jamf Pro, they must be provisioned in to Jamf Pro. Provisioning in Jamf
Pro is a manual task.
To provision a user account, take the following steps:
1. Sign in to your Jamf Pro company site as an administrator.
3. Select Jamf Pro User Accounts & Groups.
4. Select New.
5. Select Create Standard Account.
6. On the New Account dialog box, take the following steps.

a. In the USERNAME field, enter Britta Simon , the full name of the test user.
b. Select the options for ACCESS LEVEL, PRIVILEGE SET, and ACCESS STATUS that are in accordance
with your organization.
c. In the FULL NAME field, enter Britta Simon .
d. In the EMAIL ADDRESS field, enter the email address of Britta Simon's account.
e. In the PASSWORD field, enter the user's password.
f. In the VERIFY PASSWORD field, enter the user's password again.
g. Select Save.
Test the SSO configuration

When you select the Jamf Pro tile in the Access Panel, you should be automatically signed in to the Jamf Pro
account for which you configured SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Try Jamf Pro with Azure AD
Tutorial: Azure Active Directory integration with JDA
Cloud
In this tutorial, you learn how to integrate JDA Cloud with Azure Active Directory (Azure AD ). Integrating JDA
You can control in Azure AD who has access to JDA Cloud.
You can enable your users to be automatically signed-in to JDA Cloud (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with JDA Cloud, you need the following items:
JDA Cloud single sign-on enabled subscription
JDA Cloud supports SP and IDP initiated SSO
Adding JDA Cloud from the gallery

To configure the integration of JDA Cloud into Azure AD, you need to add JDA Cloud from the gallery to your list
To add JDA Cloud from the gallery, perform the following steps:
4. In the search box, type JDA Cloud, select JDA Cloud from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with JDA Cloud based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in JDA
To configure and test Azure AD single sign-on with JDA Cloud, you need to complete the following building blocks:
2. Configure JDA Cloud Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create JDA Cloud test user - to have a counterpart of Britta Simon in JDA Cloud that is linked to the Azure
To configure Azure AD single sign-on with JDA Cloud, perform the following steps:
1. In the Azure portal, on the JDA Cloud application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type a URL using the following pattern: https://<SUBDOMAIN>.jdadelivers.com
https://<SUBDOMAIN>.jdadelivers.com/sp/ACS.saml2
initiated mode:
https://ssonp-dl2.jdadelivers.com/sp/startSSO.ping?PartnerIdpId=<Azure AD Identifier>
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. You will get the
Azure AD Identifier value from the Set up JDA Cloud section. Contact JDA Cloud Client support team to get these
values. You can also refer to the patterns shown in the Basic SAML Configuration section in the Azure portal.
7. On the Set up JDA Cloud section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure JDA Cloud Single Sign-On
To configure single sign-on on JDA Cloud side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to JDA Cloud support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to JDA Cloud.
1. In the Azure portal, select Enterprise Applications, select All applications, then select JDA Cloud.
2. In the applications list, select JDA Cloud.

Create JDA Cloud test user
In this section, you create a user called Britta Simon in JDA Cloud. Work with JDA Cloud support team to add the
users in the JDA Cloud platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the JDA Cloud tile in the Access Panel, you should be automatically signed in to the JDA Cloud for
Tutorial: Integrate JFrog Artifactory with Azure Active
Directory
In this tutorial, you'll learn how to integrate JFrog Artifactory with Azure Active Directory (Azure AD ). When you
integrate JFrog Artifactory with Azure AD, you can:
Control in Azure AD who has access to JFrog Artifactory.
Enable your users to be automatically signed-in to JFrog Artifactory with their Azure AD accounts.
Prerequisites
JFrog Artifactory single sign-on (SSO ) enabled subscription.
JFrog Artifactory supports SP and IDP initiated SSO
JFrog Artifactory supports Just In Time user provisioning
Adding JFrog Artifactory from the gallery

To configure the integration of JFrog Artifactory into Azure AD, you need to add JFrog Artifactory from the gallery
5. In the Add from the gallery section, type JFrog Artifactory in the search box.
6. Select JFrog Artifactory from results panel and then add the app. Wait a few seconds while the app is added to
your tenant.

Configure and test Azure AD SSO with JFrog Artifactory using a test user called B.Simon. For SSO to work, you
need to establish a link relationship between an Azure AD user and the related user in JFrog Artifactory.
To configure and test Azure AD SSO with JFrog Artifactory, complete the following building blocks:
2. Configure JFrog Artifactory SSO - to configure the Single Sign-On settings on application side.
5. Create JFrog Artifactory test user - to have a counterpart of B.Simon in JFrog Artifactory that is linked to the
1. In the Azure portal, on the JFrog Artifactory application integration page, find the Manage section and
a. In the Identifier text box, type a URL using the following pattern: <servername>.jfrog.io
https://<servername>.jfrog.io/<servername>/webapp/saml/loginResponse
initiated mode:
https://<servername>.jfrog.io/<servername>/webapp/
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact JFrog
Artifactory Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
6. JFrog Artifactory application expects the SAML assertions in a specific format, which requires you to add
7. In addition to above, JFrog Artifactory application expects few more attributes to be passed back in SAML
response. In the User Attributes & Claims section on the Group Claims (Preview) dialog, perform the
following steps:

c. Click Save.
9. On the Set up JFrog Artifactory section, copy the appropriate URL (s) based on your requirement.
Configure JFrog Artifactory SSO

To configure single sign-on on JFrog Artifactory side, you need to send the downloaded Certificate (Raw) and
appropriate copied URLs from Azure portal to JFrog Artifactory support team. They set this setting to have the
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to JFrog Artifactory.
2. In the applications list, select JFrog Artifactory.
Create JFrog Artifactory test user
In this section, a user called B.Simon is created in JFrog Artifactory. JFrog Artifactory supports just-in-time user
exist in JFrog Artifactory, a new one is created after authentication.
Test SSO
When you click the JFrog Artifactory tile in the Access Panel, you should be automatically signed in to the JFrog
Artifactory for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
integration with JIRA SAML SSO by Microsoft
In this tutorial, you'll learn how to integrate JIRA SAML SSO by Microsoft with Azure Active Directory (Azure AD ).
When you integrate JIRA SAML SSO by Microsoft with Azure AD, you can:
Control in Azure AD who has access to JIRA SAML SSO by Microsoft.
Enable your users to be automatically signed-in to JIRA SAML SSO by Microsoft with their Azure AD accounts.
Description
Use your Microsoft Azure Active Directory account with Atlassian JIRA server to enable single sign-on. This way
all your organization users can use the Azure AD credentials to sign in into the JIRA application. This plugin uses
SAML 2.0 for federation.
Prerequisites
To configure Azure AD integration with JIRA SAML SSO by Microsoft, you need the following items:
JIRA Core and Software 6.4 to 8.0 or JIRA Service Desk 3.0 to 3.5 should installed and configured on Windows
64-bit version
JIRA server is HTTPS enabled
Note the supported versions for JIRA Plugin are mentioned in below section.
JIRA server is reachable on internet particularly to Azure AD Login page for authentication and should able to
receive the token from Azure AD
Admin credentials are set up in JIRA
WebSudo is disabled in JIRA
Test user created in the JIRA server application
NOTE
To test the steps in this tutorial, we do not recommend using a production environment of JIRA. Test the integration first in
development or staging environment of the application and then use the production environment.

JIRA SAML SSO by Microsoft single sign-on (SSO ) enabled subscription.
Supported versions of JIRA

JIRA Core and Software: 6.4 to 8.5.1
JIRA Service Desk 3.0.0 to 4.5.1
NOTE
Please note that our JIRA Plugin also works on Ubuntu Version 16.04 and Linux.
JIRA SAML SSO by Microsoft supports SP initiated SSO
Adding JIRA SAML SSO by Microsoft from the gallery

To configure the integration of JIRA SAML SSO by Microsoft into Azure AD, you need to add JIRA SAML SSO by
Microsoft from the gallery to your list of managed SaaS apps.
5. In the Add from the gallery section, type JIRA SAML SSO by Microsoft in the search box.
6. Select JIRA SAML SSO by Microsoft from results panel and then add the app. Wait a few seconds while the
Configure and test Azure AD single sign-on for JIRA SAML SSO by
Microsoft
Configure and test Azure AD SSO with JIRA SAML SSO by Microsoft using a test user called B.Simon. For SSO
to work, you need to establish a link relationship between an Azure AD user and the related user in JIRA SAML
SSO by Microsoft.
To configure and test Azure AD SSO with JIRA SAML SSO by Microsoft, complete the following building blocks:
2. Configure JIRA SAML SSO by Microsoft SSO - to configure the single sign-on settings on application side.
a. Create JIRA SAML SSO by Microsoft test user - to have a counterpart of B.Simon in JIRA SAML
SSO by Microsoft that is linked to the Azure AD representation of user.

1. In the Azure portal, on the JIRA SAML SSO by Microsoft application integration page, find the Manage
edit the settings.
NOTE
in case it’s a named URL. These values are received during the configuration of Jira plugin, which is explained later in
the tutorial.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to JIRA SAML SSO by
Microsoft.
2. In the applications list, select JIRA SAML SSO by Microsoft.
Configure JIRA SAML SSO by Microsoft SSO

1. In a different web browser window, sign in to your JIRA instance as an administrator.
4. For running the JIRA reverse proxy scenario or load balancer scenario perform the following steps:
NOTE
You should be configuring the server first with the below instructions and then install the plugin.
a. Add below attribute in connector port in server.xml file of JIRA server application.
scheme="https" proxyName="<subdomain.domain.com>" proxyPort="<proxy_port>" secure="true"
b. Change Base URL in System Settings according to proxy/load balancer.
5. Once the plugin is installed, it appears in User Installed add-ons section of Manage Add-on section. Click
Configure to configure the new plugin.

TIP
there are multiple certificates, upon resolving the metadata, admin gets an error.
a. In the Metadata URL textbox, paste App Federation Metadata Url value which you have copied
from the Azure portal and click the Resolve button. It reads the IdP metadata URL and populates all
the fields information.
b. Copy the Identifier, Reply URL and Sign on URL values and paste them in Identifier, Reply URL
and Sign on URL textboxes respectively in JIRA SAML SSO by Microsoft Domain and URLs
section on Azure portal.
screen.
d. In Login Button Description type the description of button your organization wants the users to
see on login screen.
e. In SAML User ID Locations select either User ID is in the NameIdentifier element of the
Subject statement or User ID is in an Attribute element. This ID has to be the JIRA user ID. If
the user ID is not matched, then system will not allow users to sign in.
NOTE
f. If you select User ID is in an Attribute element option, then in Attribute name textbox type the
name of the attribute where User ID is expected.
g. If you are using the federated domain (like ADFS etc.) with Azure AD, then click on the Enable
Home Realm Discovery option and configure the Domain Name.
h. In Domain Name type the domain name here in case of the ADFS -based login.
i. Check Enable Single Sign out if you wish to sign out from Azure AD when a user sign out from
JIRA.
j. Enable Force Azure Login checkbox, if you wish to sign in through Azure AD credentials only.
NOTE
To enable the default login form for admin login on login page when force azure login is enabled, add the
query parameter in the browser URL. https://<domain:port>/login.jsp?force_azure_login=false
k. Click Save button to save the settings.
NOTE
For more information about installation and troubleshooting, visit MS JIRA SSO Connector Admin Guide.
There is also an FAQ for your assistance.
Create JIRA SAML SSO by Microsoft test user

To enable Azure AD users to sign in to JIRA on-premises server, they must be provisioned into JIRA SAML SSO
by Microsoft. For JIRA SAML SSO by Microsoft, provisioning is a manual task.
1. Sign in to your JIRA on-premises server as an administrator.
3. You are redirected to Administrator Access page to enter Password and click Confirm button.
4. Under User management tab section, click create user.
5. On the “Create new user” dialog page, perform the following steps:
a. In the Email address textbox, type the email address of user like B.simon@contoso.com.
b. In the Full Name textbox, type full name of the user like B.Simon.
c. In the Username textbox, type the email of user like B.simon@contoso.com.
d. In the Password textbox, type the password of user.
e. Click Create user.
Test SSO
When you click the JIRA SAML SSO by Microsoft tile in the Access Panel, you should be automatically signed in to
the JIRA SAML SSO by Microsoft for which you set up SSO. For more information about the Access Panel, see
Try JIRA SAML SSO by Microsoft with Azure AD
Tutorial: Azure Active Directory integration with JIRA
SAML SSO by Microsoft (V5.2)
In this tutorial, you learn how to integrate JIRA SAML SSO by Microsoft (V5.2) with Azure Active Directory (Azure
AD ). Integrating JIRA SAML SSO by Microsoft (V5.2) with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to JIRA SAML SSO by Microsoft (V5.2).
You can enable your users to be automatically signed-in to JIRA SAML SSO by Microsoft (V5.2) (Single Sign-
you begin.
Description
Use your Microsoft Azure Active Directory account with Atlassian JIRA server to enable single sign-on. This way
all your organization users can use the Azure AD credentials to sign in into the JIRA application. This plugin uses
SAML 2.0 for federation.
Prerequisites
To configure Azure AD integration with JIRA SAML SSO by Microsoft (V5.2), you need the following items:
JIRA Core and Software 5.2 should installed and configured on Windows 64-bit version
JIRA server is HTTPS enabled
Note the supported versions for JIRA Plugin are mentioned in below section.
JIRA server is reachable on internet particularly to Azure AD Login page for authentication and should able to
receive the token from Azure AD
Admin credentials are set up in JIRA
WebSudo is disabled in JIRA
Test user created in the JIRA server application
NOTE
To test the steps in this tutorial, we do not recommend using a production environment of JIRA. Test the integration first in
development or staging environment of the application and then use the production environment.
If you don't have an Azure AD trial environment, you can get a one-month trial here: Trial offer.
Supported versions of JIRA

JIRA Core and Software: 5.2
JIRA also supports 6.0 to 7.12. For more details, click JIRA SAML SSO by Microsoft
NOTE
Please note that our JIRA Plugin also works on Ubuntu Version 16.04
JIRA SAML SSO by Microsoft (V5.2) supports SP initiated SSO
Adding JIRA SAML SSO by Microsoft (V5.2) from the gallery

To configure the integration of JIRA SAML SSO by Microsoft (V5.2) into Azure AD, you need to add JIRA SAML
SSO by Microsoft (V5.2) from the gallery to your list of managed SaaS apps.
To add JIRA SAML SSO by Microsoft (V5.2) from the gallery, perform the following steps:
4. In the search box, type JIRA SAML SSO by Microsoft (V5.2), select JIRA SAML SSO by Microsoft
(V5.2) from result panel then click Add button to add the application.
In this section, you configure and test Azure AD single sign-on with JIRA SAML SSO by Microsoft (V5.2) based on
a test user called Britta Simon. For single sign-on to work, a link relationship between an Azure AD user and the
related user in JIRA SAML SSO by Microsoft (V5.2) needs to be established.
To configure and test Azure AD single sign-on with JIRA SAML SSO by Microsoft (V5.2), you need to complete
2. Configure JIRA SAML SSO by Microsoft (V5.2) Single Sign-On - to configure the Single Sign-On settings
5. Create JIRA SAML SSO by Microsoft (V5.2) test user - to have a counterpart of Britta Simon in JIRA
SAML SSO by Microsoft (V5.2) that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with JIRA SAML SSO by Microsoft (V5.2), perform the following steps:
1. In the Azure portal, on the JIRA SAML SSO by Microsoft (V5.2) application integration page, select
Single sign-on.
dialog.
NOTE
in case it’s a named URL. These values are received during the configuration of Jira plugin, which is explained later in
the tutorial.
Configure JIRA SAML SSO by Microsoft (V5.2) Single Sign-On

1. In a different web browser window, sign in to your JIRA instance as an administrator.
3. Under Add-ons tab section, click Manage add-ons.
5. Once the plugin is installed, it appears in User Installed add-ons section. Click Configure to configure the
new plugin.

TIP
there are multiple certificates, upon resolving the metadata, admin gets an error.
a. In Metadata URL textbox, paste App Federation Metadata Url value which you have copied from the
Azure portal and click the Resolve button. It reads the IdP metadata URL and populates all the fields
information.
b. Copy the Identifier, Reply URL and Sign on URL values and paste them in Identifier, Reply URL and
Sign on URL textboxes respectively in Basic SAML Configuration section on Azure portal.
screen.
d. In SAML User ID Locations select either User ID is in the NameIdentifier element of the Subject
statement or User ID is in an Attribute element. This ID has to be the JIRA user ID. If the user ID is not
matched, then system will not allow users to sign in.
NOTE
e. If you select User ID is in an Attribute element option, then in Attribute name textbox type the name
of the attribute where User ID is expected.
f. If you are using the federated domain (like ADFS etc.) with Azure AD, then click on the Enable Home
Realm Discovery option and configure the Domain Name.
g. In Domain Name type the domain name here in case of the ADFS -based login.
h. Check Enable Single Sign out if you wish to sign out from Azure AD when a user signs out from JIRA.
i. Click Save button to save the settings.
NOTE
For more information about installation and troubleshooting, visit MS JIRA SSO Connector Admin Guide and there is
also FAQ for your assistance


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to JIRA SAML SSO by
Microsoft (V5.2).
1. In the Azure portal, select Enterprise Applications, select All applications, then select JIRA SAML SSO
by Microsoft (V5.2).
2. In the applications list, select JIRA SAML SSO by Microsoft (V5.2).

Create JIRA SAML SSO by Microsoft (V5.2) test user
To enable Azure AD users to sign in to JIRA on-premises server, they must be provisioned into JIRA on-premises
server.
3. You are redirected to Administrator Access page to enter Password and click Confirm button.
4. Under User management tab section, click create user.
a. In the Email address textbox, type the email address of user like Brittasimon@contoso.com.
b. In the Full Name textbox, type full name of the user like Britta Simon.
c. In the Username textbox, type the email of user like Brittasimon@contoso.com.
Test single sign-on
When you click the JIRA SAML SSO by Microsoft (V5.2) tile in the Access Panel, you should be automatically
signed in to the JIRA SAML SSO by Microsoft (V5.2) for which you set up SSO. For more information about the
Tutorial: Azure Active Directory integration with Jitbit
Helpdesk
In this tutorial, you learn how to integrate Jitbit Helpdesk with Azure Active Directory (Azure AD ). Integrating Jitbit
Helpdesk with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Jitbit Helpdesk.
You can enable your users to be automatically signed-in to Jitbit Helpdesk (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Jitbit Helpdesk, you need the following items:
Jitbit Helpdesk single sign-on enabled subscription
Jitbit Helpdesk supports SP initiated SSO
Adding Jitbit Helpdesk from the gallery

To configure the integration of Jitbit Helpdesk into Azure AD, you need to add Jitbit Helpdesk from the gallery to
To add Jitbit Helpdesk from the gallery, perform the following steps:
4. In the search box, type Jitbit Helpdesk, select Jitbit Helpdesk from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with Jitbit Helpdesk based on a test user called
Jitbit Helpdesk needs to be established.
To configure and test Azure AD single sign-on with Jitbit Helpdesk, you need to complete the following building
blocks:
2. Configure Jitbit Helpdesk Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Jitbit Helpdesk test user - to have a counterpart of Britta Simon in Jitbit Helpdesk that is linked to the
To configure Azure AD single sign-on with Jitbit Helpdesk, perform the following steps:
1. In the Azure portal, on the Jitbit Helpdesk application integration page, select Single sign-on.
dialog.

a. In the Sign on URL text box, type a URL using the following pattern: | | | --------------------------------------
--| | https://<hostname>/helpdesk/User/Login | | https://<tenant-name>.Jitbit.com | | |
NOTE
This value is not real. Update this value with the actual Sign-On URL. Contact Jitbit Helpdesk Client support team to
get this value.
b. In the Identifier (Entity ID ) text box, type a URL as following: https://www.jitbit.com/web-helpdesk/
6. In the Set up Jitbit Helpdesk section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Jitbit Helpdesk Single Sign-On
1. In a different web browser window, sign in to your Jitbit Helpdesk company site as an administrator.
2. In the toolbar on the top, click Administration.
3. Click General settings.
4. In the Authentication settings configuration section, perform the following steps:
a. Select Enable SAML 2.0 single sign on, to sign in using Single Sign-On (SSO ), with OneLogin.
b. In the EndPoint URL textbox, paste the value of Login URL which you have copied from Azure portal.
paste it to the X.509 Certificate textbox
d. Click Save changes.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Jitbit Helpdesk.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Jitbit Helpdesk.
2. In the applications list, select Jitbit Helpdesk.
Create Jitbit Helpdesk test user
In order to enable Azure AD users to sign in to Jitbit Helpdesk, they must be provisioned into Jitbit Helpdesk. In
the case of Jitbit Helpdesk, provisioning is a manual task.
1. Sign in to your Jitbit Helpdesk tenant.
2. In the menu on the top, click Administration.
3. Click Users, companies and permissions.
4. Click Add user.
5. In the Create section, type the data of the Azure AD account you want to provision as follows:
a. In the Username textbox, type the username of the user like BrittaSimon.
b. In the Email textbox, type email of the user like **BrittaSimon@contoso.com**.
c. In the First Name textbox, type first name of the user like Britta.
d. In the Last Name textbox, type last name of the user like Simon.
e. Click Create.
NOTE
You can use any other Jitbit Helpdesk user account creation tools or APIs provided by Jitbit Helpdesk to provision Azure AD
user accounts.
Test single sign-on

When you click the Jitbit Helpdesk tile in the Access Panel, you should be automatically signed in to the Jitbit
Helpdesk for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Tutorial: Azure Active Directory integration with Jive
In this tutorial, you learn how to integrate Jive with Azure Active Directory (Azure AD ). Integrating Jive with Azure
AD provides you with the following benefits:
You can control in Azure AD who has access to Jive.
You can enable your users to be automatically signed-in to Jive (Single Sign-On) with their Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Jive, you need the following items:
Jive single sign-on enabled subscription
Jive supports SP initiated SSO
Jive supports Automated user provisioning
Adding Jive from the gallery

To configure the integration of Jive into Azure AD, you need to add Jive from the gallery to your list of managed
SaaS apps.
To add Jive from the gallery, perform the following steps:
4. In the search box, type Jive, select Jive from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Jive based on a test user called Britta Simon.
For single sign-on to work, a link relationship between an Azure AD user and the related user in Jive needs to be
established.
To configure and test Azure AD single sign-on with Jive, you need to complete the following building blocks:
2. Configure Jive Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Jive test user - to have a counterpart of Britta Simon in Jive that is linked to the Azure AD
To configure Azure AD single sign-on with Jive, perform the following steps:
1. In the Azure portal, on the Jive application integration page, select Single sign-on.
dialog.

https://<instance name>.jivecustom.com
https://<instance name>.jiveon.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Jive Client support
Azure portal.
6. On the Set up Jive section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Jive Single Sign-On
1. To configure single sign-on on Jive side, sign-on to your Jive tenant as an administrator.
2. In the menu on the top, Click SAML.
a. Select Enabled under the General tab.

b. Click the SAVE ALL SAML SETTINGS button.
3. Navigate to the IDP METADATA tab.
a. Copy the content of the downloaded metadata XML file, and then paste it into the Identity Provider
(IDP ) Metadata textbox.
b. Click the SAVE ALL SAML SETTINGS button.
4. Select USER ATTRIBUTE MAPPING tab.
a. In the Email textbox, copy and paste the attribute name of mail value.
b. In the First Name textbox, copy and paste the attribute name of givenname value.
c. In the Last Name textbox, copy and paste the attribute name of surname value.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Jive.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Jive.
2. In the applications list, select Jive.
Create Jive test user
The objective of this section is to create a user called Britta Simon in Jive. Jive supports automatic user
provisioning.
If you need to create user manually, work with Jive Client support team to add the users in the Jive platform.
Test single sign-on
When you click the Jive tile in the Access Panel, you should be automatically signed in to the Jive for which you set
Jobbadmin
In this tutorial, you learn how to integrate Jobbadmin with Azure Active Directory (Azure AD ). Integrating
Jobbadmin with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Jobbadmin.
You can enable your users to be automatically signed-in to Jobbadmin (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Jobbadmin, you need the following items:
Jobbadmin single sign-on enabled subscription
Jobbadmin supports SP initiated SSO
Adding Jobbadmin from the gallery

To configure the integration of Jobbadmin into Azure AD, you need to add Jobbadmin from the gallery to your list
To add Jobbadmin from the gallery, perform the following steps:
4. In the search box, type Jobbadmin, select Jobbadmin from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Jobbadmin based on a test user called Britta
Jobbadmin needs to be established.
To configure and test Azure AD single sign-on with Jobbadmin, you need to complete the following building
blocks:
2. Configure Jobbadmin Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Jobbadmin test user - to have a counterpart of Britta Simon in Jobbadmin that is linked to the Azure
To configure Azure AD single sign-on with Jobbadmin, perform the following steps:
1. In the Azure portal, on the Jobbadmin application integration page, select Single sign-on.
dialog.

https://<instancename>.jobbnorge.no/auth/saml2/login.ashx
https://<instancename>.jobnorge.no
https://<instancename>.jobbnorge.no/auth/saml2/login.ashx
NOTE
These values are not real. Update these values with the actual Sign on URL, Identifier and Reply URL. Contact
Jobbadmin Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
6. On the Set up Jobbadmin section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Jobbadmin Single Sign-On
To configure single sign-on on Jobbadmin side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to Jobbadmin support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Jobbadmin.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Jobbadmin.
2. In the applications list, select Jobbadmin.

Create Jobbadmin test user
In this section, you create a user called Britta Simon in Jobbadmin. Work with Jobbadmin support team to add the
users in the Jobbadmin platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Jobbadmin tile in the Access Panel, you should be automatically signed in to the Jobbadmin for
Tutorial: Integrate JOBHUB with Azure Active
Directory
In this tutorial, you'll learn how to integrate JOBHUB with Azure Active Directory (Azure AD ). When you integrate
JOBHUB with Azure AD, you can:
Control in Azure AD who has access to JOBHUB.
Enable your users to be automatically signed-in to JOBHUB with their Azure AD accounts.
Prerequisites
JOBHUB single sign-on (SSO ) enabled subscription.
In this tutorial, you configure and test Azure AD SSO in a test environment. JOBHUB supports SP initiated SSO.
Adding JOBHUB from the gallery

To configure the integration of JOBHUB into Azure AD, you need to add JOBHUB from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type JOBHUB in the search box.
6. Select JOBHUB from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.

Configure and test Azure AD SSO with JOBHUB using a test user called Britta Simon. For SSO to work, you
need to establish a link relationship between an Azure AD user and the related user in JOBHUB.
To configure and test Azure AD SSO with JOBHUB, complete the following building blocks:
2. Configure JOBHUB SSO - to configure the Single Sign-On settings on application side.
5. Create JOBHUB test user - to have a counterpart of Britta Simon in JOBHUB that is linked to the Azure AD
1. In the Azure portal, on the JOBHUB application integration page, find the Manage section and select
Single sign-on.
4. On the Basic SAML Configuration section, enter the values for the following fields: In the Sign-on URL
text box, type a URL using the following pattern: https://pasona.jobhub.jp/saml/init
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact JOBHUB Client support team to get the
7. On the Set up JOBHUB section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure JOBHUB SSO
To configure single sign-on on JOBHUB side, you need to send the Thumbprint value and appropriate copied
URLs from Azure portal to JOBHUB support team. They set this setting to have the SAML SSO connection set
box.
d. Click Create.
In this section, you'll enable Britta Simon to use Azure single sign-on by granting access to JOBHUB.
2. In the applications list, select JOBHUB.
Create JOBHUB test user
In this section, you create a user called Britta Simon in JOBHUB. Work with JOBHUB support team to add the
users in the JOBHUB platform. Users must be created and activated before you use single sign-on.
Test SSO
When you select the JOBHUB tile in the Access Panel, you should be automatically signed in to the JOBHUB for
Jobscience
In this tutorial, you learn how to integrate Jobscience with Azure Active Directory (Azure AD ).
Integrating Jobscience with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Jobscience
You can enable your users to automatically get signed-on to Jobscience (Single Sign-On) with their Azure AD
accounts
You can manage your accounts in one central location - the Azure portal
Prerequisites
To configure Azure AD integration with Jobscience, you need the following items:
A Jobscience single sign-on enabled subscription
NOTE
If you don't have an Azure AD trial environment, you can get a one-month trial here: Trial offer.
In this tutorial, you test Azure AD single sign-on in a test environment. The scenario outlined in this tutorial
consists of two main building blocks:
1. Adding Jobscience from the gallery
2. Configuring and testing Azure AD single sign-on
Adding Jobscience from the gallery

To configure the integration of Jobscience into Azure AD, you need to add Jobscience from the gallery to your list
To add Jobscience from the gallery, perform the following steps:
2. Navigate to Enterprise applications. Then go to All applications.
4. In the search box, type Jobscience.
5. In the results panel, select Jobscience, and then click Add button to add the application.
Configuring and testing Azure AD single sign-on

In this section, you configure and test Azure AD single sign-on with Jobscience based on a test user called "Britta
Simon."
For single sign-on to work, Azure AD needs to know what the counterpart user in Jobscience is to a user in Azure
AD. In other words, a link relationship between an Azure AD user and the related user in Jobscience needs to be
established.
In Jobscience, assign the value of the user name in Azure AD as the value of the Username to establish the link
relationship.
To configure and test Azure AD single sign-on with Jobscience, you need to complete the following building blocks:
1. Configuring Azure AD Single Sign-On - to enable your users to use this feature.
2. Creating an Azure AD test user - to test Azure AD single sign-on with Britta Simon.
3. Creating a Jobscience test user - to have a counterpart of Britta Simon in Jobscience that is linked to the
4. Assigning the Azure AD test user - to enable Britta Simon to use Azure AD single sign-on.
5. Testing Single Sign-On - to verify whether the configuration works.
Configuring Azure AD single sign-on
In this section, you enable Azure AD single sign-on in the Azure portal and configure single sign-on in your
Jobscience application.
To configure Azure AD single sign-on with Jobscience, perform the following steps:
1. In the Azure portal, on the Jobscience application integration page, click Single sign-on.
2. On the Single sign-on dialog, select Mode as SAML -based Sign-on to enable single sign-on.
3. On the Jobscience Domain and URLs section, perform the following steps:
http://<company name>.my.salesforce.com
NOTE
This value is not real. Update this value with the actual Sign-On URL. Get this value by Jobscience Client support
team or from the SSO profile you will create which is explained later in the tutorial.
4. On the SAML Signing Certificate section, click Certificate (Base64) and then save the certificate file on
your computer.
6. On the Jobscience Configuration section, click Configure Jobscience to open Configure sign-on
window. Copy the Sign-Out URL, SAML Entity ID, and SAML Single Sign-On Service URL from the
Quick Reference section.
7. Log in to your Jobscience company site as an administrator.

8. Go to Setup.
9. On the left navigation pane, in the Administer section, click Domain Management to expand the related
section, and then click My Domain to open the My Domain page.
10. To verify that your domain has been set up correctly, make sure that it is in “Step 4 Deployed to Users”
and review your “My Domain Settings”.
11. On the Jobscience company site, click Security Controls, and then click Single Sign-On Settings.
12. In the Single Sign-On Settings section, perform the following steps:
a. Select SAML Enabled.

b. Click New.
13. On the SAML Single Sign-On Setting Edit dialog, perform the following steps:

b. In Issuer textbox, paste the value of SAML Entity ID, which you have copied from Azure portal.
c. In the Entity Id textbox, type https://salesforce-jobscience.com
d. Click Browse to upload your Azure AD certificate.

e. As SAML Identity Type, select Assertion contains the Federation ID from the User object.
f. As SAML Identity Location, select Identity is in the NameIdentfier element of the Subject
statement.
g. In Identity Provider Login URL textbox, paste the value of SAML Single Sign-On Service URL,
which you have copied from Azure portal.
h. In Identity Provider Logout URL textbox, paste the value of Sign-Out URL, which you have copied
from Azure portal.
i. Click Save.
14. On the left navigation pane, in the Administer section, click Domain Management to expand the related
section, and then click My Domain to open the My Domain page.
15. On the My Domain page, in the Login Page Branding section, click Edit.
16. On the Login Page Branding page, in the Authentication Service section, the name of your SAML SSO
Settings is displayed. Select it, and then click Save.
17. To get the SP initiated Single Sign on Login URL click on the Single Sign On settings in the Security
Controls menu section.
Click the SSO profile you have created in the step above. This page shows the Single Sign on URL for your
company (for example, https://companyname.my.salesforce.com?so=companyid.
TIP
You can now read a concise version of these instructions inside the Azure portal, while you are setting up the app! After
adding this app from the Active Directory > Enterprise Applications section, simply click the Single Sign-On tab and
access the embedded documentation through the Configuration section at the bottom. You can read more about the
embedded documentation feature here: Azure AD embedded documentation
Creating an Azure AD test user

To create a test user in Azure AD, perform the following steps:

1. In the Azure portal, on the left navigation pane, click Azure Active Directory icon.
2. To display the list of users, go to Users and groups and click All users.
3. To open the User dialog, click Add on the top of the dialog.
4. On the User dialog page, perform the following steps:
a. In the Name textbox, type BrittaSimon.

b. In the User name textbox, type the email address of BrittaSimon.
c. Select Show Password and write down the value of the Password.
d. Click Create.
Creating a Jobscience test user
In order to enable Azure AD users to log in to Jobscience, they must be provisioned into Jobscience. In the case of
Jobscience, provisioning is a manual task.
NOTE
You can use any other Jobscience user account creation tools or APIs provided by Jobscience to provision Azure Active

1. Log in to your Jobscience company site as administrator.
2. Go to Setup.
3. Go to Manage Users > Users.
4. Click New User.
5. On the Edit User dialog, perform the following steps:

a. In the First Name textbox, type a first name of the user like Britta.
b. In the Last Name textbox, type a last name of the user like Simon.
c. In the Alias textbox, type an alias name of the user like brittas.
d. In the Email textbox, type the email address of user like Brittasimon@contoso.com.
e. In the User Name textbox, type a user name of user like Brittasimon@contoso.com.
f. In the Nick Name textbox, type a nick name of user like Simon.
g. Click Save.
NOTE
active.
Assigning the Azure AD test user

In this section, you enable Britta Simon to use Azure single sign-on by granting access to Jobscience.
To assign Britta Simon to Jobscience, perform the following steps:

1. In the Azure portal, open the applications view, and then navigate to the directory view and go to
Enterprise applications then click All applications.
2. In the applications list, select Jobscience.
3. In the menu on the left, click Users and groups.
4. Click Add button. Then select Users and groups on Add Assignment dialog.
5. On Users and groups dialog, select Britta Simon in the Users list.
6. Click Select button on Users and groups dialog.
7. Click Assign button on Add Assignment dialog.
Testing single sign-on
When you click the Jobscience tile in the Access Panel, you should get automatically signed-on to your Jobscience
application. For more information about the Access Panel, see Introduction to the Access Panel.
JobScore
In this tutorial, you learn how to integrate JobScore with Azure Active Directory (Azure AD ). Integrating JobScore
You can control in Azure AD who has access to JobScore.
You can enable your users to be automatically signed-in to JobScore (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with JobScore, you need the following items:
JobScore single sign-on enabled subscription
JobScore supports SP initiated SSO
Adding JobScore from the gallery

To configure the integration of JobScore into Azure AD, you need to add JobScore from the gallery to your list of
managed SaaS apps.
To add JobScore from the gallery, perform the following steps:
4. In the search box, type JobScore, select JobScore from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with JobScore based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in JobScore
To configure and test Azure AD single sign-on with JobScore, you need to complete the following building blocks:
2. Configure JobScore Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create JobScore test user - to have a counterpart of Britta Simon in JobScore that is linked to the Azure AD
To configure Azure AD single sign-on with JobScore, perform the following steps:
1. In the Azure portal, on the JobScore application integration page, select Single sign-on.
dialog.

https://hire.jobscore.com/auth/adfs/<company name>
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact JobScore Client support team to get the
6. On the Set up JobScore section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure JobScore Single Sign-On
To configure single sign-on on JobScore side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to JobScore support team. They set this setting to have the SAML

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to JobScore.
1. In the Azure portal, select Enterprise Applications, select All applications, then select JobScore.
2. In the applications list, select JobScore.
Create JobScore test user
In this section, you create a user called Britta Simon in JobScore. Work with JobScore support team to add the
users in the JobScore platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the JobScore tile in the Access Panel, you should be automatically signed in to the JobScore for
join.me
In this tutorial, you learn how to integrate join.me with Azure Active Directory (Azure AD ). Integrating join.me with
You can control in Azure AD who has access to join.me.
You can enable your users to be automatically signed-in to join.me (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with join.me, you need the following items:
join.me single sign-on enabled subscription
join.me supports IDP initiated SSO
Adding join.me from the gallery

To configure the integration of join.me into Azure AD, you need to add join.me from the gallery to your list of
managed SaaS apps.
To add join.me from the gallery, perform the following steps:
4. In the search box, type join.me, select join.me from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with join.me based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in join.me
To configure and test Azure AD single sign-on with join.me, you need to complete the following building blocks:
2. Configure join.me Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create join.me test user - to have a counterpart of Britta Simon in join.me that is linked to the Azure AD
To configure Azure AD single sign-on with join.me, perform the following steps:
1. In the Azure portal, on the join.me application integration page, select Single sign-on.
dialog.
Configure join.me Single Sign-On

To configure single sign-on on join.me side, you need to send the App Federation Metadata Url to join.me

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to join.me.
1. In the Azure portal, select Enterprise Applications, select All applications, then select join.me.
2. In the applications list, select join.me.

Create join.me test user
In this section, you create a user called Britta Simon in join.me. Work with join.me support team to add the users in
the join.me platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the join.me tile in the Access Panel, you should be automatically signed in to the join.me for which
Tutorial: Azure Active Directory integration with Jostle
In this tutorial, you learn how to integrate Jostle with Azure Active Directory (Azure AD ). Integrating Jostle with
You can control in Azure AD who has access to Jostle.
You can enable your users to be automatically signed-in to Jostle (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Jostle, you need the following items:
Jostle single sign-on enabled subscription
Jostle supports SP initiated SSO
Adding Jostle from the gallery

To configure the integration of Jostle into Azure AD, you need to add Jostle from the gallery to your list of
managed SaaS apps.
To add Jostle from the gallery, perform the following steps:
4. In the search box, type Jostle, select Jostle from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Jostle based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Jostle
To configure and test Azure AD single sign-on with Jostle, you need to complete the following building blocks:
2. Configure Jostle Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Jostle test user - to have a counterpart of Britta Simon in Jostle that is linked to the Azure AD
To configure Azure AD single sign-on with Jostle, perform the following steps:
1. In the Azure portal, on the Jostle application integration page, select Single sign-on.
dialog.

a. In the Sign-on URL text box, type the URL: https://login-prod.jostle.us
b. In the Identifier box, type the URL: https://jostle.us
c. In the Reply URL text box, type the URL: https://login-prod.jostle.us/saml/SSO/alias/newjostle.us
6. On the Set up Jostle section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Jostle Single Sign-On
To configure single sign-on on Jostle side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to Jostle support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Jostle.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Jostle.
2. In the applications list, select Jostle.
Create Jostle test user
In this section, you create a user called Britta Simon in Jostle. Work with Jostle support team to add the users in the
Jostle platform. Users must be created and activated before you use single sign-on.
NOTE
active.
Test single sign-on

When you click the Jostle tile in the Access Panel, you should be automatically signed in to the Jostle for which you
integration with Juno Journey
In this tutorial, you'll learn how to integrate Juno Journey with Azure Active Directory (Azure AD ). When you
integrate Juno Journey with Azure AD, you can:
Control in Azure AD who has access to Juno Journey.
Enable your users to be automatically signed-in to Juno Journey with their Azure AD accounts.
Prerequisites
Juno Journey single sign-on (SSO ) enabled subscription.
Juno Journey supports SP and IDP initiated SSO
Juno Journey supports Just In Time user provisioning
Adding Juno Journey from the gallery

To configure the integration of Juno Journey into Azure AD, you need to add Juno Journey from the gallery to
5. In the Add from the gallery section, type Juno Journey in the search box.
6. Select Juno Journey from results panel and then add the app. Wait a few seconds while the app is added to
your tenant.
Configure and test Azure AD single sign-on for Juno Journey

Configure and test Azure AD SSO with Juno Journey using a test user called B.Simon. For SSO to work, you need
to establish a link relationship between an Azure AD user and the related user in Juno Journey.
To configure and test Azure AD SSO with Juno Journey, complete the following building blocks:
2. Configure Juno Journey SSO - to configure the single sign-on settings on application side.
a. Create Juno Journey test user - to have a counterpart of B.Simon in Juno Journey that is linked to the

1. In the Azure portal, on the Juno Journey application integration page, find the Manage section and select
single sign-on.
edit the settings.
https://<tenant-subdomain>.the-juno.com
https://<tenant-subdomain>.the-juno.com/sso/saml/login
initiated mode:
https://<tenant-subdomain>.the-juno.com/sso/saml/login
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact Juno
Journey Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
7. On the Set up Juno Journey section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Juno Journey.
2. In the applications list, select Juno Journey.
Configure Juno Journey SSO

To configure single sign-on on Juno Journey side, you need to send the downloaded Certificate (Raw) and
appropriate copied URLs from Azure portal to Juno Journey support team. They set this setting to have the SAML
Create Juno Journey test user
In this section, a user called B.Simon is created in Juno Journey. Juno Journey supports just-in-time user
exist in Juno Journey, a new one is created after authentication.
Test SSO
When you click the Juno Journey tile in the Access Panel, you should be automatically signed in to the Juno
Journey for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Try Juno Journey with Azure AD
Tutorial: Integrate Kallidus with Azure Active
Directory
In this tutorial, you'll learn how to integrate Kallidus with Azure Active Directory (Azure AD ). When you integrate
Kallidus with Azure AD, you can:
Control in Azure AD who has access to Kallidus.
Enable your users to be automatically signed-in to Kallidus with their Azure AD accounts.
Prerequisites
Kallidus single sign-on (SSO ) enabled subscription.
In this tutorial, you configure and test Azure AD SSO in a test environment. Kallidus supports IDP initiated SSO.
Adding Kallidus from the gallery

To configure the integration of Kallidus into Azure AD, you need to add Kallidus from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Kallidus in the search box.
6. Select Kallidus from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.

Configure and test Azure AD SSO with Kallidus using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Kallidus.
To configure and test Azure AD SSO with Kallidus, complete the following building blocks:
2. Configure Kallidus to configure the SSO settings on application side.
5. Create Kallidus test user to have a counterpart of B.Simon in Kallidus that is linked to the Azure AD
1. In the Azure portal, on the Kallidus application integration page, find the Manage section and select
Single sign-on.

https://login.kallidus-suite.com/core/<ID>/Acs
NOTE
The value is not real. Update the value with the actual Reply URL. Contact Kallidus Client support team to get the
Configure Kallidus
To configure single sign-on on Kallidus side, you need to send the App Federation Metadata Url to Kallidus
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Kallidus.
2. In the applications list, select Kallidus.
Create Kallidus test user
In this section, you create a user called Britta Simon in Kallidus. Work with Kallidus support team to add the users
in the Kallidus platform. Users must be created and activated before you use single sign-on.
Test SSO
When you select the Kallidus tile in the Access Panel, you should be automatically signed in to the Kallidus for
integration with Kanbanize
In this tutorial, you'll learn how to integrate Kanbanize with Azure Active Directory (Azure AD ). When you
integrate Kanbanize with Azure AD, you can:
Control in Azure AD who has access to Kanbanize.
Enable your users to be automatically signed-in to Kanbanize with their Azure AD accounts.
Prerequisites
Kanbanize single sign-on (SSO ) enabled subscription.
Kanbanize supports SP and IDP initiated SSO
Kanbanize supports Just In Time user provisioning
Adding Kanbanize from the gallery

To configure the integration of Kanbanize into Azure AD, you need to add Kanbanize from the gallery to your list
5. In the Add from the gallery section, type Kanbanize in the search box.
6. Select Kanbanize from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Kanbanize

Configure and test Azure AD SSO with Kanbanize using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Kanbanize.
To configure and test Azure AD SSO with Kanbanize, complete the following building blocks:
2. Configure Kanbanize SSO - to configure the single sign-on settings on application side.
a. Create Kanbanize test user - to have a counterpart of B.Simon in Kanbanize that is linked to the Azure

1. In the Azure portal, on the Kanbanize application integration page, find the Manage section and select
single sign-on.
edit the settings.
a. In the Identifier text box, type a URL using the following pattern: https://<subdomain>.kanbanize.com/
https://<subdomain>.kanbanize.com/saml/acs

d. In the Relay State textbox, type a URL: /ctrl_login/saml_login
initiated mode:
In the Sign-on URL text box, type a URL using the following pattern: https://<subdomain>.kanbanize.com
NOTE
Kanbanize Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
6. Kanbanize application expects the SAML assertions in a specific format, which requires you to add custom
default attributes, where as nameidentifier is mapped with user.userprincipalname. Kanbanize application
8. On the Set up Kanbanize section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Kanbanize.
2. In the applications list, select Kanbanize.
Configure Kanbanize SSO

1. To automate the configuration within Kanbanize, you need to install My Apps Secure Sign-in browser
2. After adding extension to the browser, click on Set up Kanbanize will direct you to the Kanbanize
application. From there, provide the admin credentials to sign into Kanbanize. The browser extension will
3. If you want to setup Kanbanize manually, open a new web browser window and sign into your Kanbanize
4. Go to top right of the page, click on Settings logo.
5. On the Administration panel page from the left side of menu click Integrations and then enable Single
Sign-On.
6. Under Integrations section, click on CONFIGURE to open Single Sign-On Integration page.
7. On the Single Sign-On Integration page under Configurations, perform the following steps:
a. In the Idp Entity ID textbox, paste the value of Azure AD Identifier, which you have copied from the
Azure portal.
b. In the Idp Login Endpoint textbox, paste the value of Login URL, which you have copied from the
Azure portal.
c. In the Idp Logout Endpoint textbox, paste the value of Logout URL, which you have copied from the
Azure portal.
d. In Attribute name for Email textbox, enter this value
e. In Attribute name for First Name textbox, enter this value

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
f. In Attribute name for Last Name textbox, enter this value

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
NOTE
You can get these values by combining namespace and name values of the respective attribute from the User
attributes section in Azure portal.
g. In Notepad, open the base-64 encoded certificate that you downloaded from the Azure portal, copy its
content (without the start and end markers), and then paste it into the Idp X.509 Certificate box.
h. Check Enable login with both SSO and Kanbanize.
i. Click Save Settings.
Create Kanbanize test user
In this section, a user called B.Simon is created in Kanbanize. Kanbanize supports just-in-time user provisioning,
Kanbanize, a new one is created after authentication. If you need to create a user manually, contact Kanbanize
Client support team.
Test SSO
When you click the Kanbanize tile in the Access Panel, you should be automatically signed in to the Kanbanize for
Try Kanbanize with Azure AD
Kantega SSO for Bamboo
In this tutorial, you learn how to integrate Kantega SSO for Bamboo with Azure Active Directory (Azure AD ).
Integrating Kantega SSO for Bamboo with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Kantega SSO for Bamboo.
You can enable your users to be automatically signed-in to Kantega SSO for Bamboo (Single Sign-On) with
you begin.
Prerequisites
To configure Azure AD integration with Kantega SSO for Bamboo, you need the following items:
Kantega SSO for Bamboo single sign-on enabled subscription
Kantega SSO for Bamboo supports SP and IDP initiated SSO
Adding Kantega SSO for Bamboo from the gallery

To configure the integration of Kantega SSO for Bamboo into Azure AD, you need to add Kantega SSO for
Bamboo from the gallery to your list of managed SaaS apps.
To add Kantega SSO for Bamboo from the gallery, perform the following steps:
4. In the search box, type Kantega SSO for Bamboo, select Kantega SSO for Bamboo from result panel

In this section, you configure and test Azure AD single sign-on with Kantega SSO for Bamboo based on a test user
in Kantega SSO for Bamboo needs to be established.
To configure and test Azure AD single sign-on with Kantega SSO for Bamboo, you need to complete the following
building blocks:
2. Configure Kantega SSO for Bamboo Single Sign-On - to configure the Single Sign-On settings on
application side.
5. Create Kantega SSO for Bamboo test user - to have a counterpart of Britta Simon in Kantega SSO for
Bamboo that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with Kantega SSO for Bamboo, perform the following steps:
1. In the Azure portal, on the Kantega SSO for Bamboo application integration page, select Single sign-on.
dialog.
https://<server-base-url>/plugins/servlet/no.kantega.saml/sp/<uniqueid>/login
initiated mode:
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL, and Sign-On URL. These values
are received during the configuration of Bamboo plugin which is explained later in the tutorial.
7. On the Set up Kantega SSO for Bamboo section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Kantega SSO for Bamboo Single Sign-On
1. In a different web browser window, sign in to your Bamboo on-premises server as an administrator.
3. Under Add-ons tab section, click Find new add-ons. Search Kantega SSO for Bamboo (SAML &
Kerberos) and click Install button to install the new SAML plugin.
4. The plugin installation will start.

5. Once the installation is complete. Click Close.
6. Click Manage.
7. Click Configure to configure the new plugin.
8. In the SAML section. Select Azure Active Directory (Azure AD ) from the Add identity provider
dropdown.
9. Select subscription level as Basic.
10. On the App properties section, perform following steps:
a. Copy the App ID URI value and use it as Identifier, Reply URL, and Sign-On URL on the Basic SAML
Configuration section in Azure portal.
b. Click Next.
11. On the Metadata import section, perform following steps:
a. Select Metadata file on my computer, and upload metadata file, which you have downloaded from
Azure portal.
b. Click Next.
12. On the Name and SSO location section, perform following steps:
a. Add Name of the Identity Provider in Identity provider name textbox (e.g Azure AD ).
b. Click Next.
13. Verify the Signing certificate and click Next.
14. On the Bamboo user accounts section, perform following steps:
a. Select Create users in Bamboo's internal Directory if needed and enter the appropriate name of the
group for users (can be multiple no. of groups separated by comma).
b. Click Next.
15. Click Finish.
16. On the Known domains for Azure AD section, perform following steps:
a. Select Known domains from the left panel of the page.

b. Enter domain name in the Known domains textbox.
c. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Kantega SSO for
Bamboo.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Kantega SSO for
Bamboo.
2. In the applications list, select Kantega SSO for Bamboo.
Create Kantega SSO for Bamboo test user
To enable Azure AD users to sign in to Bamboo, they must be provisioned into Bamboo. In case of Kantega SSO
for Bamboo, provisioning is a manual task.
1. Sign in to your Bamboo on-premises server as an administrator.
3. Click Users. Under the Add user section, Perform following steps:

c. In the Confirm Password textbox, reenter the password of user.
d. In the Full Name textbox, type full name of the user like Britta Simon.
e. In the Email textbox, type the email address of user like Brittasimon@contoso.com.
f. Click Save.
Test single sign-on
When you click the Kantega SSO for Bamboo tile in the Access Panel, you should be automatically signed in to the
Kantega SSO for Bamboo for which you set up SSO. For more information about the Access Panel, see
Kantega SSO for Bitbucket
In this tutorial, you learn how to integrate Kantega SSO for Bitbucket with Azure Active Directory (Azure AD ).
Integrating Kantega SSO for Bitbucket with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Kantega SSO for Bitbucket.
You can enable your users to be automatically signed-in to Kantega SSO for Bitbucket (Single Sign-On) with
you begin.
Prerequisites
To configure Azure AD integration with Kantega SSO for Bitbucket, you need the following items:
Kantega SSO for Bitbucket single sign-on enabled subscription
Kantega SSO for Bitbucket supports SP and IDP initiated SSO
Adding Kantega SSO for Bitbucket from the gallery

To configure the integration of Kantega SSO for Bitbucket into Azure AD, you need to add Kantega SSO for
Bitbucket from the gallery to your list of managed SaaS apps.
To add Kantega SSO for Bitbucket from the gallery, perform the following steps:
4. In the search box, type Kantega SSO for Bitbucket, select Kantega SSO for Bitbucket from result panel

In this section, you configure and test Azure AD single sign-on with Kantega SSO for Bitbucket based on a test
user in Kantega SSO for Bitbucket needs to be established.
To configure and test Azure AD single sign-on with Kantega SSO for Bitbucket, you need to complete the following
building blocks:
2. Configure Kantega SSO for Bitbucket Single Sign-On - to configure the Single Sign-On settings on
application side.
5. Create Kantega SSO for Bitbucket test user - to have a counterpart of Britta Simon in Kantega SSO for
Bitbucket that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with Kantega SSO for Bitbucket, perform the following steps:
1. In the Azure portal, on the Kantega SSO for Bitbucket application integration page, select Single sign-
on.
dialog.
initiated mode:
NOTE
are received during the configuration of Bitbucket plugin which is explained later in the tutorial.
7. On the Set up Kantega SSO for Bitbucket section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Kantega SSO for Bitbucket Single Sign-On
1. In a different web browser window, sign in to your Bitbucket admin portal as an administrator.
2. Click cog and click the Find new add-ons.
3. Search Kantega SSO for Bitbucket SAML & Kerberos and click Install button to install the new SAML
plugin.
4. The plugin installation starts.
6. Click Manage.

dropdown.

b. Click Next.
Azure portal.
b. Click Next.
b. Click Next.
14. On the Bitbucket user accounts section, perform following steps:
a. Select Create users in Bitbucket's internal Directory if needed and enter the appropriate name of the
b. Click Next.
15. Click Finish.

c. Click Save.

d. Click Create.
Bitbucket.
Bitbucket.
2. In the applications list, select Kantega SSO for Bitbucket.

Create Kantega SSO for Bitbucket test user
To enable Azure AD users to sign in to Bitbucket, they must be provisioned into Bitbucket. In case of Kantega SSO
for Bitbucket, provisioning is a manual task.
1. Sign in to your Bitbucket company site as an administrator.
2. Click on settings icon.
3. Under Administration tab section, click Users.
4. Click Create user.
5. On the Create User dialog page, perform the following steps:

c. In the Email address textbox, type the email address of user like Brittasimon@contoso.com.
e. In the Confirm Password textbox, reenter the password of user.
f. Click Create user.
Test single sign-on
When you click the Kantega SSO for Bitbucket tile in the Access Panel, you should be automatically signed in to the
Kantega SSO for Bitbucket for which you set up SSO. For more information about the Access Panel, see
Kantega SSO for Confluence
In this tutorial, you learn how to integrate Kantega SSO for Confluence with Azure Active Directory (Azure AD ).
Integrating Kantega SSO for Confluence with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Kantega SSO for Confluence.
You can enable your users to be automatically signed-in to Kantega SSO for Confluence (Single Sign-On) with
you begin.
Prerequisites
To configure Azure AD integration with Kantega SSO for Confluence, you need the following items:
Kantega SSO for Confluence single sign-on enabled subscription
Kantega SSO for Confluence supports SP and IDP initiated SSO
Adding Kantega SSO for Confluence from the gallery

To configure the integration of Kantega SSO for Confluence into Azure AD, you need to add Kantega SSO for
Confluence from the gallery to your list of managed SaaS apps.
To add Kantega SSO for Confluence from the gallery, perform the following steps:
4. In the search box, type Kantega SSO for Confluence, select Kantega SSO for Confluence from result

In this section, you configure and test Azure AD single sign-on with Kantega SSO for Confluence based on a test
user in Kantega SSO for Confluence needs to be established.
To configure and test Azure AD single sign-on with Kantega SSO for Confluence, you need to complete the
2. Configure Kantega SSO for Confluence Single Sign-On - to configure the Single Sign-On settings on
application side.
5. Create Kantega SSO for Confluence test user - to have a counterpart of Britta Simon in Kantega SSO for
Confluence that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with Kantega SSO for Confluence, perform the following steps:
1. In the Azure portal, on the Kantega SSO for Confluence application integration page, select Single sign-
on.
dialog.
initiated mode:
NOTE
are received during the configuration of Confluence plugin, which is explained later in the tutorial.
7. On the Set up Kantega SSO for Confluence section, copy the appropriate URL (s) as per your
requirement.
a. Login URL
c. Logout URL
Configure Kantega SSO for Confluence Single Sign-On
1. In a different web browser window, sign in to your Confluence admin portal as an administrator.
3. Under ATLASSIAN MARKETPLACE tab, click Find new add-ons.
4. Search Kantega SSO for Confluence SAML Kerberos and click Install button to install the new SAML
plugin.
7. Click Manage.
9. This new plugin can also be found under USERS & SECURITY tab.
dropdown.

b. Click Next.
Azure portal.
b. Click Next.
b. Click Next.
16. On the Confluence user accounts section, perform following steps:
a. Select Create users in Confluence's internal Directory if needed and enter the appropriate name of
the group for users (can be multiple no. of groups separated by comma).
b. Click Next.
17. Click Finish.
c. Click Save.

d. Click Create.
Confluence.
Confluence.
2. In the applications list, select Kantega SSO for Confluence.

Create Kantega SSO for Confluence test user
To enable Azure AD users to sign in to Confluence, they must be provisioned into Confluence. In the case of
Kantega SSO for Confluence, provisioning is a manual task.
1. Sign in to your Kantega SSO for Confluence company site as an administrator.
3. Under Users section, click Add Users tab. On the Add a User dialog page, perform the following steps:

b. In the Full Name textbox, type the full name of user like Britta Simon.
d. In the Password textbox, type the password for user.
Test single sign-on
When you click the Kantega SSO for Confluence tile in the Access Panel, you should be automatically signed in to
the Kantega SSO for Confluence for which you set up SSO. For more information about the Access Panel, see
Kantega SSO for FishEye/Crucible
In this tutorial, you learn how to integrate Kantega SSO for FishEye/Crucible with Azure Active Directory (Azure
AD ). Integrating Kantega SSO for FishEye/Crucible with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Kantega SSO for FishEye/Crucible.
You can enable your users to be automatically signed-in to Kantega SSO for FishEye/Crucible (Single Sign-On)
you begin.
Prerequisites
To configure Azure AD integration with Kantega SSO for FishEye/Crucible, you need the following items:
Kantega SSO for FishEye/Crucible single sign-on enabled subscription
Kantega SSO for FishEye/Crucible supports SP and IDP initiated SSO
Adding Kantega SSO for FishEye/Crucible from the gallery

To configure the integration of Kantega SSO for FishEye/Crucible into Azure AD, you need to add Kantega SSO
for FishEye/Crucible from the gallery to your list of managed SaaS apps.
To add Kantega SSO for FishEye/Crucible from the gallery, perform the following steps:
4. In the search box, type Kantega SSO for FishEye/Crucible, select Kantega SSO for FishEye/Crucible

In this section, you configure and test Azure AD single sign-on with Kantega SSO for FishEye/Crucible based on a
related user in Kantega SSO for FishEye/Crucible needs to be established.
To configure and test Azure AD single sign-on with Kantega SSO for FishEye/Crucible, you need to complete the
2. Configure Kantega SSO for FishEye/Crucible Single Sign-On - to configure the Single Sign-On settings
5. Create Kantega SSO for FishEye/Crucible test user - to have a counterpart of Britta Simon in Kantega SSO
for FishEye/Crucible that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with Kantega SSO for FishEye/Crucible, perform the following steps:
1. In the Azure portal, on the Kantega SSO for FishEye/Crucible application integration page, select Single
sign-on.
dialog.
initiated mode:
NOTE
are received during the configuration of FishEye/Crucible plugin which is explained later in the tutorial.
7. On the Set up Kantega SSO for FishEye/Crucible section, copy the appropriate URL (s) as per your
requirement.
a. Login URL
c. Logout URL
Configure Kantega SSO for FishEye/Crucible Single Sign-On
1. In a different web browser window, sign in to your FishEye/Crucible on-premises server as an administrator.
3. Under System Settings section, click Find new add-ons.
4. Search Kantega SSO for Crucible and click Install button to install the new SAML plugin.

7. Click Manage.
dropdown.
b. Click Next.
Azure portal.
b. Click Next.
b. Click Next.
15. On the FishEye user accounts section, perform following steps:
a. Select Create users in FishEye's internal Directory if needed and enter the appropriate name of the
b. Click Next.
16. Click Finish.
c. Click Save.

d. Click Create.
FishEye/Crucible.
FishEye/Crucible.
2. In the applications list, select Kantega SSO for FishEye/Crucible.

Create Kantega SSO for FishEye/Crucible test user
To enable Azure AD users to sign in to FishEye/Crucible, they must be provisioned into FishEye/Crucible. In
Kantega SSO for FishEye/Crucible, provisioning is a manual task.
1. Sign in to your Crucible on-premises server as an administrator.
2. Hover on cog and click the Users.
3. Under Users tab section, click Add user.
4. On the Add New User dialog page, perform the following steps:

b. In the Display Name textbox, type display name of the user like Britta Simon.
c. In the Email address textbox, type the email address of user like Brittasimon@contoso.com.
e. In the Confirm Password textbox, reenter the password of user.
f. Click Add.
Test single sign-on
When you click the Kantega SSO for FishEye/Crucible tile in the Access Panel, you should be automatically signed
in to the Kantega SSO for FishEye/Crucible for which you set up SSO. For more information about the Access
Kantega SSO for JIRA
In this tutorial, you learn how to integrate Kantega SSO for JIRA with Azure Active Directory (Azure AD ).
Integrating Kantega SSO for JIRA with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Kantega SSO for JIRA.
You can enable your users to be automatically signed-in to Kantega SSO for JIRA (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Kantega SSO for JIRA, you need the following items:
Kantega SSO for JIRA single sign-on enabled subscription
Kantega SSO for JIRA supports SP and IDP initiated SSO
Adding Kantega SSO for JIRA from the gallery

To configure the integration of Kantega SSO for JIRA into Azure AD, you need to add Kantega SSO for JIRA from
To add Kantega SSO for JIRA from the gallery, perform the following steps:
4. In the search box, type Kantega SSO for JIRA, select Kantega SSO for JIRA from result panel then click

In this section, you configure and test Azure AD single sign-on with Kantega SSO for JIRA based on a test user
in Kantega SSO for JIRA needs to be established.
To configure and test Azure AD single sign-on with Kantega SSO for JIRA, you need to complete the following
building blocks:
2. Configure Kantega SSO for JIRA Single Sign-On - to configure the Single Sign-On settings on application
side.
5. Create Kantega SSO for JIRA test user - to have a counterpart of Britta Simon in Kantega SSO for JIRA that
To configure Azure AD single sign-on with Kantega SSO for JIRA, perform the following steps:
1. In the Azure portal, on the Kantega SSO for JIRA application integration page, select Single sign-on.
dialog.
initiated mode:
NOTE
are received during the configuration of Jira plugin, which is explained later in the tutorial.
7. On the Set up Kantega SSO for JIRA section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Kantega SSO for JIRA Single Sign-On
1. In a different web browser window, sign in to your JIRA on-premises server as an administrator.
3. Under Add-ons tab section, click Find new add-ons. Search Kantega SSO for JIRA (SAML & Kerberos)
and click Install button to install the new SAML plugin.

6. Click Manage.
7. New plugin is listed under INTEGRATIONS. Click Configure to configure the new plugin.
dropdown.

b. Click Next.
Azure portal.
b. Click Next.
b. Click Next.
14. On the JIRA user accounts section, perform following steps:
a. Select Create users in JIRA's internal Directory if needed and enter the appropriate name of the
b. Click Next.
15. Click Finish.

c. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Kantega SSO for JIRA.
JIRA.
2. In the applications list, select Kantega SSO for JIRA.

Create Kantega SSO for JIRA test user
To enable Azure AD users to sign in to JIRA, they must be provisioned into JIRA. In Kantega SSO for JIRA,
3. Under User management tab section, click Create user.
a. In the Email address textbox, type the email address of user like Brittasimon@contoso.com.
c. In the Username textbox, type the email of user like Brittasimon@contoso.com.
Test single sign-on
When you click the Kantega SSO for JIRA tile in the Access Panel, you should be automatically signed in to the
Kantega SSO for JIRA for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
In this tutorial, you learn how to integrate Keeper Password Manager & Digital Vault with Azure Active Directory
(Azure AD ). Integrating Keeper Password Manager & Digital Vault with Azure AD provides you with the following
benefits:
You can control in Azure AD who has access to Keeper Password Manager & Digital Vault.
You can enable your users to be automatically signed-in to Keeper Password Manager & Digital Vault (Single
you begin.
Prerequisites
To configure Azure AD integration with Keeper Password Manager & Digital Vault, you need the following items:
Keeper Password Manager & Digital Vault single sign-on enabled subscription
Keeper Password Manager & Digital Vault supports SP initiated SSO
Keeper Password Manager & Digital Vault supports Just In Time user provisioning
Adding Keeper Password Manager & Digital Vault from the gallery
To configure the integration of Keeper Password Manager & Digital Vault into Azure AD, you need to add Keeper
Password Manager & Digital Vault from the gallery to your list of managed SaaS apps.
To add Keeper Password Manager & Digital Vault from the gallery, perform the following steps:
4. In the search box, type Keeper Password Manager & Digital Vault, select Keeper Password Manager
& Digital Vault from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Keeper Password Manager & Digital Vault
and the related user in Keeper Password Manager & Digital Vault needs to be established.
To configure and test Azure AD single sign-on with Keeper Password Manager & Digital Vault, you need to
2. Configure Keeper Password Manager & Digital Vault Single Sign-On - to configure the Single Sign-On
5. Create Keeper Password Manager & Digital Vault test user - to have a counterpart of Britta Simon in
Keeper Password Manager & Digital Vault that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with Keeper Password Manager & Digital Vault, perform the following steps:
1. In the Azure portal, on the Keeper Password Manager & Digital Vault application integration page,
dialog.

https://{SSO CONNECT SERVER}/sso-connect/saml/login
https://{SSO CONNECT SERVER}/sso-connect
https://{SSO CONNECT SERVER}/sso-connect/saml/sso
NOTE
These values are not real. Update these values with the actual Sign on URL, Identifier and Reply URL. Contact Keeper
Password Manager & Digital Vault Client support team to get these values. You can also refer to the patterns shown
6. On the Set up Keeper Password Manager & Digital Vault section, copy the appropriate URL (s) as per
your requirement.
a. Login URL
c. Logout URL
Configure Keeper Password Manager & Digital Vault Single Sign-On
To configure single sign-on on Keeper Password Manager & Digital Vault Configuration side, follow the
guidelines given at Keeper Support Guide.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Keeper Password
Manager & Digital Vault.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Keeper Password
Manager & Digital Vault.
2. In the applications list, select Keeper Password Manager & Digital Vault.
Create Keeper Password Manager & Digital Vault test user
To enable Azure AD users to log in to Keeper Password Manager & Digital Vault, they must be provisioned into
Keeper Password Manager & Digital Vault. Application supports Just in time user provisioning and after
authentication users will be created in the application automatically. You can contact Keeper Support, if you want to
setup users manually.
Test single sign-on
When you click the Keeper Password Manager & Digital Vault tile in the Access Panel, you should be automatically
signed in to the Keeper Password Manager & Digital Vault for which you set up SSO. For more information about
Kindling
In this tutorial, you learn how to integrate Kindling with Azure Active Directory (Azure AD ). Integrating Kindling
You can control in Azure AD who has access to Kindling.
You can enable your users to be automatically signed-in to Kindling (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Kindling, you need the following items:
Kindling single sign-on enabled subscription
Kindling supports SP initiated SSO
Kindling supports Just In Time user provisioning
Adding Kindling from the gallery

To configure the integration of Kindling into Azure AD, you need to add Kindling from the gallery to your list of
managed SaaS apps.
To add Kindling from the gallery, perform the following steps:
4. In the search box, type Kindling, select Kindling from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Kindling based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Kindling
To configure and test Azure AD single sign-on with Kindling, you need to complete the following building blocks:
2. Configure Kindling Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Kindling test user - to have a counterpart of Britta Simon in Kindling that is linked to the Azure AD
To configure Azure AD single sign-on with Kindling, perform the following steps:
1. In the Azure portal, on the Kindling application integration page, select Single sign-on.
dialog.

https://<companyname>.kindlingapp.com
https://<companyname>.kindlingapp.com/saml/module.php/saml/sp/metadata.php/clientIDP
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Kindling Client
6. On the Set up Kindling section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Kindling Single Sign-On
To configure single sign-on on Kindling side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to Kindling support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Kindling.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Kindling.
2. In the applications list, select Kindling.
Create Kindling test user
In this section, a user called Britta Simon is created in Kindling. Kindling supports just-in-time user provisioning,
which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Kindling,
Test single sign-on
When you click the Kindling tile in the Access Panel, you should be automatically signed in to the Kindling for
Kintone
In this tutorial, you learn how to integrate Kintone with Azure Active Directory (Azure AD ). Integrating Kintone
You can control in Azure AD who has access to Kintone.
You can enable your users to be automatically signed-in to Kintone (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Kintone, you need the following items:
Kintone single sign-on enabled subscription
Kintone supports SP initiated SSO
Adding Kintone from the gallery

To configure the integration of Kintone into Azure AD, you need to add Kintone from the gallery to your list of
managed SaaS apps.
To add Kintone from the gallery, perform the following steps:
4. In the search box, type Kintone, select Kintone from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Kintone based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Kintone
To configure and test Azure AD single sign-on with Kintone, you need to complete the following building blocks:
2. Configure Kintone Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Kintone test user - to have a counterpart of Britta Simon in Kintone that is linked to the Azure AD
To configure Azure AD single sign-on with Kintone, perform the following steps:
1. In the Azure portal, on the Kintone application integration page, select Single sign-on.
dialog.

a. In the Sign on URL text box, type a URL using the following pattern: https://<companyname>.kintone.com
https://<companyname>.cybozu.com
https://<companyname>.kintone.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Kintone Client
6. On the Set up Kintone section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Kintone Single Sign-On
1. In a different web browser window, sign into your Kintone company site as an administrator.
2. Click Settings icon.
3. Click Users & System Administration.
4. Under System Administration > Security click Login.
5. Click Enable SAML authentication.

a. In the Login URL textbox, paste the value of Login URL which you have copied from Azure portal.
b. In the Logout URL textbox, paste the value of Logout URL which you have copied from Azure portal.
c. Click Browse to upload your downloaded certificate file from Azure portal.
d. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Kintone.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Kintone.
2. In the applications list, select Kintone.

Create Kintone test user
To enable Azure AD users to sign in to Kintone, they must be provisioned into Kintone. In the case of Kintone,
1. Sign in to your Kintone company site as an administrator.
2. Click Settings icon.
3. Click Users & System Administration.
4. Under User Administration, click Departments & Users.
5. Click New User.
6. In the New User section, perform the following steps:
a. Type a Display Name, Login Name, New Password, Confirm Password, E -mail Address, and other
details of a valid Azure AD account you want to provision into the related textboxes.
b. Click Save.
NOTE
You can use any other Kintone user account creation tools or APIs provided by Kintone to provision Azure AD user accounts.
Test single sign-on

When you click the Kintone tile in the Access Panel, you should be automatically signed in to the Kintone for which
Tutorial: Integrate Kiteworks with Azure Active
Directory
In this tutorial, you'll learn how to integrate Kiteworks with Azure Active Directory (Azure AD ). When you integrate
Kiteworks with Azure AD, you can:
Control in Azure AD who has access to Kiteworks.
Enable your users to be automatically signed-in to Kiteworks with their Azure AD accounts.
Prerequisites
Kiteworks single sign-on (SSO ) enabled subscription.
Kiteworks supports SP initiated SSO
Kiteworks supports Just In Time user provisioning
Adding Kiteworks from the gallery

To configure the integration of Kiteworks into Azure AD, you need to add Kiteworks from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Kiteworks in the search box.
6. Select Kiteworks from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.

Configure and test Azure AD SSO with Kiteworks using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Kiteworks.
To configure and test Azure AD SSO with Kiteworks, complete the following building blocks:
2. Configure Kiteworks SSO - to configure the Single Sign-On settings on application side.
5. Create Kiteworks test user - to have a counterpart of Britta Simon in Kiteworks that is linked to the Azure AD
1. In the Azure portal, on the Kiteworks application integration page, find the Manage section and select
Single sign-on.
https://<kiteworksURL>.kiteworks.com
https://<kiteworksURL>/sp/module.php/saml/sp/saml2-acs.php/sp-sso
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Kiteworks Client
6. On the Set up Kiteworks section, copy the appropriate URL (s) based on your requirement.
Configure Kiteworks SSO
1. Sign on to your Kiteworks company site as an administrator.
2. In the toolbar on the top, click Settings.
3. In the Authentication and Authorization section, click SSO Setup.
4. On the SSO Setup page, perform the following steps:

a. Select Authenticate via SSO.
b. Select Initiate AuthnRequest.
c. In the IDP Entity ID textbox, paste the value of Azure AD Identifier, which you have copied from Azure
portal.
d. In the Single Sign-On Service URL textbox, paste the value of Login URL, which you have copied from
Azure portal.
e. In the Single Logout Service URL textbox, paste the value of Logout URL, which you have copied from
Azure portal.
f. Open your downloaded certificate in Notepad, copy the content, and then paste it into the RSA Public
Key Certificate textbox.
g. Click Save.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Kiteworks.
2. In the applications list, select Kiteworks.
Create Kiteworks test user
The objective of this section is to create a user called Britta Simon in Kiteworks.
Kiteworks supports just-in-time provisioning, which is by default enabled. There is no action item for you in this
section. A new user is created during an attempt to access Kiteworks if it doesn't exist yet.
NOTE
If you need to create a user manually, you need to contact the Kiteworks support team.
Test SSO
When you click the Kiteworks tile in the Access Panel, you should be automatically signed in to the Kiteworks for
Tutorial: Azure Active Directory integration with Klue
In this tutorial, you learn how to integrate Klue with Azure Active Directory (Azure AD ). Integrating Klue with Azure
You can control in Azure AD who has access to Klue.
You can enable your users to be automatically signed-in to Klue (Single Sign-On) with their Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Klue, you need the following items:
Klue single sign-on enabled subscription
Klue supports SP and IDP initiated SSO
Klue supports Just In Time user provisioning
Adding Klue from the gallery

To configure the integration of Klue into Azure AD, you need to add Klue from the gallery to your list of managed
SaaS apps.
To add Klue from the gallery, perform the following steps:
4. In the search box, type Klue, select Klue from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Klue based on a test user called Britta Simon.
For single sign-on to work, a link relationship between an Azure AD user and the related user in Klue needs to be
established.
To configure and test Azure AD single sign-on with Klue, you need to complete the following building blocks:
2. Configure Klue Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Klue test user - to have a counterpart of Britta Simon in Klue that is linked to the Azure AD
To configure Azure AD single sign-on with Klue, perform the following steps:
1. In the Azure portal, on the Klue application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type a URL using the following pattern: urn:klue:<Customer ID>
https://app.klue.com/account/auth/saml/<Customer UUID>/callback
initiated mode:
https://app.klue.com/account/auth/saml/<Customer UUID>/
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact Klue
6. Klue application expects the SAML assertions in a specific format. Configure the following claims for this
Attributes dialog.
f. Click Ok
g. Click Save.
9. On the Set up Klue section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Klue Single Sign-On
To configure single sign-on on Klue side, you need to send the downloaded Certificate (Base64) and appropriate
copied URLs from Azure portal to Klue support team. They set this setting to have the SAML SSO connection set

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Klue.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Klue.
2. In the applications list, select Klue.

Create Klue test user
In this section, a user called Britta Simon is created in Klue. Klue supports just-in-time user provisioning, which is
enabled by default. There is no action item for you in this section. If a user doesn't already exist in Klue, a new one
Test single sign-on
When you click the Klue tile in the Access Panel, you should be automatically signed in to the Klue for which you
KnowBe4 Security Awareness Training
In this tutorial, you learn how to integrate KnowBe4 Security Awareness Training with Azure Active Directory
(Azure AD ). Integrating KnowBe4 Security Awareness Training with Azure AD provides you with the following
benefits:
You can control in Azure AD who has access to KnowBe4 Security Awareness Training.
You can enable your users to be automatically signed-in to KnowBe4 Security Awareness Training (Single Sign-
you begin.
Prerequisites
To configure Azure AD integration with KnowBe4 Security Awareness Training, you need the following items:
KnowBe4 Security Awareness Training single sign-on enabled subscription
KnowBe4 Security Awareness Training supports SP initiated SSO
KnowBe4 Security Awareness Training supports Just In Time user provisioning
Adding KnowBe4 Security Awareness Training from the gallery

To configure the integration of KnowBe4 Security Awareness Training into Azure AD, you need to add KnowBe4
Security Awareness Training from the gallery to your list of managed SaaS apps.
To add KnowBe4 Security Awareness Training from the gallery, perform the following steps:
4. In the search box, type KnowBe4 Security Awareness Training, select KnowBe4 Security Awareness
Training from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with KnowBe4 Security Awareness Training based
the related user in KnowBe4 Security Awareness Training needs to be established.
To configure and test Azure AD single sign-on with KnowBe4 Security Awareness Training, you need to complete
2. Configure KnowBe4 Security Awareness Training Single Sign-On - to configure the Single Sign-On
5. Create KnowBe4 Security Awareness Training test user - to have a counterpart of Britta Simon in KnowBe4
Security Awareness Training that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with KnowBe4 Security Awareness Training, perform the following steps:
1. In the Azure portal, on the KnowBe4 Security Awareness Training application integration page, select
Single sign-on.
dialog.

https://<companyname>.KnowBe4.com/auth/saml/<instancename>
NOTE
The sign on URL value is not real. Update this value with the actual Sign on URL. Contact KnowBe4 Security
Awareness Training Client support team to get this value. You can also refer to the pattern shown in the Basic SAML
b. In the Identifier (Entity ID ) text box, type the string value: KnowBe4
NOTE
This is case-sensitive.
on your computer.
6. On the Set up KnowBe4 Security Awareness Training section, copy the appropriate URL (s) as per your
requirement.
a. Login URL
c. Logout URL
Configure KnowBe4 Security Awareness Training Single Sign-On
To configure single sign-on on KnowBe4 Security Awareness Training side, you need to send the downloaded
Certificate (Raw) and appropriate copied URLs from Azure portal to KnowBe4 Security Awareness Training

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to KnowBe4 Security
Awareness Training.
1. In the Azure portal, select Enterprise Applications, select All applications, then select KnowBe4
Security Awareness Training.
2. In the applications list, select KnowBe4 Security Awareness Training.

Create KnowBe4 Security Awareness Training test user
The objective of this section is to create a user called Britta Simon in KnowBe4 Security Awareness Training.
KnowBe4 Security Awareness Training supports just-in-time provisioning, which is by default enabled.
There is no action item for you in this section. A new user is created during an attempt to access KnowBe4 Security
Awareness Training if it doesn't exist yet.
NOTE
If you need to create a user manually, you need to contact the KnowBe4 Security Awareness Training support team.
Test single sign-on

When you click the KnowBe4 Security Awareness Training tile in the Access Panel, you should be automatically
signed in to the KnowBe4 Security Awareness Training for which you set up SSO. For more information about the
Tutorial: Integrate Knowledge Anywhere LMS with
In this tutorial, you'll learn how to integrate Knowledge Anywhere LMS with Azure Active Directory (Azure AD ).
When you integrate Knowledge Anywhere LMS with Azure AD, you can:
Control in Azure AD who has access to Knowledge Anywhere LMS.
Enable your users to be automatically signed-in to Knowledge Anywhere LMS with their Azure AD accounts.
Prerequisites
Knowledge Anywhere LMS single sign-on (SSO ) enabled subscription.
In this tutorial, you configure and test Azure AD SSO in a test environment. Knowledge Anywhere LMS supports
SP initiated SSO and supports Just In Time user provisioning.
Adding Knowledge Anywhere LMS from the gallery

To configure the integration of Knowledge Anywhere LMS into Azure AD, you need to add Knowledge Anywhere
LMS from the gallery to your list of managed SaaS apps.
5. In the Add from the gallery section, type Knowledge Anywhere LMS in the search box.
6. Select Knowledge Anywhere LMS from results panel and then add the app. Wait a few seconds while the app

Configure and test Azure AD SSO with Knowledge Anywhere LMS using a test user called B. Simon. For SSO to
work, you need to establish a link relationship between an Azure AD user and the related user in Knowledge
Anywhere LMS.
To configure and test Azure AD SSO with Knowledge Anywhere LMS, complete the following building blocks:
2. Configure Knowledge Anywhere LMS to configure the SSO settings on application side.
5. Create Knowledge Anywhere LMS test user to have a counterpart of B. Simon in Knowledge Anywhere
LMS that is linked to the Azure AD representation of user.
1. In the Azure portal, on the Knowledge Anywhere LMS application integration page, find the Manage
https://<CLIENTNAME>.knowledgeanywhere.com/
https://<CLIENTNAME>.knowledgeanywhere.com/SSO/SAML/Response.aspx?<IDPNAME>
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL, which is explained later in the
tutorial.
initiated mode:
https://<CLIENTNAME>.knowledgeanywhere.com/
NOTE
The Sign-on URL value is not real. Update this value with the actual Sign-on URL. Contact Knowledge Anywhere LMS
Client support team to get this value. You can also refer to the patterns shown in the Basic SAML Configuration
7. On the Set up Knowledge Anywhere LMS section, copy the appropriate URL (s) based on your
requirement.
Configure Knowledge Anywhere LMS

1. To automate the configuration within Knowledge Anywhere LMS, you need to install My Apps Secure
2. After adding extension to the browser, click on Setup Knowledge Anywhere LMS will direct you to the
Knowledge Anywhere LMS application. From there, provide the admin credentials to sign into Knowledge
Anywhere LMS. The browser extension will automatically configure the application for you and automate
steps 3-7.
3. If you want to setup Knowledge Anywhere LMS manually, open a new web browser window and sign into
your Knowledge Anywhere LMS company site as an administrator and perform the following steps:
4. Select on the Site tab.
5. Select on the SAML Settings tab.
6. Click on the Add New.
7. On the Add/Update SAML Settings page, perform the following steps:
a. Enter the IDP Name as per your organization. For ex:- Azure .
b. In the IDP Entity ID textbox, paste Azure AD Identifier value ,which you have copied from Azure
portal.
c. In the IDP URL textbox, paste Login URL value, which you have copied from Azure portal.
d. Open the downloaded certificate file from the Azure portal into notepad, copy the content of the
certificate and paste it into Certificate textbox.
e. In the Logout URL textbox, paste Logout URL value, which you have copied from Azure portal.
f. Select Main Site from the dropdown for the Domain.
g. Copy the SP Entity ID value and paste it into Identifier text box in the Basic SAML Configuration
h. Copy the SP Response(ACS ) URL value and paste it into Reply URL text box in the Basic SAML
i. Click Save.
box.
d. Click Create.
In this section, you'll enable B. Simon to use Azure single sign-on by granting access to Knowledge Anywhere
LMS.
2. In the applications list, select Knowledge Anywhere LMS.
Create Knowledge Anywhere LMS test user
In this section, a user called B. Simon is created in Knowledge Anywhere LMS. Knowledge Anywhere LMS
If a user doesn't already exist in Knowledge Anywhere LMS, a new one is created after authentication.
Test SSO
When you select the Knowledge Anywhere LMS tile in the Access Panel, you should be automatically signed in to
the Knowledge Anywhere LMS for which you set up SSO. For more information about the Access Panel, see
integration with KnowledgeOwl
In this tutorial, you'll learn how to integrate KnowledgeOwl with Azure Active Directory (Azure AD ). When you integrate
KnowledgeOwl with Azure AD, you can:
Control in Azure AD who has access to KnowledgeOwl.
Enable your users to be automatically signed-in to KnowledgeOwl with their Azure AD accounts.
Active Directory.
Prerequisites
KnowledgeOwl single sign-on (SSO ) enabled subscription.
KnowledgeOwl supports SP and IDP initiated SSO
KnowledgeOwl supports Just In Time user provisioning
Adding KnowledgeOwl from the gallery

To configure the integration of KnowledgeOwl into Azure AD, you need to add KnowledgeOwl from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type KnowledgeOwl in the search box.
6. Select KnowledgeOwl from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for KnowledgeOwl

Configure and test Azure AD SSO with KnowledgeOwl using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in KnowledgeOwl.
To configure and test Azure AD SSO with KnowledgeOwl, complete the following building blocks:
2. Configure KnowledgeOwl SSO - to configure the single sign-on settings on application side.
Create KnowledgeOwl test user - to have a counterpart of B.Simon in KnowledgeOwl that is linked to the Azure

1. In the Azure portal, on the KnowledgeOwl application integration page, find the Manage section and select single
sign-on.
3. On the Set up single sign-on with SAML page, click the edit/pen icon for Basic SAML Configuration to edit the
settings.
4. On the Basic SAML Configuration section, if you wish to configure the application in IDP initiated mode, enter the
values for the following fields:
https://app.knowledgeowl.com/sp
https://app.knowledgeowl.com/sp/id/<unique ID>
https://subdomain.knowledgeowl.com/help/saml-login
https://subdomain.knowledgeowl.com/docs/saml-login
https://subdomain.knowledgeowl.com/home/saml-login
https://privatedomain.com/help/saml-login
https://privatedomain.com/docs/saml-login
https://privatedomain.com/home/saml-login
mode:
https://subdomain.knowledgeowl.com/help/saml-login
https://subdomain.knowledgeowl.com/docs/saml-login
https://subdomain.knowledgeowl.com/home/saml-login
https://privatedomain.com/help/saml-login
https://privatedomain.com/docs/saml-login
https://privatedomain.com/home/saml-login
NOTE
These values are not real. You'll need to update these value from actual Identifier, Reply URL, and Sign-On URL which is explained
6. KnowledgeOwl application expects the SAML assertions in a specific format, which requires you to add custom
attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default
attributes.
7. In addition to above, KnowledgeOwl application expects few more attributes to be passed back in SAML response
which are shown below. These attributes are also pre populated but you can review them as per your requirements.
ssoid user.mail http://schemas.xmlsoap.org/ws/2005/05/identity/claims
8. On the Set up single sign-on with SAML page, in the SAML Signing Certificate section, find Certificate (Raw)
and select Download to download the certificate and save it on your computer.
9. On the Set up KnowledgeOwl section, copy the appropriate URL (s) based on your requirement.

d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to KnowledgeOwl.
2. In the applications list, select KnowledgeOwl.
screen.
Configure KnowledgeOwl SSO

1. In a different web browser window, sign into your KnowledgeOwl company site as an administrator.
2. Click on Settings and then select Security.
3. Scroll to SAML SSO Integration and perform the following steps:
a. Select Enable SAML SSO.

b. Copy the SP Entity ID value and paste it into the Identifier (Entity ID ) in the Basic SAML Configuration
section on the Azure portal.
c. Copy the SP Login URL value and paste it into the Sign-on URL and Reply URL textboxes in the Basic SAML
Configuration section on the Azure portal.
d. In the IdP entityID textbox, paste the Azure AD Identifier value, which you have copied from the Azure portal.
e. In the IdP Login URL textbox, paste the Login URL value, which you have copied from the Azure portal.
f. In the IdP Logout URL textbox, paste the Logout URL value, which you have copied from the Azure portal
g. Upload the downloaded certificate form the Azure portal by clicking the Upload IdP Certificate.
h. Click on Map SAML Attributes to map attributes and perform the following steps:
Enter http://schemas.xmlsoap.org/ws/2005/05/identity/claims/ssoid into the SSO ID textbox
Enter http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress into the Username/Email textbox.
Enter http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname into the First Name textbox.
Enter http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname into the Last Name textbox.
Click Save
i. Click Save at the bottom of the page.
Create KnowledgeOwl test user

In this section, a user called B.Simon is created in KnowledgeOwl. KnowledgeOwl supports just-in-time user provisioning,
which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in KnowledgeOwl, a
NOTE
If you need to create a user manually, contact KnowledgeOwl support team.
Test SSO
When you click the KnowledgeOwl tile in the Access Panel, you should be automatically signed in to the KnowledgeOwl for
Try KnowledgeOwl with Azure AD
Kontiki
In this tutorial, you learn how to integrate Kontiki with Azure Active Directory (Azure AD ).
Integrating Kontiki with Azure AD gives you the following benefits:
You can use Azure AD to control who has access to Kontiki.
Users can be automatically signed in to Kontiki with their Azure AD accounts (single sign-on).
Prerequisites
To configure Azure AD integration with Kontiki, you need the following items:
A Kontiki subscription with single sign-on enabled.
In this tutorial, you configure and test Azure AD single sign-on in a test environment and integrate Kontiki with
Azure AD.
Kontiki supports the following features:
Just-in-time user provisioning
Add Kontiki in the Azure portal

To integrate Kontiki with Azure AD, you must add Kontiki to your list of managed SaaS apps.

5. In the search box, enter Kontiki. In the search results, select Kontiki, and then select Add.

In this section, you configure and test Azure AD single sign-on with Kontiki based on a test user named Britta
Simon. For single sign-on to work, you must establish a linked relationship between an Azure AD user and the
related user in Kontiki.
To configure and test Azure AD single sign-on with Kontiki, you must complete the following building blocks:
TASK DESCRIPTION
Configure Kontiki single sign-on Configures the single sign-on settings in the application.
Create a Kontiki test user Creates a counterpart of Britta Simon in Kontiki that is linked
to the Azure AD representation of the user.

In this section, you configure Azure AD single sign-on with Kontiki in the Azure portal.
1. In the Azure portal, in the Kontiki application integration pane, select Single sign-on.
on.
Configuration pane.
4. In the Basic SAML Configuration pane, in the Sign on URL text box, enter a URL that has the following
pattern: https://<companyname>.mc.eval.kontiki.com
NOTE
Contact the Kontiki Client support team to get the correct value to use. You can also refer to the patterns shown in
Download next to Federation Metadata XML. Select a download option based on your requirements.
Save the certificate on your computer.
6. In the Set up Kontiki section, copy the following URLs based on your requirements:
Login URL
Azure AD Identifier
Logout URL
Configure Kontiki single sign-on

To configure single sign-on on the Kontiki side, send the downloaded Federation Metadata XML file and the
relevant URLs that you copied from the Azure portal to the Kontiki support team. The Kontiki support team uses
the information you send them to ensure that the SAML single sign-on connection is set properly on both sides.
2. Select New user.

d. Select Create.

In this section, you grant Britta Simon access to Kontiki so she can use Azure single sign-on.
1. In the Azure portal, select Enterprise applications > All applications > Kontiki.
2. In the applications list, select Kontiki.
Create a Kontiki test user
There's no action item for you to configure user provisioning in Kontiki. When an assigned user tries to sign in to
Kontiki by using the My Apps portal, Kontiki checks whether the user exists. If no user account is found, Kontiki
automatically creates the user account.
Test single sign-on
After you set up single sign-on, when you select Kontiki in the My Apps portal, you are automatically signed in to
Kontiki. For more information about the My Apps portal, see Access and use apps in the My Apps portal.
Next steps
Tutorial: Azure Active Directory integration with Korn
Ferry ALP
In this tutorial, you learn how to integrate Korn Ferry ALP with Azure Active Directory (Azure AD ). Integrating Korn
Ferry ALP with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Korn Ferry ALP.
You can enable your users to be automatically signed-in to Korn Ferry ALP (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Korn Ferry ALP, you need the following items:
Korn Ferry ALP single sign-on enabled subscription
Korn Ferry ALP supports SP initiated SSO
Adding Korn Ferry ALP from the gallery

To configure the integration of Korn Ferry ALP into Azure AD, you need to add Korn Ferry ALP from the gallery to
To add Korn Ferry ALP from the gallery, perform the following steps:
4. In the search box, type Korn Ferry ALP, select Korn Ferry ALP from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with Korn Ferry ALP based on a test user called
Korn Ferry ALP needs to be established.
To configure and test Azure AD single sign-on with Korn Ferry ALP, you need to complete the following building
blocks:
2. Configure Korn Ferry ALP Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Korn Ferry ALP test user - to have a counterpart of Britta Simon in Korn Ferry ALP that is linked to
To configure Azure AD single sign-on with Korn Ferry ALP, perform the following steps:
1. In the Azure portal, on the Korn Ferry ALP application integration page, select Single sign-on.
dialog.

https://intappextin01/portalweb/sso/client/audience?guid=<customerguid>
https://qaassessment.kfnaqa.com/portalweb/sso/client/audience?guid=<customerguid>
https://assessments.kornferry.com/portalweb/sso/client/audience?guid=<customerguid>
https://intappextin01/portalweb/sso/client/audience?guid=<customerguid>
https://qaassessment.kfnaqa.com/portalweb/sso/client/audience?guid=<customerguid>
https://assessments.kornferry.com/portalweb/sso/client/audience?guid=<customerguid>
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Korn Ferry ALP
Configure Korn Ferry ALP Single Sign-On
To configure single sign-on on Korn Ferry ALP side, you need to send the App Federation Metadata Url to
Korn Ferry ALP support team. They set this setting to have the SAML SSO connection set properly on both sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Korn Ferry ALP.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Korn Ferry ALP.
2. In the applications list, select Korn Ferry ALP.
Create Korn Ferry ALP test user
In this section, you create a user called Britta Simon in Korn Ferry ALP. Work with Korn Ferry ALP support team to
add the users in the Korn Ferry ALP platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Korn Ferry ALP tile in the Access Panel, you should be automatically signed in to the Korn Ferry
ALP for which you set up SSO. For more information about the Access Panel, see Introduction to the Access Panel.
integration with Kronos
In this tutorial, you'll learn how to integrate Kronos with Azure Active Directory (Azure AD ). When you integrate
Kronos with Azure AD, you can:
Control in Azure AD who has access to Kronos.
Enable your users to be automatically signed-in to Kronos with their Azure AD accounts.
Prerequisites
Kronos single sign-on (SSO ) enabled subscription.
Kronos supports IDP initiated SSO
Adding Kronos from the gallery

To configure the integration of Kronos into Azure AD, you need to add Kronos from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Kronos in the search box.
6. Select Kronos from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Kronos

Configure and test Azure AD SSO with Kronos using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Kronos.
To configure and test Azure AD SSO with Kronos, complete the following building blocks:
2. Configure Kronos SSO - to configure the Single Sign-On settings on application side.
a. Create Kronos test user - to have a counterpart of B.Simon in Kronos that is linked to the Azure AD

1. In the Azure portal, on the Kronos application integration page, find the Manage section and select Single
sign-on.
4. On the Set up Single Sign-On with SAML page, enter the values for the following fields:
a. In the Identifier text box, type a URL using the following pattern: https://<company name>.kronos.net/
https://<company name>.kronos.net/wfc/navigator/logonWithUID
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact Kronos Client
5. Kronos application expects the SAML assertions in a specific format. Configure the following claims for this
Attributes dialog.
a. Click Edit icon to open the Manage user claims dialog.
b. From the Transformation list, select ExtractMailPrefix().
c. From the Parameter 1 list, select user.userprinicipalname.
d. Click Save.
computer.
8. On the Set up Kronos section, copy the appropriate URL (s) based on your requirement.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Kronos.
2. In the applications list, select Kronos.
Configure Kronos SSO

To configure single sign-on on Kronos side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to Kronos support team. They set this setting to have the SAML SSO
Create Kronos test user
In this section, you create a user called Britta Simon in Kronos. Work with Kronos support team to add the users in
the Kronos platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the Kronos tile in the Access Panel, you should be automatically signed in to the Kronos for which
Try Kronos with Azure AD
Kudos
In this tutorial, you learn how to integrate Kudos with Azure Active Directory (Azure AD ). Integrating Kudos with
You can control in Azure AD who has access to Kudos.
You can enable your users to be automatically signed-in to Kudos (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Kudos, you need the following items:
Kudos single sign-on enabled subscription
Kudos supports SP initiated SSO
Adding Kudos from the gallery

To configure the integration of Kudos into Azure AD, you need to add Kudos from the gallery to your list of
managed SaaS apps.
To add Kudos from the gallery, perform the following steps:
4. In the search box, type Kudos, select Kudos from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Kudos based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Kudos
To configure and test Azure AD single sign-on with Kudos, you need to complete the following building blocks:
2. Configure Kudos Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Kudos test user - to have a counterpart of Britta Simon in Kudos that is linked to the Azure AD
To configure Azure AD single sign-on with Kudos, perform the following steps:
1. In the Azure portal, on the Kudos application integration page, select Single sign-on.
dialog.

In the Sign-on URL text box, type a URL using the following pattern: https://<company>.kudosnow.com
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact Kudos Client support team to get the
6. On the Set up Kudos section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Kudos Single Sign-On
1. In a different web browser window, sign into your Kudos company site as an administrator.
2. In the menu on the top, click Settings icon.
3. Click Integrations > SSO and perform the following steps:
a. In Sign on URL textbox, paste the value of Login URL which you have copied from Azure portal.
b. Open your base-64 encoded certificate in notepad, copy the content of it into your clipboard, and then
paste it to the X.509 certificate textbox
c. In Logout To URL textbox, paste the value of Logout URL which you have copied from Azure portal.
d. In the Your Kudos URL textbox, type your company name.
e. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Kudos.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Kudos.
2. In the applications list, select Kudos.

Create Kudos test user
In order to enable Azure AD users to sign in to Kudos, they must be provisioned into Kudos. In the case of Kudos,
1. Sign in to your Kudos company site as administrator.
2. In the menu on the top, click Settings icon.
3. Click User Admin.
4. Click the Users tab, and then click Add a User.
5. In the Add a User section, perform the following steps:
a. Type the First Name, Last Name, Email and other details of a valid Azure Active Directory account you
want to provision into the related textboxes.
b. Click Create User.
NOTE
You can use any other Kudos user account creation tools or APIs provided by Kudos to provision Azure AD user accounts.
Test single sign-on

When you click the Kudos tile in the Access Panel, you should be automatically signed in to the Kudos for which
Tutorial: Integrate Land Gorilla with Azure Active
Directory
In this tutorial, you'll learn how to integrate Land Gorilla with Azure Active Directory (Azure AD ). When you
integrate Land Gorilla with Azure AD, you can:
Control in Azure AD who has access to Land Gorilla.
Enable your users to be automatically signed-in to Land Gorilla with their Azure AD accounts.
Prerequisites
Land Gorilla single sign-on (SSO ) enabled subscription.
Land Gorilla supports IDP initiated SSO
Adding Land Gorilla from the gallery

To configure the integration of Land Gorilla into Azure AD, you need to add Land Gorilla from the gallery to your
5. In the Add from the gallery section, type Land Gorilla in the search box.
6. Select Land Gorilla from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.

Configure and test Azure AD SSO with Land Gorilla using a test user called B.Simon. For SSO to work, you need
to establish a link relationship between an Azure AD user and the related user in Land Gorilla.
To configure and test Azure AD SSO with Land Gorilla, complete the following building blocks:
2. Configure Land Gorilla SSO - to configure the Single Sign-On settings on application side.
5. Create Land Gorilla test user - to have a counterpart of B.Simon in Land Gorilla that is linked to the Azure AD
1. In the Azure portal, on the Land Gorilla application integration page, find the Manage section and select
Single sign-on.
4. On the Set up Single Sign-On with SAML page, enter the values for the following fields:
a. In the Identifier text box, type a URL using one of the following pattern:
https://<customer domain>.landgorilla.com/
https://www.<customer domain>.landgorilla.com
b. In the Reply URL text box, type a URL using one of the following pattern:
https://<customer
domain>.landgorilla.com/simplesaml/module.php/core/authenticate.php
https://www.<customer
domain>.landgorilla.com/simplesaml/module.php/core/authenticate.php
https://<customer
domain>.landgorilla.com/simplesaml/module.php/saml/sp/saml2-
acs.php/default-sp
https://www.<customer
domain>.landgorilla.com/simplesaml/module.php/saml/sp/saml2-
acs.php/default-sp
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Here we suggest you to use
the unique value of string in the Identifier. Contact Land Gorilla Client support team to get these values. You can also
refer to the patterns shown in the Basic SAML Configuration section in the Azure portal.
computer.
6. On the Set up Land Gorilla section, copy the appropriate URL (s) based on your requirement.
Configure Land Gorilla SSO

To configure single sign-on on Land Gorilla side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to Land Gorilla support team. They set this setting to have the
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Land Gorilla.
2. In the applications list, select Land Gorilla.
Create Land Gorilla test user
In this section, you create a user called Britta Simon in Land Gorilla. Work with Land Gorilla support team to add
the users in the Land Gorilla platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the Land Gorilla tile in the Access Panel, you should be automatically signed in to the Land Gorilla
LaunchDarkly
In this tutorial, you learn how to integrate LaunchDarkly with Azure Active Directory (Azure AD ). Integrating
LaunchDarkly with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to LaunchDarkly.
You can enable your users to be automatically signed-in to LaunchDarkly (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with LaunchDarkly, you need the following items:
LaunchDarkly single sign-on enabled subscription
LaunchDarkly supports SP and IDP initiated SSO
LaunchDarkly supports Just In Time user provisioning
Adding LaunchDarkly from the gallery

To configure the integration of LaunchDarkly into Azure AD, you need to add LaunchDarkly from the gallery to
To add LaunchDarkly from the gallery, perform the following steps:
4. In the search box, type LaunchDarkly, select LaunchDarkly from result panel then click Add button to add
the application.

building blocks:
2. Configure LaunchDarkly Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create LaunchDarkly test user - to have a counterpart of Britta Simon in LaunchDarkly that is linked to the
1. In the Azure portal, on the LaunchDarkly application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type a URL: app.launchdarkly.com
https://app.launchdarkly.com/trust/saml2/acs/<customers-unique-id>
NOTE
The Reply URL value is not real. You will update the value with the actual Reply URL, which is explained later in the
tutorial. If you are intending to use the application in IDP mode you need to leave the Sign on URL field blank,
otherwise you will not be able to initiate the login from the IDP. You can also refer to the patterns shown in the Basic
initiated mode:
In the Sign-on URL text box, type a URL using the following pattern: https://app.launchdarkly.com
7. On the Set up LaunchDarkly section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure LaunchDarkly Single Sign-On
1. In a different web browser window, log into your LaunchDarkly company site as an administrator.
2. Select Account Settings from the left navigation panel.
3. Click Security tab.
4. Click ENABLE SSO and then EDIT SAML CONFIGURATION.

5. On the Edit your SAML configuration section, perform the following steps:
a. Copy the SAML consumer service URL for your instance and paste it in Reply URL textbox in
LaunchDarkly Domain and URLs section on Azure portal.
b. In the Sign-on URL textbox, paste the Login URL value, which you have copied from the Azure portal.
c. Open the downloaded certificate from the Azure portal into Notepad, copy the content and then paste it
into the X.509 certificate box or you can directly upload the certificate by clicking the upload one.
d. Click Save

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to LaunchDarkly.
1. In the Azure portal, select Enterprise Applications, select All applications, then select LaunchDarkly.
2. In the applications list, select LaunchDarkly.
Create LaunchDarkly test user
The objective of this section is to create a user called Britta Simon in LaunchDarkly. LaunchDarkly supports just-in-
time provisioning, which is by default enabled. There is no action item for you in this section. A new user is created
during an attempt to access LaunchDarkly if it doesn't exist yet.
NOTE
If you need to create a user manually, contact LaunchDarkly Client support team.
Test single sign-on

When you click the LaunchDarkly tile in the Access Panel, you should be automatically signed in to the
LaunchDarkly for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
LCVista
In this tutorial, you learn how to integrate LCVista with Azure Active Directory (Azure AD ). Integrating LCVista
You can control in Azure AD who has access to LCVista.
You can enable your users to be automatically signed-in to LCVista (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with LCVista, you need the following items:
LCVista single sign-on enabled subscription
LCVista supports SP initiated SSO
Adding LCVista from the gallery

To configure the integration of LCVista into Azure AD, you need to add LCVista from the gallery to your list of
managed SaaS apps.
To add LCVista from the gallery, perform the following steps:
4. In the search box, type LCVista, select LCVista from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with LCVista based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in LCVista
To configure and test Azure AD single sign-on with LCVista, you need to complete the following building blocks:
2. Configure LCVista Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create LCVista test user - to have a counterpart of Britta Simon in LCVista that is linked to the Azure AD
To configure Azure AD single sign-on with LCVista, perform the following steps:
1. In the Azure portal, on the LCVista application integration page, select Single sign-on.
dialog.

https://<subdomain>.lcvista.com/rainier/login
https://<subdomain>.lcvista.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact LCVista Client
6. On the Set up LCVista section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure LCVista Single Sign-On
1. Sign on to your LCVista application as an administrator.
2. In the SAML Config section, check the Enable SAML login and enter the details as mentioned in below
image.
a. In the Entity ID textbox, paste Azure Ad Identifier value, which you have copied from the Azure portal.
b. In the URL textbox, paste Login URL value, which you have copied from the Azure portal.
c. Open the Metadata XML file which you have downloaded from Azure portal into Notepad, copy the value
X509Certificate and paste it in the x509 Certificate section.
d. In the First name attribute textbox, paste the value
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname .
e. In the Last name attribute textbox, paste the value
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname .
f. In the Email attribute textbox, paste the value
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress .
g. In the Username attribute textbox, paste the value
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name .
e. Click Save to save the settings.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to LCVista.
1. In the Azure portal, select Enterprise Applications, select All applications, then select LCVista.
2. In the applications list, select LCVista.
Create LCVista test user
In this section, you create a user called Britta Simon in LCVista. Work with LCVista Client support team to add the
users in the LCVista platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the LCVista tile in the Access Panel, you should be automatically signed in to the LCVista for which
Tutorial: Azure Active Directory integration with Lean
In this tutorial, you learn how to integrate Lean with Azure Active Directory (Azure AD ). Integrating Lean with
You can control in Azure AD who has access to Lean.
You can enable your users to be automatically signed-in to Lean (Single Sign-On) with their Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Lean, you need the following items:
Lean single sign-on enabled subscription
Lean supports SP initiated SSO
Lean supports Just In Time user provisioning
Adding Lean from the gallery

To configure the integration of Lean into Azure AD, you need to add Lean from the gallery to your list of managed
SaaS apps.
To add Lean from the gallery, perform the following steps:
4. In the search box, type Lean, select Lean from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Lean based on a test user called Britta Simon.
For single sign-on to work, a link relationship between an Azure AD user and the related user in Lean needs to be
established.
To configure and test Azure AD single sign-on with Lean, you need to complete the following building blocks:
2. Configure Lean Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Lean test user - to have a counterpart of Britta Simon in Lean that is linked to the Azure AD
To configure Azure AD single sign-on with Lean, perform the following steps:
1. In the Azure portal, on the Lean application integration page, select Single sign-on.
dialog.

https://<SUBDOMAIN>.goodpractice.net/api/gpsso
bloom-goodpractice-<SUBDOMAIN>
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Lean Client support
Azure portal.
6. On the Set up Lean section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Lean Single Sign-On
To configure single sign-on on Lean side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to Lean support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Lean.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Lean.
2. In the applications list, select Lean.
Create Lean test user
In this section, a user called Britta Simon is created in Lean. Lean supports just-in-time user provisioning, which is
enabled by default. There is no action item for you in this section. If a user doesn't already exist in Lean, a new one
Test single sign-on
When you click the Lean tile in the Access Panel, you should be automatically signed in to the Lean for which you
Leapsome
In this tutorial, you learn how to integrate Leapsome with Azure Active Directory (Azure AD ). Integrating
Leapsome with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Leapsome.
You can enable your users to be automatically signed-in to Leapsome (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Leapsome, you need the following items:
Leapsome single sign-on enabled subscription
Leapsome supports SP and IDP initiated SSO
Adding Leapsome from the gallery

To configure the integration of Leapsome into Azure AD, you need to add Leapsome from the gallery to your list of
managed SaaS apps.
To add Leapsome from the gallery, perform the following steps:
4. In the search box, type Leapsome, select Leapsome from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Leapsome based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Leapsome
To configure and test Azure AD single sign-on with Leapsome, you need to complete the following building blocks:
2. Configure Leapsome Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Leapsome test user - to have a counterpart of Britta Simon in Leapsome that is linked to the Azure AD
To configure Azure AD single sign-on with Leapsome, perform the following steps:
1. In the Azure portal, on the Leapsome application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type a URL: https://www.leapsome.com
https://www.leapsome.com/api/users/auth/saml/<CLIENTID>/assert
initiated mode:
https://www.leapsome.com/api/users/auth/saml/<CLIENTID>/login
NOTE
The preceding Reply URL and Sign-on URL value is not real value. You will update these with the actual values, which
is explained later in the tutorial.
6. Your Leapsome application expects the SAML assertions in a specific format, which requires you to add
firstname user.givenname http://schemas.xmlsoap.org/ws/2005

/05/identity/claims
lastname user.surname http://schemas.xmlsoap.org/ws/2005

/05/identity/claims
title user.jobtitle http://schemas.xmlsoap.org/ws/2005

/05/identity/claims
picture URL to the employee's picture http://schemas.xmlsoap.org/ws/2005

/05/identity/claims
NOTE
The value of picture attribute is not real. Update this value with actual picture URL. To get this value contact
Leapsome Client support team.
c. In the Namespace textbox, type the namespace uri for that row.
f. Click Ok
g. Click Save.
9. On the Set up Leapsome section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Leapsome Single Sign-On
1. In a different web browser window, sign in to Leapsome as a Security Administrator.
2. On the top right, Click on Settings logo and then click Admin Settings.
3. On the left menu bar click Single Sign On (SSO ), and on the SAML -based single sign-on (SSO ) page
a. Select Enable SAML -based single sign-on.
b. Copy the Login URL (point your users here to start login) value and paste it into the Sign-on URL
textbox in Basic SAML Configuration section on Azure portal.
c. Copy the Reply URL (receives response from your identity provider) value and paste it into the
Reply URL textbox in Basic SAML Configuration section on Azure portal.
d. In the SSO Login URL (provided by identity provider) textbox, paste the value of Login URL, which
you copied from the Azure portal.
e. Copy the Certificate that you have downloaded from Azure portal without
--BEGIN CERTIFICATE and END CERTIFICATE-- comments and paste it in the Certificate (provided by
identity provider) textbox.
f. Click UPDATE SSO SETTINGS.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Leapsome.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Leapsome.
2. In the applications list, select Leapsome.

Create Leapsome test user
In this section, you create a user called Britta Simon in Leapsome. Work with Leapsome Client support team to add
the users or the domain that must be added to an allow list for the Leapsome platform. If the domain is added by
the team, users will get automatically provisioned to the Leapsome platform. Users must be created and activated
Test single sign-on
When you click the Leapsome tile in the Access Panel, you should be automatically signed in to the Leapsome for
Tutorial: Integrate Learning at Work with Azure Active
Directory
In this tutorial, you'll learn how to integrate Learning at Work with Azure Active Directory (Azure AD ). When you
integrate Learning at Work with Azure AD, you can:
Control in Azure AD who has access to Learning at Work.
Enable your users to be automatically signed-in to Learning at Work with their Azure AD accounts.
Prerequisites
Learning at Work single sign-on (SSO ) enabled subscription.
Learning at Work supports SP initiated SSO
Adding Learning at Work from the gallery

To configure the integration of Learning at Work into Azure AD, you need to add Learning at Work from the
5. In the Add from the gallery section, type Learning at Work in the search box.
6. Select Learning at Work from results panel and then add the app. Wait a few seconds while the app is added
to your tenant.

Configure and test Azure AD SSO with Learning at Work using a test user called B.Simon. For SSO to work, you
need to establish a link relationship between an Azure AD user and the related user in Learning at Work.
To configure and test Azure AD SSO with Learning at Work, complete the following building blocks:
2. Configure Learning at Work SSO - to configure the Single Sign-On settings on application side.
5. Create Learning at Work test user - to have a counterpart of B.Simon in Learning at Work that is linked to
1. In the Azure portal, on the Learning at Work application integration page, find the Manage section and
https://<subdomain>.sabacloud.com/Saba/Web/<company code>
https://<subdomain>.sabacloud.com/Saba/saml/SSO/alias/<company name>
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Learning at Work
5. Learning at Work application expects the SAML assertions in a specific format, which requires you to add
You can update the nameidentifier value in Azure AD based on your Organization setup and this value
needs to match with the User ID in the SABA cloud, for that you need to edit the attribute mapping by
clicking on Edit icon and change the attribute mapping.
computer.
7. On the Set up Learning at Work section, copy the appropriate URL (s) based on your requirement.
Configure Learning at Work SSO

To configure single sign-on on Learning at Work side, you need to send the downloaded Federation Metadata
XML and appropriate copied URLs from Azure portal to Learning at Work support team. They set this setting to
have the SAML SSO connection set properly on both side
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Learning at Work.
2. In the applications list, select Learning at Work.
Create Learning at Work test user
In this section, you create a user called B.Simon in Learning at Work. Work with Learning at Work support team to
add the users in the Learning at Work platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the Learning at Work tile in the Access Panel, you should be automatically signed in to the Learning
at Work for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Learning Seat LMS
In this tutorial, you learn how to integrate Learning Seat LMS with Azure Active Directory (Azure AD ). Integrating
Learning Seat LMS with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Learning Seat LMS.
You can enable your users to be automatically signed-in to Learning Seat LMS (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Learning Seat LMS, you need the following items:
Learning Seat LMS single sign-on enabled subscription
Learning Seat LMS supports SP and IDP initiated SSO
Adding Learning Seat LMS from the gallery

To configure the integration of Learning Seat LMS into Azure AD, you need to add Learning Seat LMS from the
To add Learning Seat LMS from the gallery, perform the following steps:
4. In the search box, type Learning Seat LMS, select Learning Seat LMS from result panel then click Add

In this section, you configure and test Azure AD single sign-on with Learning Seat LMS based on a test user called
Learning Seat LMS needs to be established.
To configure and test Azure AD single sign-on with Learning Seat LMS, you need to complete the following
building blocks:
2. Configure Learning Seat LMS Single Sign-On - to configure the Single Sign-On settings on application
side.
5. Create Learning Seat LMS test user - to have a counterpart of Britta Simon in Learning Seat LMS that is
To configure Azure AD single sign-on with Learning Seat LMS, perform the following steps:
1. In the Azure portal, on the Learning Seat LMS application integration page, select Single sign-on.
dialog.
https://<subdomain>.learningseatlms.com
https://<subdomain>.learningseatlms.com/Account/AssertionConsumerService
initiated mode:
https://<subdomain>.learningseatlms.com
NOTE
Learning Seat LMS Client support team to get these values. You can also refer to the patterns shown in the Basic
7. On the Set up Learning Seat LMS section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Learning Seat LMS Single Sign-On
To configure single sign-on on Learning Seat LMS side, you need to send the downloaded Federation
Metadata XML and appropriate copied URLs from Azure portal to Learning Seat LMS support team. They set

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Learning Seat LMS.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Learning Seat
LMS.
2. In the applications list, select Learning Seat LMS.

Create Learning Seat LMS test user
In this section, you create a user called Britta Simon in Learning Seat LMS. Work with Learning Seat LMS support
team to add the users in the Learning Seat LMS platform. Users must be created and activated before you use
single sign-on.
Test single sign-on
When you click the Learning Seat LMS tile in the Access Panel, you should be automatically signed in to the
Learning Seat LMS for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
Learningpool Act
In this tutorial, you learn how to integrate Learningpool Act with Azure Active Directory (Azure AD ). Integrating
Learningpool Act with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Learningpool Act.
You can enable your users to be automatically signed-in to Learningpool Act (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Learningpool Act, you need the following items:
Learningpool Act single sign-on enabled subscription
Learningpool Act supports SP initiated SSO
Adding Learningpool Act from the gallery

To configure the integration of Learningpool Act into Azure AD, you need to add Learningpool Act from the gallery
To add Learningpool Act from the gallery, perform the following steps:
4. In the search box, type Learningpool Act, select Learningpool Act from result panel then click Add

In this section, you configure and test Azure AD single sign-on with Learningpool Act based on a test user called
Learningpool Act needs to be established.
To configure and test Azure AD single sign-on with Learningpool Act, you need to complete the following building
blocks:
2. Configure Learningpool Act Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Learningpool Act test user - to have a counterpart of Britta Simon in Learningpool Act that is linked
To configure Azure AD single sign-on with Learningpool Act, perform the following steps:
1. In the Azure portal, on the Learningpool Act application integration page, select Single sign-on.
dialog.

https://parliament.preview.Learningpool.com/auth/shibboleth/index.php
https://<subdomain>.Learningpool.com/shibboleth
https://<subdomain>.preview.Learningpool.com/shibboleth
NOTE
The Identifier value is not real. Update this value with the actual Identifier. Contact Learningpool Act Client support
Azure portal.
5. Your Learningpool Act application expects the SAML assertions in a specific format, which requires you to
urn:oid:1.2.840.113556.1.4.221 user.userprincipalname
urn:oid:2.5.4.42 user.givenname
urn:oid:0.9.2342.19200300.100.1.3 user.mail
urn:oid:2.5.4.4 user.surname
f. Click Ok
g. Click Save.
8. On the Set up Learningpool Act section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Learningpool Act Single Sign-On
To configure single sign-on on Learningpool Act side, you need to send the downloaded Federation Metadata
XML and appropriate copied URLs from Azure portal to Learningpool Act support team. They set this setting to

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Learningpool Act.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Learningpool
Act.
2. In the applications list, select Learningpool Act.

Create Learningpool Act test user
To enable Azure AD users to log in to Learningpool Act, they must be provisioned into Learningpool Act.
There is no action item for you to configure user provisioning to Learningpool Act.
Users need to be created by your Learningpool Act support team.
NOTE
You can use any other Learningpool Act user account creation tools or APIs provided by Learningpool Act to provision Azure
AD user accounts.
Test single sign-on

When you click the Learningpool Act tile in the Access Panel, you should be automatically signed in to the
Learningpool Act for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
LearnUpon
In this tutorial, you learn how to integrate LearnUpon with Azure Active Directory (Azure AD ). Integrating
LearnUpon with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to LearnUpon.
You can enable your users to be automatically signed-in to LearnUpon (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with LearnUpon, you need the following items:
LearnUpon single sign-on enabled subscription
LearnUpon supports IDP initiated SSO
LearnUpon supports Just In Time user provisioning
Adding LearnUpon from the gallery

To configure the integration of LearnUpon into Azure AD, you need to add LearnUpon from the gallery to your list
To add LearnUpon from the gallery, perform the following steps:
4. In the search box, type LearnUpon, select LearnUpon from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with LearnUpon based on a test user called Britta
LearnUpon needs to be established.
To configure and test Azure AD single sign-on with LearnUpon, you need to complete the following building
blocks:
2. Configure LearnUpon Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create LearnUpon test user - to have a counterpart of Britta Simon in LearnUpon that is linked to the Azure
To configure Azure AD single sign-on with LearnUpon, perform the following steps:
1. In the Azure portal, on the LearnUpon application integration page, select Single sign-on.
dialog.

https://<companyname>.learnupon.com/saml/consumer
NOTE
The value is not real. Update the value with the actual Reply URL. Contact LearnUpon Client support team to get the
5. On the Set up Single Sign-On with SAML page, locate the THUMBPRINT - This will be added to your
LearnUpon SAML Settings.
6. On the Set up LearnUpon section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure LearnUpon Single Sign-On
1. Open another browser instance and sign in into LearnUpon with an administrator account.
2. Click the settings tab.
3. Click Single Sign On - SAML, and then click General Settings to configure SAML settings.
4. In the General Settings section, perform the following steps:

a. Select Enabled.
b. Select Version as 2.0.
c. Select Skip conditions as No.
d. In the SAML Token Post param name textbox, type the name of request post parameter to the SAML
consumer URL indicated above that contains the SAML Assertion to be verified and authenticated - for
example SAMLResponse.
e. In the Name Identifier Format textbox, type the value that indicates where in your SAML Assertion the
users identifier (Email address) resides - for example
f. In the Identify Provider Location textbox, type the value that indicates where the users are sent to if they
click on your uploaded icon from your Azure portal login screen.
g. In the Sign out URL textbox, paste the Logout URL value, which you have copied from the Azure portal.
h. Click Manage finger prints, and then upload the finger print of your downloaded certificate.
5. Click User Settings, and then perform the following steps:
a. In the First Name Identifier Format textbox, type the value that tells us where in your SAML Assertion
the users firstname resides - for example: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname .
b. In the Last Name Identifier Format textbox, type the value that tells us where in your SAML Assertion
the users lastname resides - for example: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname .

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to LearnUpon.
1. In the Azure portal, select Enterprise Applications, select All applications, then select LearnUpon.
2. In the applications list, select LearnUpon.

Create LearnUpon test user
In this section, a user called Britta Simon is created in LearnUpon. LearnUpon supports just-in-time user
exist in LearnUpon, a new one is created after authentication. If you need to create an user manually, you need to
contact LearnUpon support team.
Test single sign-on
When you click the LearnUpon tile in the Access Panel, you should be automatically signed in to the LearnUpon for
Lecorpio
In this tutorial, you learn how to integrate Lecorpio with Azure Active Directory (Azure AD ). Integrating Lecorpio
You can control in Azure AD who has access to Lecorpio.
You can enable your users to be automatically signed-in to Lecorpio (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Lecorpio, you need the following items:
Lecorpio single sign-on enabled subscription
Lecorpio supports SP initiated SSO
Adding Lecorpio from the gallery

To configure the integration of Lecorpio into Azure AD, you need to add Lecorpio from the gallery to your list of
managed SaaS apps.
To add Lecorpio from the gallery, perform the following steps:
4. In the search box, type Lecorpio, select Lecorpio from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Lecorpio based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Lecorpio
To configure and test Azure AD single sign-on with Lecorpio, you need to complete the following building blocks:
2. Configure Lecorpio Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Lecorpio test user - to have a counterpart of Britta Simon in Lecorpio that is linked to the Azure AD
To configure Azure AD single sign-on with Lecorpio, perform the following steps:
1. In the Azure portal, on the Lecorpio application integration page, select Single sign-on.
dialog.

https://<instance name>.lecorpio.com/<customer name>
https://<instance name>.lecorpio.com/<customer name>
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Lecorpio Client
6. On the Set up Lecorpio section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Lecorpio Single Sign-On
To configure single sign-on on Lecorpio side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to Lecorpio support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Lecorpio.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Lecorpio.
2. In the applications list, select Lecorpio.
Create Lecorpio test user
In this section, you create a user called Britta Simon in Lecorpio. Work with Lecorpio support team to add the users
in the Lecorpio platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Lecorpio tile in the Access Panel, you should be automatically signed in to the Lecorpio for
integration with Lesson.ly
In this tutorial, you'll learn how to integrate Lesson.ly with Azure Active Directory (Azure AD ). When you integrate
Lesson.ly with Azure AD, you can:
Control in Azure AD who has access to Lesson.ly.
Enable your users to be automatically signed-in to Lesson.ly with their Azure AD accounts.
Prerequisites
Lesson.ly single sign-on (SSO ) enabled subscription.
Lesson.ly supports SP initiated SSO
Lesson.ly supports Just In Time user provisioning
Adding Lesson.ly from the gallery

To configure the integration of Lesson.ly into Azure AD, you need to add Lesson.ly from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Lesson.ly in the search box.
6. Select Lesson.ly from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Lesson.ly

Configure and test Azure AD SSO with Lesson.ly using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Lesson.ly.
To configure and test Azure AD SSO with Lesson.ly, complete the following building blocks:
2. Configure Lesson.ly SSO - to configure the single sign-on settings on application side.
Create Lesson.ly test user - to have a counterpart of B.Simon in Lesson.ly that is linked to the Azure

1. In the Azure portal, on the Lesson.ly application integration page, find the Manage section and select
single sign-on.
edit the settings.
https://<companyname>.lessonly.com/signin
NOTE
When referencing a generic name that companyname needs to be replaced by an actual name.
https://<companyname>.lessonly.com/auth/saml/metadata
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Lessonly.com Client
5. Lesson.ly application expects the SAML assertions in a specific format, which requires you to add custom
default attributes.
6. In addition to above, Lesson.ly application expects few more attributes to be passed back in SAML response
requirements.
urn:oid:0.9.2342.19200300.100.1.3 user.mail
urn:oid:1.3.6.1.4.1.5923.1.1.1.10 user.objectid
8. On the Set up Lesson.ly section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Lesson.ly.
2. In the applications list, select Lesson.ly.
Configure Lesson.ly SSO

To configure single sign-on on Lesson.ly side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to Lesson.ly support team. They set this setting to have the SAML
Create Lesson.ly test user
The objective of this section is to create a user called B.Simon in Lessonly.com. Lessonly.com supports just-in-time
There is no action item for you in this section. A new user will be created during an attempt to access Lessonly.com
if it doesn't exist yet.
NOTE
If you need to create an user manually, you need to contact the Lessonly.com support team.
Test SSO
When you click the Lesson.ly tile in the Access Panel, you should be automatically signed in to the Lesson.ly for
Try Lesson.ly with Azure AD
Lifesize Cloud
In this tutorial, you learn how to integrate Lifesize Cloud with Azure Active Directory (Azure AD ). Integrating
Lifesize Cloud with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Lifesize Cloud.
You can enable your users to be automatically signed-in to Lifesize Cloud (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Lifesize Cloud, you need the following items:
Lifesize Cloud single sign-on enabled subscription
Lifesize Cloud supports SP initiated SSO
Lifesize Cloud supports Automated user provisioning
Adding Lifesize Cloud from the gallery

To configure the integration of Lifesize Cloud into Azure AD, you need to add Lifesize Cloud from the gallery to
To add Lifesize Cloud from the gallery, perform the following steps:
4. In the search box, type Lifesize Cloud, select Lifesize Cloud from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with Lifesize Cloud based on a test user called
Lifesize Cloud needs to be established.
To configure and test Azure AD single sign-on with Lifesize Cloud, you need to complete the following building
blocks:
2. Configure Lifesize Cloud Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Lifesize Cloud test user - to have a counterpart of Britta Simon in Lifesize Cloud that is linked to the
To configure Azure AD single sign-on with Lifesize Cloud, perform the following steps:
1. In the Azure portal, on the Lifesize Cloud application integration page, select Single sign-on.
dialog.

https://login.lifesizecloud.com/ls/?acs
b. In the Identifier text box, type a URL using the following pattern:
https://login.lifesizecloud.com/<companyname>
c. Click set additional URLs.

https://webapp.lifesizecloud.com/?ent=<identifier>
NOTE
These values are not real. Update these values with the actual Sign-on URL, Identifier and Relay State. Contact Lifesize
Cloud Client support team to get Sign-On URL, and Identifier values and you can get Relay State value from SSO
Configuration that is explained later in the tutorial. You can also refer to the patterns shown in the Basic SAML
6. On the Set up Lifesize Cloud section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Lifesize Cloud Single Sign-On
1. To get SSO configured for your application, login into the Lifesize Cloud application with Admin privileges.
2. In the top right corner click on your name and then click on the Advance Settings.
3. In the Advance Settings now click on the SSO Configuration link. It will open the SSO Configuration page
for your instance.
4. Now configure the following values in the SSO configuration UI.

a. In Identity Provider Issuer textbox, paste the value of Azure Ad Identifier which you have copied from
Azure portal.
b. In Login URL textbox, paste the value of Login URL which you have copied from Azure portal.
c. Open your base-64 encoded certificate in notepad downloaded from Azure portal, copy the content of it
d. In the SAML Attribute mappings for the First Name text box enter the value as
e. In the SAML Attribute mapping for the Last Name text box enter the value as
f. In the SAML Attribute mapping for the Email text box enter the value as
5. To check the configuration you can click on the Test button.
NOTE
For successful testing you need to complete the configuration wizard in Azure AD and also provide access to users or
groups who can perform the test.
6. Enable the SSO by checking on the Enable SSO button.

7. Now click on the Update button so that all the settings are saved. This will generate the RelayState value.
Copy the RelayState value, which is generated in the text box, paste it in the Relay State textbox under
Lifesize Cloud Domain and URLs section.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Lifesize Cloud.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Lifesize Cloud.
2. In the applications list, select Lifesize Cloud.
Create Lifesize Cloud test user
In this section, you create a user called Britta Simon in Lifesize Cloud. Lifesize cloud does support automatic user
provisioning. After successful authentication at Azure AD, the user will be automatically provisioned in the
application.
Test single sign-on
When you click the Lifesize Cloud tile in the Access Panel, you should get login page of Lifesize Cloud application.
Here you need to enter your username, and after that you will redirected to the application homepage.
Tutorial: Azure Active Directory integration with LINE
WORKS
In this tutorial, you learn how to integrate LINE WORKS with Azure Active Directory (Azure AD ). Integrating LINE
WORKS with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to LINE WORKS.
You can enable your users to be automatically signed-in to LINE WORKS (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with LINE WORKS, you need the following items:
LINE WORKS single sign-on enabled subscription
LINE WORKS supports SP initiated SSO
Adding LINE WORKS from the gallery

To configure the integration of LINE WORKS into Azure AD, you need to add LINE WORKS from the gallery to
To add LINE WORKS from the gallery, perform the following steps:
4. In the search box, type LINE WORKS, select LINE WORKS from result panel then click Add button to add
the application.

In this section, you configure and test Azure AD single sign-on with LINE WORKS based on a test user called
LINE WORKS needs to be established.
To configure and test Azure AD single sign-on with LINE WORKS, you need to complete the following building
blocks:
2. Configure LINE WORKS Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create LINE WORKS test user - to have a counterpart of Britta Simon in LINE WORKS that is linked to the
To configure Azure AD single sign-on with LINE WORKS, perform the following steps:
1. In the Azure portal, on the LINE WORKS application integration page, select Single sign-on.
dialog.

https://auth.worksmobile.com/d/login/<domain>/
b. In the Identifier (Entity ID ) text box, type a URL: worksmobile.com
on your computer.
6. On the Set up LINE WORKS section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure LINE WORKS Single Sign-On
To configure single sign-on on LINE WORKS side, please read the LINE WORKS SSO documents and configure a
LINE WORKS setting.
NOTE
You need to convert the downloaded Certificate file from .cert to .pem


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to LINE WORKS.
1. In the Azure portal, select Enterprise Applications, select All applications, then select LINE WORKS.
2. In the applications list, select LINE WORKS.
Create LINE WORKS test user
In this section, you create a user called Britta Simon in LINE WORKS. Access LINE WORKS admin page and add
the users in the LINE WORKS platform.
Test single sign-on
When you click the LINE WORKS tile in the Access Panel, you should be automatically signed in to the LINE
WORKS for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
integration with Learnster
In this tutorial, you'll learn how to integrate Learnster with Azure Active Directory (Azure AD ). When you integrate
Learnster with Azure AD, you can:
Control in Azure AD who has access to Learnster.
Enable your users to be automatically signed-in to Learnster with their Azure AD accounts.
Prerequisites
Learnster single sign-on (SSO ) enabled subscription.
Learnster supports SP initiated SSO
Adding Learnster from the gallery

To configure the integration of Learnster into Azure AD, you need to add Learnster from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Learnster in the search box.
6. Select Learnster from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Learnster

Configure and test Azure AD SSO with Learnster using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Learnster.
To configure and test Azure AD SSO with Learnster, complete the following building blocks:
2. Configure Learnster SSO - to configure the single sign-on settings on application side.
a. Create Learnster test user - to have a counterpart of B.Simon in Learnster that is linked to the Azure

Follow these steps to enable Azure AD SSO in the Azure portal:
1. In the Azure portal, on the Learnster application integration page, find the Manage section and select
single sign-on.
edit the settings.
https://<SUBDOMAIN>.learnster.com/auth/login/force
https://<SUBDOMAIN>.learnster.com/
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Learnster Client
computer.
6. On the Set up Learnster section, copy the appropriate URL (s) based on your requirement.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Learnster.
2. In the applications list, select Learnster.
Configure Learnster SSO

To configure single sign-on on Learnster side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to Learnster support team. They set this setting to have the SAML
Create Learnster test user
In this section, you create a user called B.Simon in Learnster. Work with Learnster support team to add the users in
the Learnster platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the Learnster tile in the Access Panel, you should be automatically signed in to the Learnster for
Try Learnster with Azure AD
LinkedIn Elevate
In this tutorial, you learn how to integrate LinkedIn Elevate with Azure Active Directory (Azure AD ). Integrating
LinkedIn Elevate with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to LinkedIn Elevate.
You can enable your users to be automatically signed-in to LinkedIn Elevate (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with LinkedIn Elevate, you need the following items:
LinkedIn Elevate single sign-on enabled subscription
LinkedIn Elevate supports SP and IDP initiated SSO
LinkedIn Elevate supports Just In Time user provisioning
LinkedIn Elevate supports Automated user provisioning
Adding LinkedIn Elevate from the gallery

To configure the integration of LinkedIn Elevate into Azure AD, you need to add LinkedIn Elevate from the gallery
To add LinkedIn Elevate from the gallery, perform the following steps:
4. In the search box, type LinkedIn Elevate, select LinkedIn Elevate from result panel then click Add button

In this section, you configure and test Azure AD single sign-on with LinkedIn Elevate based on a test user called
LinkedIn Elevate needs to be established.
To configure and test Azure AD single sign-on with LinkedIn Elevate, you need to complete the following building
blocks:
2. Configure LinkedIn Elevate Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create LinkedIn Elevate test user - to have a counterpart of Britta Simon in LinkedIn Elevate that is linked to
To configure Azure AD single sign-on with LinkedIn Elevate, perform the following steps:
1. In the Azure portal, on the LinkedIn Elevate application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, enter the Entity ID value, you will copy Entity ID value from the Linkedin Portal
explained later in this tutorial.
b. In the Reply URL text box, enter the Assertion Consumer Access (ACS ) Url value, you will copy
Assertion Consumer Access (ACS ) Url value from the Linkedin Portal explained later in this tutorial.
initiated mode:
https://www.linkedin.com/checkpoint/enterprise/login/<AccountId>?
application=elevate&applicationInstanceId=<InstanceId>
6. LinkedIn Elevate application expects the SAML assertions in a specific format, which requires you to add
the list of default attributes, where as nameidentifier is mapped with user.userprincipalname. LinkedIn
Elevate application expects nameidentifier to be mapped with user.mail, so you need to edit the attribute
7. In addition to above, LinkedIn Elevate application expects few more attributes to be passed back in SAML
department user.department
f. Click Ok
g. Click Save.
9. On the Set up LinkedIn Elevate section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure LinkedIn Elevate Single Sign-On
1. In a different web browser window, sign-on to your LinkedIn Elevate tenant as an administrator.
2. In Account Center, click Global Settings under Settings. Also, select Elevate - Elevate AAD Test from
the dropdown list.
3. Click on OR Click Here to load and copy individual fields from the form and perform the following
steps:
a. Copy Entity Id and paste it into the Identifier text box in the Basic SAML Configuration in the Azure
portal.
b. Copy Assertion Consumer Access (ACS ) Url and paste it into the Reply URL text box in the Basic
SAML Configuration in the Azure portal.
4. Go to LinkedIn Admin Settings section. Upload the XML file that you have downloaded from the Azure
portal by clicking on the Upload XML file option.
5. Click On to enable SSO. SSO status will change from Not Connected to Connected


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to LinkedIn Elevate.
1. In the Azure portal, select Enterprise Applications, select All applications, then select LinkedIn Elevate.
2. In the applications list, select LinkedIn Elevate.

Create LinkedIn Elevate test user
LinkedIn Elevate Application supports Just in time user provisioning and after authentication users will be created
in the application automatically. On the admin settings page on the LinkedIn Elevate portal flip the switch
Automatically Assign licenses to active Just in time provisioning and this will also assign a license to the user.
LinkedIn Elevate also supports automatic user provisioning, you can find more details here on how to configure
automatic user provisioning.
Test single sign-on
When you click the LinkedIn Elevate tile in the Access Panel, you should be automatically signed in to the LinkedIn
Elevate for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
integration with LinkedIn Learning
In this tutorial, you'll learn how to integrate LinkedIn Learning with Azure Active Directory (Azure AD ). When you
integrate LinkedIn Learning with Azure AD, you can:
Control in Azure AD who has access to LinkedIn Learning.
Enable your users to be automatically signed-in to LinkedIn Learning with their Azure AD accounts.
Prerequisites
LinkedIn Learning single sign-on (SSO ) enabled subscription.
LinkedIn Learning supports SP and IDP initiated SSO
LinkedIn Learning supports Just In Time user provisioning
Adding LinkedIn Learning from the gallery

To configure the integration of LinkedIn Learning into Azure AD, you need to add LinkedIn Learning from the
5. In the Add from the gallery section, type LinkedIn Learning in the search box.
6. Select LinkedIn Learning from results panel and then add the app. Wait a few seconds while the app is added
to your tenant.
Configure and test Azure AD single sign-on for LinkedIn Learning

Configure and test Azure AD SSO with LinkedIn Learning using a test user called B.Simon. For SSO to work, you
need to establish a link relationship between an Azure AD user and the related user in LinkedIn Learning.
To configure and test Azure AD SSO with LinkedIn Learning, complete the following building blocks:
2. Configure LinkedIn Learning SSO - to configure the single sign-on settings on application side.
a. Create LinkedIn Learning test user - to have a counterpart of B.Simon in LinkedIn Learning that is

1. In the Azure portal, on the LinkedIn Learning application integration page, find the Manage section and
edit the settings.
a. In the Identifier textbox, enter the Entity ID copied from LinkedIn Portal.
b. In the Reply URL textbox, enter the Assertion Consumer Service (ACS ) Url copied from LinkedIn
Portal.
c. If you wish to configure the application in SP Initiated mode then click Set additional URLs option in
the Basic SAML Configuration section where you will specify your sign-on URL. To create your login Url
copy the Assertion Consumer Service (ACS ) Url and replace /saml/ with /login/. Once that has been
done, the sign-on URL should have the following pattern:
https://www.linkedin.com/checkpoint/enterprise/login/<AccountId>?
application=learning&applicationInstanceId=<InstanceId>
NOTE
These values are not real value. You will update these values with the actual Identifier and Reply URL, which is
explained later in the Configure LinkedIn Learning SSO section of tutorial.
5. LinkedIn Learning application expects the SAML assertions in a specific format, which requires you to add
the list of default attributes, where as nameidentifier is mapped with user.userprincipalname. LinkedIn
Learning application expects nameidentifier to be mapped with user.mail, so you need to edit the attribute
computer.
7. On the Set up LinkedIn Learning section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to LinkedIn Learning.
2. In the applications list, select LinkedIn Learning.
Configure LinkedIn Learning SSO

1. In a different web browser window, sign-on to your LinkedIn Learning tenant as an administrator.
2. In Account Center, click Global Settings under Settings. Also, select Learning - Default from the
dropdown list.
3. Click OR Click Here to load and copy individual fields from the form and copy Entity Id and
Assertion Consumer Service (ACS ) Url and paste it in the Basic SAML Configuration section in Azure
portal.
4. Go to LinkedIn Admin Settings section. Upload the XML file you downloaded from the Azure portal by
clicking the Upload XML file option.
5. Click On to enable SSO. SSO status changes from Not Connected to Connected
Create LinkedIn Learning test user

LinkedIn Learning Application supports Just in time user provisioning and after authentication users are created in
the application automatically. On the admin settings page on the LinkedIn Learning portal flip the switch
Automatically Assign licenses to active Just in time provisioning and this will also assign a license to the user.
Test SSO
When you click the LinkedIn Learning tile in the Access Panel, you should be automatically signed in to the
LinkedIn Learning for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Try LinkedIn Learning with Azure AD
In this tutorial, you learn how to integrate LinkedIn Sales Navigator with Azure Active Directory (Azure AD ).
Integrating LinkedIn Sales Navigator with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to LinkedIn Sales Navigator.
You can enable your users to be automatically signed-in to LinkedIn Sales Navigator (Single Sign-On) with
you begin.
Prerequisites
To configure Azure AD integration with LinkedIn Sales Navigator, you need the following items:
LinkedIn Sales Navigator single sign-on enabled subscription
LinkedIn Sales Navigator supports SP and IDP initiated SSO
LinkedIn Sales Navigator supports Just In Time user provisioning
LinkedIn Sales Navigator supports Automated user provisioning
Adding LinkedIn Sales Navigator from the gallery

To configure the integration of LinkedIn Sales Navigator into Azure AD, you need to add LinkedIn Sales Navigator
To add LinkedIn Sales Navigator from the gallery, perform the following steps:
4. In the search box, type LinkedIn Sales Navigator, select LinkedIn Sales Navigator from result panel

In this section, you configure and test Azure AD single sign-on with LinkedIn Sales Navigator based on a test user
in LinkedIn Sales Navigator needs to be established.
To configure and test Azure AD single sign-on with LinkedIn Sales Navigator, you need to complete the following
building blocks:
2. Configure LinkedIn Sales Navigator Single Sign-On - to configure the Single Sign-On settings on
application side.
5. Create LinkedIn Sales Navigator test user - to have a counterpart of Britta Simon in LinkedIn Sales
Navigator that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with LinkedIn Sales Navigator, perform the following steps:
1. In the Azure portal, on the LinkedIn Sales Navigator application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, enter the Entity ID value, you will copy Entity ID value from the Linkedin Portal
explained later in this tutorial.
b. In the Reply URL text box, enter the Assertion Consumer Access (ACS ) Url value, you will copy
Assertion Consumer Access (ACS ) Url value from the Linkedin Portal explained later in this tutorial.
initiated mode:
https://www.linkedin.com/checkpoint/enterprise/login/<account id>?application=salesNavigator
6. LinkedIn Sales Navigator application expects the SAML assertions in a specific format, which requires you
LinkedIn Sales Navigator application expects nameidentifier to be mapped with user.mail, so you need to
edit the attribute mapping by clicking on Edit icon and change the attribute mapping.
7. In addition to above, LinkedIn Sales Navigator application expects few more attributes to be passed back in
email user.mail
department user.department
f. Click Ok
g. Click Save.
9. On the Set up LinkedIn Sales Navigator section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure LinkedIn Sales Navigator Single Sign-On
1. In a different web browser window, sign-on to your LinkedIn Sales Navigator website as an administrator.
2. In Account Center, click Global Settings under Settings. Also, select Sales Navigator from the
dropdown list.
3. Click on OR Click Here to load and copy individual fields from the form and perform the following
steps:
a. Copy Entity Id and paste it into the Identifier text box in the Basic SAML Configuration in the Azure
portal.
b. Copy Assertion Consumer Access (ACS ) Url and paste it into the Reply URL text box in the Basic
SAML Configuration in the Azure portal.
4. Go to LinkedIn Admin Settings section. Upload the XML file that you have downloaded from the Azure
portal by clicking on the Upload XML file option.
5. Click On to enable SSO. SSO status changes from Not Connected to Connected


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to LinkedIn Sales Navigator.
1. In the Azure portal, select Enterprise Applications, select All applications, then select LinkedIn Sales
Navigator.
2. In the applications list, select LinkedIn Sales Navigator.

Create LinkedIn Sales Navigator test user
Linked Sales Navigator Application supports Just in Time (JIT) user provisioning and after authentication users are
created in the application automatically. Activate Automatically assign licenses to assign a license to the user.
Test single sign-on
When you click the LinkedIn Sales Navigator tile in the Access Panel, you should be automatically signed in to the
LinkedIn Sales Navigator for which you set up SSO. For more information about the Access Panel, see
LiquidFiles
In this tutorial, you learn how to integrate LiquidFiles with Azure Active Directory (Azure AD ). Integrating
LiquidFiles with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to LiquidFiles.
You can enable your users to be automatically signed-in to LiquidFiles (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with LiquidFiles, you need the following items:
LiquidFiles single sign-on enabled subscription
LiquidFiles supports SP initiated SSO
Adding LiquidFiles from the gallery

To configure the integration of LiquidFiles into Azure AD, you need to add LiquidFiles from the gallery to your list
To add LiquidFiles from the gallery, perform the following steps:
4. In the search box, type LiquidFiles, select LiquidFiles from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with LiquidFiles based on a test user called Britta
LiquidFiles needs to be established.
To configure and test Azure AD single sign-on with LiquidFiles, you need to complete the following building blocks:
2. Configure LiquidFiles Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create LiquidFiles test user - to have a counterpart of Britta Simon in LiquidFiles that is linked to the Azure
To configure Azure AD single sign-on with LiquidFiles, perform the following steps:
1. In the Azure portal, on the LiquidFiles application integration page, select Single sign-on.
dialog.

https://<YOUR_SERVER_URL>/saml/init
b. In the Identifier (Entity ID ) text box, type a URL using the following pattern: https://<YOUR_SERVER_URL>
https://<YOUR_SERVER_URL>/saml/consume
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact LiquidFiles Client
7. On the Set up LiquidFiles section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure LiquidFiles Single Sign-On
1. Sign-on to your LiquidFiles company site as administrator.
2. Click Single Sign-On in the Admin > Configuration from the menu.
3. On the Single Sign-On Configuration page, perform the following steps
a. As Single Sign On Method, select SAML 2.

b. In the IDP Login URL textbox, paste the value of Login URL, which you have copied from Azure portal.
c. In the IDP Logout URL textbox, paste the value of Logout URL, which you have copied from Azure
portal.
d. In the IDP Cert Fingerprint textbox, paste the THUMBPRINT value which you have copied from Azure
portal..
e. In the Name Identifier Format textbox, type the value
f. In the Authn Context textbox, type the value
urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport .
g. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to LiquidFiles.
1. In the Azure portal, select Enterprise Applications, select All applications, then select LiquidFiles.
2. In the applications list, select LiquidFiles.
Create LiquidFiles test user
The objective of this section is to create a user called Britta Simon in LiquidFiles. Work with your LiquidFiles server
administrator to get yourself added as a user before logging in to your LiquidFiles application.
Test single sign-on
When you click the LiquidFiles tile in the Access Panel, you should be automatically signed in to the LiquidFiles for
integration with Litmos
In this tutorial, you'll learn how to integrate Litmos with Azure Active Directory (Azure AD ). When you integrate
Litmos with Azure AD, you can:
Control in Azure AD who has access to Litmos.
Enable your users to be automatically signed-in to Litmos with their Azure AD accounts.
Prerequisites
Litmos single sign-on (SSO ) enabled subscription.
Litmos supports IDP initiated SSO
Litmos supports Just In Time user provisioning
Adding Litmos from the gallery

To configure the integration of Litmos into Azure AD, you need to add Litmos from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Litmos in the search box.
6. Select Litmos from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Litmos

Configure and test Azure AD SSO with Litmos using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Litmos.
To configure and test Azure AD SSO with Litmos, complete the following building blocks:
2. Configure Litmos SSO - to configure the single sign-on settings on application side.
a. Create Litmos test user - to have a counterpart of B.Simon in Litmos that is linked to the Azure AD

1. In the Azure portal, on the Litmos application integration page, find the Manage section and select single
sign-on.
edit the settings.
https://<companyname>.litmos.com/account/Login
https://<companyname>.litmos.com/integration/samllogin
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL, which are explained later in
tutorial or contact Litmos Client support team to get these values. You can also refer to the patterns shown in the
6. On the Set up Litmos section, copy the appropriate URL (s) based on your requirement.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Litmos.
2. In the applications list, select Litmos.
Configure Litmos SSO

1. In a different browser window, sign-on to your Litmos company site as administrator.
2. In the navigation bar on the left side, click Accounts.
3. Click the Integrations tab.
4. On the Integrations tab, scroll down to 3rd Party Integrations, and then click SAML 2.0 tab.
5. Copy the value under The SAML endpoint for litmos is: and paste it into the Reply URL textbox in the
Litmos Domain and URLs section in Azure portal.
6. In your Litmos application, perform the following steps:

b. Open your base-64 encoded certificate in notepad, copy the content of it into your clipboard, and then
paste it to the SAML X.509 Certificate textbox.
c. Click Save Changes.
Create Litmos test user
The objective of this section is to create a user called Britta Simon in Litmos. The Litmos application supports Just-
in-Time provisioning. This means, a user account is automatically created if necessary during an attempt to access
the application using the Access Panel.
To create a user called Britta Simon in Litmos, perform the following steps:
1. In a different browser window, sign-on to your Litmos company site as administrator.
2. In the navigation bar on the left side, click Accounts.
3. Click the Integrations tab.
4. On the Integrations tab, scroll down to 3rd Party Integrations, and then click SAML 2.0 tab.
5. Select Autogenerate Users
Test SSO
When you click the Litmos tile in the Access Panel, you should be automatically signed in to the Litmos for which
Try Litmos with Azure AD
LockPath Keylight
In this tutorial, you learn how to integrate LockPath Keylight with Azure Active Directory (Azure AD ). Integrating
LockPath Keylight with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to LockPath Keylight.
You can enable your users to be automatically signed-in to LockPath Keylight (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with LockPath Keylight, you need the following items:
LockPath Keylight single sign-on enabled subscription
LockPath Keylight supports SP initiated SSO
LockPath Keylight supports Just In Time user provisioning
Adding LockPath Keylight from the gallery

To configure the integration of LockPath Keylight into Azure AD, you need to add LockPath Keylight from the
To add LockPath Keylight from the gallery, perform the following steps:
4. In the search box, type LockPath Keylight, select LockPath Keylight from result panel then click Add

In this section, you configure and test Azure AD single sign-on with LockPath Keylight based on a test user called
LockPath Keylight needs to be established.
To configure and test Azure AD single sign-on with LockPath Keylight, you need to complete the following building
blocks:
2. Configure LockPath Keylight Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create LockPath Keylight test user - to have a counterpart of Britta Simon in LockPath Keylight that is linked
To configure Azure AD single sign-on with LockPath Keylight, perform the following steps:
1. In the Azure portal, on the LockPath Keylight application integration page, select Single sign-on.
dialog.

https://<company name>.keylightgrc.com/
https://<company name>.keylightgrc.com
https://<company name>.keylightgrc.com/Login.aspx
NOTE
These values are not real. Update these values with the actual Sign on URL, Identifier and Reply URL. Contact
LockPath Keylight Client support team to get these values. You can also refer to the patterns shown in the Basic
on your computer.
6. On the Set up LockPath Keylight section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure LockPath Keylight Single Sign-On
1. To enable SSO in LockPath Keylight, perform the following steps:
a. Sign-on to your LockPath Keylight account as administrator.
b. In the menu on the top, click Person, and select Keylight Setup.
c. In the treeview on the left, click SAML.
d. On the SAML Settings dialog, click Edit.
2. On the Edit SAML Settings dialog page, perform the following steps:
a. Set SAML authentication to Active.
b. In the Identity Provider Login URL textbox, paste the Login URL value which you have copied from
the Azure portal.
c. In the Identity Provider Logout URL textbox, paste the Logout URL value which you have copied from
the Azure portal.
d. Click Choose File to select your downloaded LockPath Keylight certificate, and then click Open to upload
the certificate.
e. Set SAML User Id location to NameIdentifier element of the subject statement.
f. Provide the Keylight Service Provider using the following pattern:
https://<CompanyName>.keylightgrc.com .
g. Set Auto-provision users to Active.

h. Set Auto-provision account type to Full User.
i. Set Auto-provision security role, select Standard User with SAML.
j. Set Auto-provision security config, select Standard User Configuration.
k. In the Email attribute textbox, type http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress .
l. In the First name attribute textbox, type
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname .
m. In the Last name attribute textbox, type http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
.
n. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to LockPath Keylight.
1. In the Azure portal, select Enterprise Applications, select All applications, then select LockPath
Keylight.
2. In the applications list, select LockPath Keylight.
Create LockPath Keylight test user
In this section, a user called Britta Simon is created in LockPath Keylight. LockPath Keylight supports just-in-time
already exist in LockPath Keylight, a new one is created after authentication. If you need to create a user manually,
you need to contact the LockPath Keylight Client support team.
Test single sign-on
When you click the LockPath Keylight tile in the Access Panel, you should be automatically signed in to the
LockPath Keylight for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
LogicMonitor
In this tutorial, you learn how to integrate LogicMonitor with Azure Active Directory (Azure AD ). Integrating
LogicMonitor with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to LogicMonitor.
You can enable your users to be automatically signed-in to LogicMonitor (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with LogicMonitor, you need the following items:
LogicMonitor single sign-on enabled subscription
LogicMonitor supports SP initiated SSO
Adding LogicMonitor from the gallery

To configure the integration of LogicMonitor into Azure AD, you need to add LogicMonitor from the gallery to
To add LogicMonitor from the gallery, perform the following steps:
4. In the search box, type LogicMonitor, select LogicMonitor from result panel then click Add button to add
the application.

In this section, you configure and test Azure AD single sign-on with LogicMonitor based on a test user called
LogicMonitor needs to be established.
To configure and test Azure AD single sign-on with LogicMonitor, you need to complete the following building
blocks:
2. Configure LogicMonitor Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create LogicMonitor test user - to have a counterpart of Britta Simon in LogicMonitor that is linked to the
To configure Azure AD single sign-on with LogicMonitor, perform the following steps:
1. In the Azure portal, on the LogicMonitor application integration page, select Single sign-on.
dialog.

https://<companyname>.logicmonitor.com
https://<companyname>.logicmonitor.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact LogicMonitor Client
6. On the Set up LogicMonitor section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure LogicMonitor Single Sign-On
1. Log in to your LogicMonitor company site as an administrator.
3. In the navigation bat on the left side, click Single Sign On
4. In the Single Sign-on (SSO ) settings section, perform the following steps:
a. Select Enable Single Sign-on.
b. As Default Role Assignment, select readonly.
c. Open the downloaded metadata file in notepad, and then paste content of the file into the Identity
Provider Metadata textbox.
d. Click Save Changes.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to LogicMonitor.
1. In the Azure portal, select Enterprise Applications, select All applications, then select LogicMonitor.
2. In the applications list, select LogicMonitor.

Create LogicMonitor test user
For Azure AD users to be able to sign in, they must be provisioned to the LogicMonitor application using their
Azure Active Directory user names.
1. Log in to your LogicMonitor company site as an administrator.
2. In the menu on the top, click Settings, and then click Roles and Users.
3. Click Add.
4. In the Add an account section, perform the following steps:
a. Type the Username, Email, Password, and Retype password values of the Azure Active Directory user
you want to provision into the related textboxes.
b. Select Roles, View Permissions, and the Status.
c. Click Submit.
NOTE
You can use any other LogicMonitor user account creation tools or APIs provided by LogicMonitor to provision Azure Active
Test single sign-on

When you click the LogicMonitor tile in the Access Panel, you should be automatically signed in to the
LogicMonitor for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
LoginRadius
In this tutorial, you learn how to integrate LoginRadius with Azure Active Directory (Azure AD ). Integrating
LoginRadius with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to LoginRadius.
You can enable your users to be automatically signed-in to LoginRadius (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with LoginRadius, you need the following items:
LoginRadius single sign-on enabled subscription
LoginRadius supports SP initiated SSO
Adding LoginRadius from the gallery

To configure the integration of LoginRadius into Azure AD, you need to add LoginRadius from the gallery to your
To add LoginRadius from the gallery, perform the following steps:
4. In the search box, type LoginRadius, select LoginRadius from result panel then click Add button to add
the application.

In this section, you configure and test Azure AD single sign-on with LoginRadius based on a test user called Britta
LoginRadius needs to be established.
To configure and test Azure AD single sign-on with LoginRadius, you need to complete the following building
blocks:
2. Configure LoginRadius Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create LoginRadius test user - to have a counterpart of Britta Simon in LoginRadius that is linked to the
To configure Azure AD single sign-on with LoginRadius, perform the following steps:
1. In the Azure portal, on the LoginRadius application integration page, select Single sign-on.
dialog.

a. In the Sign on URL text box, type a URL: https://secure.loginradius.com/login
b. In the Identifier (Entity ID ) text box, type a URL: https://LoginRadius.hub.loginradius.com/
NOTE
Open the Sign-on URL page. Click on Single Sign-On tab and enter plugin name given by the LoginRadius support
team then click Sign in button and you will be redirected to the Azure AD page for login.
6. On the Set up LoginRadius section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure LoginRadius Single Sign-On
To configure single sign-on on LoginRadius side, you need to send the downloaded Metadata XML and
appropriate copied URLs from Azure portal to LoginRadius support team. They set this setting to have the SAML

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to LoginRadius.
1. In the Azure portal, select Enterprise Applications, select All applications, then select LoginRadius.
2. In the applications list, select LoginRadius.
Create LoginRadius test user
In this section, you create a user called Britta Simon in LoginRadius. Work with LoginRadius support team to add
the users in the LoginRadius platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the LoginRadius tile in the Access Panel, you should be automatically signed in to the LoginRadius
Lucidchart
In this tutorial, you learn how to integrate Lucidchart with Azure Active Directory (Azure AD ). Integrating
Lucidchart with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Lucidchart.
You can enable your users to be automatically signed-in to Lucidchart (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Lucidchart, you need the following items:
Lucidchart single sign-on enabled subscription
Lucidchart supports SP initiated SSO
Lucidchart supports Just In Time user provisioning
Adding Lucidchart from the gallery

To configure the integration of Lucidchart into Azure AD, you need to add Lucidchart from the gallery to your list
To add Lucidchart from the gallery, perform the following steps:
4. In the search box, type Lucidchart, select Lucidchart from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Lucidchart based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Lucidchart
To configure and test Azure AD single sign-on with Lucidchart, you need to complete the following building blocks:
2. Configure Lucidchart Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Lucidchart test user - to have a counterpart of Britta Simon in Lucidchart that is linked to the Azure
To configure Azure AD single sign-on with Lucidchart, perform the following steps:
1. In the Azure portal, on the Lucidchart application integration page, select Single sign-on.
dialog.

In the Sign-on URL text box, type a URL as: https://chart2.office.lucidchart.com/saml/sso/azure
6. On the Set up Lucidchart section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Lucidchart Single Sign-On
1. In a different web browser window, log into your Lucidchart company site as an administrator.
2. In the menu on the top, click Team.
3. Click Applications > Manage SAML.

4. On the SAML Authentication Settings dialog page, perform the following steps:
a. Select Enable SAML Authentication, and then click Optional.
b. In the Domain textbox, type your domain, and then click Change Certificate.
c. Open your downloaded metadata file, copy the content, and then paste it into the Upload Metadata
textbox.
d. Select Automatically Add new users to the team, and then click Save changes.


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Lucidchart.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Lucidchart.
2. In the applications list, select Lucidchart.
Create Lucidchart test user
There is no action item for you to configure user provisioning to Lucidchart. When an assigned user tries to log
into Lucidchart using the access panel, Lucidchart checks whether the user exists.
If there is no user account available yet, it is automatically created by Lucidchart.
Test single sign-on
When you click the Lucidchart tile in the Access Panel, you should be automatically signed in to the Lucidchart for
Lynda.com
In this tutorial, you learn how to integrate Lynda.com with Azure Active Directory (Azure AD ). Integrating
Lynda.com with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Lynda.com.
You can enable your users to be automatically signed-in to Lynda.com (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Lynda.com, you need the following items:
Lynda.com single sign-on enabled subscription
Lynda.com supports SP initiated SSO
Lynda.com supports Just In Time user provisioning
Adding Lynda.com from the gallery

To configure the integration of Lynda.com into Azure AD, you need to add Lynda.com from the gallery to your list
To add Lynda.com from the gallery, perform the following steps:
4. In the search box, type Lynda.com, select Lynda.com from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Lynda.com based on a test user called Britta
Lynda.com needs to be established.
To configure and test Azure AD single sign-on with Lynda.com, you need to complete the following building blocks:
2. Configure Lynda.com Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Lynda.com test user - to have a counterpart of Britta Simon in Lynda.com that is linked to the Azure
To configure Azure AD single sign-on with Lynda.com, perform the following steps:
1. In the Azure portal, on the Lynda.com application integration page, select Single sign-on.
dialog.

https://<subdomain>.lynda.com/Shibboleth.sso/InCommon?providerId=<url>&target=<url>
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact Lynda.com Client support team to get
6. On the Set up Lynda.com section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Lynda.com Single Sign-On
To configure single sign-on on Lynda.com side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to Lynda.com support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Lynda.com.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Lynda.com.
2. In the applications list, select Lynda.com.
Create Lynda.com test user
There is no action item for you to configure user provisioning to Lynda.com.
When an assigned user tries to log in to Lynda.com using the access panel, Lynda.com checks whether the user
exists.
If there is no user account available yet, it is automatically created by Lynda.com.
NOTE
You can use any other Lynda.com user account creation tools or APIs provided by Lynda.com to provision Azure AD user
accounts.
Test single sign-on

When you click the Lynda.com tile in the Access Panel, you should be automatically signed in to the Lynda.com for
Tutorial: Azure Active Directory integration with M-
Files
In this tutorial, you learn how to integrate M -Files with Azure Active Directory (Azure AD ). Integrating M -Files with
You can control in Azure AD who has access to M -Files.
You can enable your users to be automatically signed-in to M -Files (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with M -Files, you need the following items:
M -Files single sign-on enabled subscription
M -Files supports SP initiated SSO
Adding M-Files from the gallery

To configure the integration of M -Files into Azure AD, you need to add M -Files from the gallery to your list of
managed SaaS apps.
To add M -Files from the gallery, perform the following steps:
4. In the search box, type M -Files, select M -Files from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with M -Files based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in M -Files
To configure and test Azure AD single sign-on with M -Files, you need to complete the following building blocks:
2. Configure M -Files Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create M -Files test user - to have a counterpart of Britta Simon in M -Files that is linked to the Azure AD
To configure Azure AD single sign-on with M -Files, perform the following steps:
1. In the Azure portal, on the M -Files application integration page, select Single sign-on.
dialog.

https://<tenantname>.cloudvault.m-files.com/authentication/MFiles.AuthenticationProviders.Core/sso
https://<tenantname>.cloudvault.m-files.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact M-Files Client
6. On the Set up M -Files section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure M -Files Single Sign-On
1. To get SSO configured for your application, contact M -Files support team and provide them the
downloaded Metadata.
NOTE
Follow the next steps if you want to configure SSO for you M-File desktop application. No extra steps are required if
you only want to configure SSO for M-Files web version.
2. Follow the next steps to configure the M -File desktop application to enable SSO with Azure AD. To
download M -Files, go to M -Files download page.
3. Open the M -Files Desktop Settings window. Then, click Add.
4. On the Document Vault Connection Properties window, perform the following steps:
Under the Server section type, the values as follows:
a. For Name, type <tenant-name>.cloudvault.m-files.com .
b. For Port Number, type 4466.
c. For Protocol, select HTTPS.
d. In the Authentication field, select Specific Windows user. Then, you are prompted with a signing page.
Insert your Azure AD credentials.
e. For the Vault on Server, select the corresponding vault on server.
f. Click OK.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to M -Files.
1. In the Azure portal, select Enterprise Applications, select All applications, then select M -Files.
2. In the applications list, select M -Files.

Create M -Files test user
The objective of this section is to create a user called Britta Simon in M -Files. Work with M -Files support team to
add the users in the M -Files.
Test single sign-on
When you click the M -Files tile in the Access Panel, you should be automatically signed in to the M -Files for which
integration with Mail Luck!
In this tutorial, you'll learn how to integrate Mail Luck! with Azure Active Directory (Azure AD ). When you integrate
Mail Luck! with Azure AD, you can:
Control in Azure AD who has access to Mail Luck!.
Enable your users to be automatically signed-in to Mail Luck! with their Azure AD accounts.
Prerequisites
Mail Luck! single sign-on (SSO ) enabled subscription.
Mail Luck! supports SP initiated SSO
Adding Mail Luck! from the gallery

To configure the integration of Mail Luck! into Azure AD, you need to add Mail Luck! from the gallery to your list
5. In the Add from the gallery section, type Mail Luck! in the search box.
6. Select Mail Luck! from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Mail Luck!

Configure and test Azure AD SSO with Mail Luck! using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Mail Luck!.
To configure and test Azure AD SSO with Mail Luck!, complete the following building blocks:
2. Configure Mail Luck! SSO - to configure the single sign-on settings on application side.
Create Mail Luck! test user - to have a counterpart of B.Simon in Mail Luck! that is linked to the Azure

1. In the Azure portal, on the Mail Luck! application integration page, find the Manage section and select
single sign-on.
edit the settings.
https://manage<UNITID>.ml-sgw.jp/<TENANT_NAME>/saml/sign_in
https://manage<UNITID>.ml-sgw.jp/<TENANT_NAME>/saml/
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Mail Luck! Client

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Mail Luck!.
2. In the applications list, select Mail Luck!.
Configure Mail Luck! SSO

To configure single sign-on on Mail Luck! side, you need to send the App Federation Metadata Url to Mail
Luck! support team. They set this setting to have the SAML SSO connection set properly on both sides.
Create Mail Luck! test user
In this section, you create a user called B.Simon in Mail Luck!. Work with Mail Luck! support team to add the users
in the Mail Luck! platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the Mail Luck! tile in the Access Panel, you should be automatically signed in to the Mail Luck! for
Try Mail Luck! with Azure AD
Manabi Pocket
In this tutorial, you learn how to integrate Manabi Pocket with Azure Active Directory (Azure AD ). Integrating
Manabi Pocket with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Manabi Pocket.
You can enable your users to be automatically signed-in to Manabi Pocket (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Manabi Pocket, you need the following items:
Manabi Pocket single sign-on enabled subscription
Manabi Pocket supports SP initiated SSO
Adding Manabi Pocket from the gallery

To configure the integration of Manabi Pocket into Azure AD, you need to add Manabi Pocket from the gallery to
To add Manabi Pocket from the gallery, perform the following steps:
4. In the search box, type Manabi Pocket, select Manabi Pocket from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with Manabi Pocket based on a test user called
Manabi Pocket needs to be established.
To configure and test Azure AD single sign-on with Manabi Pocket, you need to complete the following building
blocks:
2. Configure Manabi Pocket Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Manabi Pocket test user - to have a counterpart of Britta Simon in Manabi Pocket that is linked to the
To configure Azure AD single sign-on with Manabi Pocket, perform the following steps:
1. In the Azure portal, on the Manabi Pocket application integration page, select Single sign-on.
dialog.

a. In the Sign on URL text box, type a URL: https://ed-cl.com/
https://<SERVER-NAME>.ed-cl.com/<TENANT-ID>/idp/provider
NOTE
The Identifier value is not real. Update this value with the actual Identifier. Contact Manabi Pocket Client support
Azure portal.
6. On the Set up Manabi Pocket section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Manabi Pocket Single Sign-On
To configure single sign-on on Manabi Pocket side, you need to send the downloaded Federation Metadata
XML and appropriate copied URLs from Azure portal to Manabi Pocket support team. They set this setting to have

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Manabi Pocket.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Manabi Pocket.
2. In the applications list, select Manabi Pocket.
Create Manabi Pocket test user
In this section, you create a user called Britta Simon in Manabi Pocket. Work with Manabi Pocket support team to
add the users in the Manabi Pocket platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Manabi Pocket tile in the Access Panel, you should be automatically signed in to the Manabi
Pocket for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Marketo
In this tutorial, you learn how to integrate Marketo with Azure Active Directory (Azure AD ). Integrating Marketo
You can control in Azure AD who has access to Marketo.
You can enable your users to be automatically signed-in to Marketo (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Marketo, you need the following items:
Marketo single sign-on enabled subscription
Marketo supports IDP initiated SSO
Adding Marketo from the gallery

To configure the integration of Marketo into Azure AD, you need to add Marketo from the gallery to your list of
managed SaaS apps.
To add Marketo from the gallery, perform the following steps:
4. In the search box, type Marketo, select Marketo from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Marketo based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Marketo
To configure and test Azure AD single sign-on with Marketo, you need to complete the following building blocks:
2. Configure Marketo Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Marketo test user - to have a counterpart of Britta Simon in Marketo that is linked to the Azure AD
To configure Azure AD single sign-on with Marketo, perform the following steps:
1. In the Azure portal, on the Marketo application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type a URL using the following pattern: https://saml.marketo.com/sp
https://login.marketo.com/saml/assertion/\<munchkinid\>
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact Marketo Client
6. On the Set up Marketo section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Marketo Single Sign-On
1. To get Munchkin Id of your application, log in to Marketo using admin credentials and perform following
actions:
a. Log in to Marketo app using admin credentials.
b. Click the Admin button on the top navigation pane.
c. Navigate to the Integration menu and click the Munchkin link.
d. Copy the Munchkin Id shown on the screen and complete your Reply URL in the Azure AD configuration
wizard.
2. To configure the SSO in the application, follow the below steps:

c. Navigate to the Integration menu and click Single Sign On.
d. To enable the SAML Settings, click Edit button.

e. Enabled Single Sign-On settings.
f. Paste the Azure AD Identifier, in the Issuer ID textbox.
g. In the Entity ID textbox, enter the URL as http://saml.marketo.com/sp .
h. Select the User ID Location as Name Identifier element.
NOTE
If your User Identifier is not UPN value then change the value in the Attribute tab.
i. Upload the certificate, which you have downloaded from Azure AD configuration wizard. Save the
settings.
j. Edit the Redirect Pages settings.
k. Paste the Login URL in the Login URL textbox.
l. Paste the Logout URL in the Logout URL textbox.
m. In the Error URL, copy your Marketo instance URL and click Save button to save settings.
3. To enable the SSO for users, complete the following actions:

c. Navigate to the Security menu and click Login Settings.
d. Check the Require SSO option and Save the settings.


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Marketo.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Marketo.
2. In the applications list, select Marketo.

Create Marketo test user
In this section, you create a user called Britta Simon in Marketo. follow these steps to create a user in Marketo
platform.
1. Log in to Marketo app using admin credentials.
2. Click the Admin button on the top navigation pane.
3. Navigate to the Security menu and click Users & Roles
4. Click the Invite New User link on the Users tab
5. In the Invite New User wizard fill the following information

a. Enter the user Email address in the textbox
b. Enter the First Name in the textbox

c. Enter the Last Name in the textbox
d. Click Next
6. In the Permissions tab, select the userRoles and click Next
7. Click the Send button to send the user invitation
8. User receives the email notification and has to click the link and change the password to activate the
account.
Test single sign-on
When you click the Marketo tile in the Access Panel, you should be automatically signed in to the Marketo for
MaxxPoint
In this tutorial, you learn how to integrate MaxxPoint with Azure Active Directory (Azure AD ). Integrating
MaxxPoint with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to MaxxPoint.
You can enable your users to be automatically signed-in to MaxxPoint (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with MaxxPoint, you need the following items:
MaxxPoint single sign-on enabled subscription
MaxxPoint supports SP and IDP initiated SSO
Adding MaxxPoint from the gallery

To configure the integration of MaxxPoint into Azure AD, you need to add MaxxPoint from the gallery to your list
To add MaxxPoint from the gallery, perform the following steps:
4. In the search box, type MaxxPoint, select MaxxPoint from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with MaxxPoint based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in MaxxPoint
To configure and test Azure AD single sign-on with MaxxPoint, you need to complete the following building blocks:
2. Configure MaxxPoint Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create MaxxPoint test user - to have a counterpart of Britta Simon in MaxxPoint that is linked to the Azure
To configure Azure AD single sign-on with MaxxPoint, perform the following steps:
1. In the Azure portal, on the MaxxPoint application integration page, select Single sign-on.
dialog.
initiated mode:
https://maxxpoint.westipc.com/default/sso/login/entity/<customer-id>-azure
NOTE
This is not the real value. Update the value with the actual Sign on URL. Call MaxxPoint team on 888-728-0950 to
get this value.
7. On the Set up MaxxPoint section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure MaxxPoint Single Sign-On
To get SSO configured for your application, call MaxxPoint support team on 888-728-0950 and they'll assist you
further on how to provide them the downloaded Federation Metadata XML file.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to MaxxPoint.
1. In the Azure portal, select Enterprise Applications, select All applications, then select MaxxPoint.
2. In the applications list, select MaxxPoint.
Create MaxxPoint test user
In this section, you create a user called Britta Simon in MaxxPoint. Please call MaxxPoint support team on 888-728-
0950 to add the users in the MaxxPoint application.
Test single sign-on
When you click the MaxxPoint tile in the Access Panel, you should be automatically signed in to the MaxxPoint for
MCM
In this tutorial, you learn how to integrate MCM with Azure Active Directory (Azure AD ). Integrating MCM with
You can control in Azure AD who has access to MCM.
You can enable your users to be automatically signed-in to MCM (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with MCM, you need the following items:
MCM single sign-on enabled subscription
MCM supports SP initiated SSO
Adding MCM from the gallery

To configure the integration of MCM into Azure AD, you need to add MCM from the gallery to your list of
managed SaaS apps.
To add MCM from the gallery, perform the following steps:
4. In the search box, type MCM, select MCM from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with MCM based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in MCM
To configure and test Azure AD single sign-on with MCM, you need to complete the following building blocks:
2. Configure MCM Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create MCM test user - to have a counterpart of Britta Simon in MCM that is linked to the Azure AD
To configure Azure AD single sign-on with MCM, perform the following steps:
1. In the Azure portal, on the MCM application integration page, select Single sign-on.
dialog.

https://myaba.co.uk/client-access/<companyname>/saml.php
https://myaba.co.uk/<companyname>
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact MCM Client
6. On the Set up MCM section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure MCM Single Sign-On
To configure single sign-on on MCM side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to MCM support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to MCM.
1. In the Azure portal, select Enterprise Applications, select All applications, then select MCM.
2. In the applications list, select MCM.
Create MCM test user
In this section, you create a user called Britta Simon in MCM. Work with MCM support team to add the users in
the MCM platform. Users must be created and activated before you use single sign-on.
NOTE
You can use any other MCM user account creation tools or APIs provided by MCM to provision Azure AD user accounts.
Test single sign-on

When you click the MCM tile in the Access Panel, you should be automatically signed in to the MCM for which you
Menlo Security
In this tutorial, you learn how to integrate Menlo Security with Azure Active Directory (Azure AD ). Integrating
Menlo Security with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Menlo Security.
You can enable your users to be automatically signed-in to Menlo Security (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Menlo Security, you need the following items:
Menlo Security single sign-on enabled subscription
Menlo Security supports SP initiated SSO
Adding Menlo Security from the gallery

To configure the integration of Menlo Security into Azure AD, you need to add Menlo Security from the gallery to
To add Menlo Security from the gallery, perform the following steps:
4. In the search box, type Menlo Security, select Menlo Security from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with Menlo Security based on a test user called
Menlo Security needs to be established.
To configure and test Azure AD single sign-on with Menlo Security, you need to complete the following building
blocks:
2. Configure Menlo Security Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Menlo Security test user - to have a counterpart of Britta Simon in Menlo Security that is linked to the
To configure Azure AD single sign-on with Menlo Security, perform the following steps:
1. In the Azure portal, on the Menlo Security application integration page, select Single sign-on.
dialog.

https://<subdomain>.menlosecurity.com/account/login
https://<subdomain>.menlosecurity.com/safeview-auth-server/saml/metadata
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Menlo Security
6. On the Set up Menlo Security section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Menlo Security Single Sign-On
1. To configure single sign-on on Menlo Security side, login to the Menlo Security website as an
administrator.
2. Under Settings go to Authentication and perform following actions:
a. Tick the checkbox Enable user authentication using SAML.

b. Select Allow External Access to Yes.
c. Under SAML Provider, select Azure Active Directory.
d. SAML 2.0 Endpoint : Paste the Login URL which you have copied from Azure portal.
e. Service Identifier (Issuer) : Paste the Azure AD Identifier which you have copied from Azure portal.
f. X.509 Certificate : Open the Certificate (Base64) downloaded from the Azure Portal in notepad and
paste it in this box.
g. Click Save to save the settings.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Menlo Security.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Menlo Security.
2. In the applications list, select Menlo Security.
Create Menlo Security test user
In this section, you create a user called Britta Simon in Menlo Security. Work with Menlo Security Client support
team to add the users in the Menlo Security platform. Users must be created and activated before you use single
sign-on.
Test single sign-on
When you click the Menlo Security tile in the Access Panel, you should be automatically signed in to the Menlo
Security for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Mercell
In this tutorial, you learn how to integrate Mercell with Azure Active Directory (Azure AD ). Integrating Mercell with
You can control in Azure AD who has access to Mercell.
You can enable your users to be automatically signed-in to Mercell (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Mercell, you need the following items:
Mercell single sign-on enabled subscription
Mercell supports IDP initiated SSO
Mercell supports Just In Time user provisioning
Adding Mercell from the gallery

To configure the integration of Mercell into Azure AD, you need to add Mercell from the gallery to your list of
managed SaaS apps.
To add Mercell from the gallery, perform the following steps:
4. In the search box, type Mercell, select Mercell from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Mercell based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Mercell
To configure and test Azure AD single sign-on with Mercell, you need to complete the following building blocks:
2. Configure Mercell Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Mercell test user - to have a counterpart of Britta Simon in Mercell that is linked to the Azure AD
To configure Azure AD single sign-on with Mercell, perform the following steps:
1. In the Azure portal, on the Mercell application integration page, select Single sign-on.
dialog.

In the Identifier text box, type a URL: https://my.mercell.com/
Configure Mercell Single Sign-On

To configure single sign-on on Mercell side, you need to send the App Federation Metadata Url to Mercell

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Mercell.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Mercell.
2. In the applications list, select Mercell.

Create Mercell test user
In this section, a user called Britta Simon is created in Mercell. Mercell supports just-in-time user provisioning,
which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Mercell,
NOTE
If you need to create a user manually, contact Mercell support team.
Test single sign-on
When you click the Mercell tile in the Access Panel, you should be automatically signed in to the Mercell for which
Mercer BenefitsCentral (MBC)
In this tutorial, you learn how to integrate Mercer BenefitsCentral (MBC ) with Azure Active Directory (Azure AD ).
Integrating Mercer BenefitsCentral (MBC ) with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Mercer BenefitsCentral (MBC ).
You can enable your users to be automatically signed-in to Mercer BenefitsCentral (MBC ) (Single Sign-On) with
you begin.
Prerequisites
To configure Azure AD integration with Mercer BenefitsCentral (MBC ), you need the following items:
Mercer BenefitsCentral (MBC ) single sign-on enabled subscription
Mercer BenefitsCentral (MBC ) supports IDP initiated SSO
Adding Mercer BenefitsCentral (MBC) from the gallery

To configure the integration of Mercer BenefitsCentral (MBC ) into Azure AD, you need to add Mercer
BenefitsCentral (MBC ) from the gallery to your list of managed SaaS apps.
To add Mercer BenefitsCentral (MBC ) from the gallery, perform the following steps:
4. In the search box, type Mercer BenefitsCentral (MBC ), select Mercer BenefitsCentral (MBC ) from

In this section, you configure and test Azure AD single sign-on with Mercer BenefitsCentral (MBC ) based on a test
user in Mercer BenefitsCentral (MBC ) needs to be established.
To configure and test Azure AD single sign-on with Mercer BenefitsCentral (MBC ), you need to complete the
2. Configure Mercer BenefitsCentral (MBC ) Single Sign-On - to configure the Single Sign-On settings on
application side.
5. Create Mercer BenefitsCentral (MBC ) test user - to have a counterpart of Britta Simon in Mercer
BenefitsCentral (MBC ) that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with Mercer BenefitsCentral (MBC ), perform the following steps:
1. In the Azure portal, on the Mercer BenefitsCentral (MBC ) application integration page, select Single
sign-on.
dialog.
a. In the Identifier text box, type a URL: stg.mercerhrs.com/saml2.0
https://ssous-stg.mercerhrs.com/SP2/Saml2AssertionConsumer.aspx
NOTE
The Reply URL value is not real. Update this value with the actual Reply URL. Contact Mercer BenefitsCentral (MBC)
Client support team to get this value. You can also refer to the patterns shown in the Basic SAML Configuration
6. On the Set up Mercer BenefitsCentral (MBC ) section, copy the appropriate URL (s) as per your
requirement.
a. Login URL
c. Logout URL
Configure Mercer BenefitsCentral (MBC ) Single Sign-On
To configure single sign-on on Mercer BenefitsCentral (MBC ) side, you need to send the downloaded
Federation Metadata XML and appropriate copied URLs from Azure portal to Mercer BenefitsCentral (MBC )

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Mercer BenefitsCentral
(MBC ).
1. In the Azure portal, select Enterprise Applications, select All applications, then select Mercer
BenefitsCentral (MBC ).
2. In the applications list, select Mercer BenefitsCentral (MBC ).
Create Mercer BenefitsCentral (MBC ) test user
In this section, you create a user called Britta Simon in Mercer BenefitsCentral (MBC ). Work with Mercer
BenefitsCentral (MBC ) support team to add the users in the Mercer BenefitsCentral (MBC ) platform. Users must
be created and activated before you use single sign-on.
Test single sign-on
When you click the Mercer BenefitsCentral (MBC ) tile in the Access Panel, you should be automatically signed in to
the Mercer BenefitsCentral (MBC ) for which you set up SSO. For more information about the Access Panel, see
Merchlogix
In this tutorial, you learn how to integrate Merchlogix with Azure Active Directory (Azure AD ). Integrating
Merchlogix with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Merchlogix.
You can enable your users to be automatically signed-in to Merchlogix (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Merchlogix, you need the following items:
Merchlogix single sign-on enabled subscription
Merchlogix supports SP initiated SSO
Adding Merchlogix from the gallery

To configure the integration of Merchlogix into Azure AD, you need to add Merchlogix from the gallery to your list
To add Merchlogix from the gallery, perform the following steps:
4. In the search box, type Merchlogix, select Merchlogix from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Merchlogix based on a test user called Britta
Merchlogix needs to be established.
To configure and test Azure AD single sign-on with Merchlogix, you need to complete the following building
blocks:
2. Configure Merchlogix Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Merchlogix test user - to have a counterpart of Britta Simon in Merchlogix that is linked to the Azure
To configure Azure AD single sign-on with Merchlogix, perform the following steps:
1. In the Azure portal, on the Merchlogix application integration page, select Single sign-on.
dialog.

https://<DOMAIN>/login.php?saml=true
https://<DOMAIN>/simplesaml/module.php/saml/sp/metadata.php/<SAML_NAME>
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Merchlogix Client
6. On the Set up Merchlogix section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Merchlogix Single Sign-On
To configure single sign-on on Merchlogix side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to Merchlogix support team. They set this setting to have the SAML

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Merchlogix.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Merchlogix.
2. In the applications list, select Merchlogix.
Create Merchlogix test user
In this section, you create a user called Britta Simon in Merchlogix. Work with Merchlogix support team to add the
users in the Merchlogix platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Merchlogix tile in the Access Panel, you should be automatically signed in to the Merchlogix for
Meta4 Global HR
In this tutorial, you learn how to integrate Meta4 Global HR with Azure Active Directory (Azure AD ). Integrating
Meta4 Global HR with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Meta4 Global HR.
You can enable your users to be automatically signed-in to Meta4 Global HR (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Meta4 Global HR, you need the following items:
Meta4 Global HR single sign-on enabled subscription
Meta4 Global HR supports SP and IDP initiated SSO
Adding Meta4 Global HR from the gallery

To configure the integration of Meta4 Global HR into Azure AD, you need to add Meta4 Global HR from the
To add Meta4 Global HR from the gallery, perform the following steps:
4. In the search box, type Meta4 Global HR, select Meta4 Global HR from the result panel then click the

In this section, you configure and test Azure AD single sign-on with Meta4 Global HR based on a test user called
Meta4 Global HR needs to be established.
To configure and test Azure AD single sign-on with Meta4 Global HR, you need to complete the following building
blocks:
2. Configure Meta4 Global HR Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Meta4 Global HR test user - to have a counterpart of Britta Simon in Meta4 Global HR that is linked
To configure Azure AD single sign-on with Meta4 Global HR, perform the following steps:
1. In the Azure portal, on the Meta4 Global HR application integration page, select Single sign-on.
3. On the Set up Single Sign-On with SAML page, click the Edit icon to open the Basic SAML
Configuration dialog.
https://<SUBDOMAIN>.meta4globalhr.com/saml.sso/SAML2/POST
initiated mode:
https://<SUBDOMAIN>.meta4globalhr.com
NOTE
These values are not real. Update these values with the actual Reply URL and Sign-On URL. Contact Meta4 Global HR
7. On the Set up Meta4 Global HR section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Meta4 Global HR Single Sign-On
To configure single sign-on on Meta4 Global HR side, you need to send the downloaded Federation Metadata
XML and appropriate copied URLs from Azure portal to Meta4 Global HR support team. They set this setting to

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Meta4 Global HR.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Meta4 Global HR.
2. In the applications list, select Meta4 Global HR.
Create Meta4 Global HR test user
In this section, you create a user called Britta Simon in Meta4 Global HR. Work with Meta4 Global HR support
team to add the users in the Meta4 Global HR platform. Users must be created and activated before you use single
sign-on.
Test single sign-on
When you click the Meta4 Global HR tile in the Access Panel, you should be automatically signed in to the Meta4
Global HR for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Tutorial: Azure Active Directory integration with Meta
Networks Connector
In this tutorial, you learn how to integrate Meta Networks Connector with Azure Active Directory (Azure AD ). Integrating
Meta Networks Connector with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Meta Networks Connector.
You can enable your users to be automatically signed-in to Meta Networks Connector (Single Sign-On) with their Azure
AD accounts.
Prerequisites
To configure Azure AD integration with Meta Networks Connector, you need the following items:
Meta Networks Connector single sign-on enabled subscription
Meta Networks Connector supports SP and IDP initiated SSO
Meta Networks Connector supports Just In Time user provisioning
Adding Meta Networks Connector from the gallery

To configure the integration of Meta Networks Connector into Azure AD, you need to add Meta Networks Connector from
To add Meta Networks Connector from the gallery, perform the following steps:
4. In the search box, type Meta Networks Connector, select Meta Networks Connector from result panel then click

In this section, you configure and test Azure AD single sign-on with Meta Networks Connector based on a test user called
Britta Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Meta
Networks Connector needs to be established.
To configure and test Azure AD single sign-on with Meta Networks Connector, you need to complete the following building
blocks:
2. Configure Meta Networks Connector Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Meta Networks Connector test user - to have a counterpart of Britta Simon in Meta Networks Connector that
To configure Azure AD single sign-on with Meta Networks Connector, perform the following steps:
1. In the Azure portal, on the Meta Networks Connector application integration page, select Single sign-on.
4. On the Basic SAML Configuration section, If you wish to configure the application in IDP initiated mode, perform
the following steps:
https://login.nsof.io/v1/<ORGANIZATION-SHORT-NAME>/saml/metadata
https://login.nsof.io/v1/<ORGANIZATION-SHORT-NAME>/sso/saml
mode:
https://<ORGANIZATION-SHORT-NAME>.metanetworks.com/login
b. In the Relay State textbox, type a URL using the following pattern:
https://<ORGANIZATION-SHORT-NAME>.metanetworks.com/#/
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL, and Sign-On URL are explained later in the
tutorial.
6. Meta Networks Connector application expects the SAML assertions in a specific format, which requires you to add
custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of
7. In addition to above, Meta Networks Connector application expects few more attributes to be passed back in SAML
response. In the User Claims section on the User Attributes dialog, perform the following steps to add SAML token
emailaddress user.mail http://schemas.xmlsoap.org/ws/2005/05/identity/claims
name user.userprincipalname http://schemas.xmlsoap.org/ws/2005/05/identity/claims
phone user.telephonenumber
f. Click Ok
g. Click Save.
8. On the Set up Single Sign-On with SAML page, in the SAML Signing Certificate section, click Download to
download the Certificate (Base64) from the given options as per your requirement and save it on your computer.
9. On the Set up Meta Networks Connector section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Meta Networks Connector Single Sign-On
1. Open a new tab in your browser and log in to your Meta Networks Connector administrator account.
NOTE
Meta Networks Connector is a secure system. So before accessing their portal you need to get your public IP address added to
an allow list on their side. To get your public IP address,follow the below link specified here. Send your IP address to the Meta
Networks Connector Client support team to get your IP address added to an allow list.
2. Go to Administrator and select Settings.
3. Make sure Log Internet Traffic and Force VPN MFA are set to off.
4. Go to Administrator and select SAML.

5. Perform the following steps on the DETAILS page:
a. Copy SSO URL value and paste it into the Sign-In URL textbox in the Meta Networks Connector Domain and
URLs section.
b. Copy Recipient URL value and paste it into the Reply URL textbox in the Meta Networks Connector Domain
and URLs section.
c. Copy Audience URI (SP Entity ID ) value and paste it into the Identifier (Entity ID ) textbox in the Meta
Networks Connector Domain and URLs section.
d. Enable the SAML
6. On the GENERAL tab. perform the following steps:
a. In the Identity Provider Single Sign-On URL, paste the Login URL value which you have copied from the Azure
portal.
b. In the Identity Provider Issuer, paste the Azure AD Identifier value which you have copied from the Azure
portal.
c. Open the downloaded certificate from Azure portal in notepad, paste it into the X.509 Certificate textbox.
d. Enable the Just-in-Time Provisioning.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Meta Networks Connector.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Meta Networks Connector.
2. In the applications list, select Meta Networks Connector.

screen.
Create Meta Networks Connector test user
In this section, a user called Britta Simon is created in Meta Networks Connector. Meta Networks Connector supports just-
in-time provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't already exist
in Meta Networks Connector, a new one is created when you attempt to access Meta Networks Connector.
NOTE
If you need to create a user manually, contact Meta Networks Connector Client support team.
Test single sign-on

When you click the Meta Networks Connector tile in the Access Panel, you should be automatically signed in to the Meta
Networks Connector for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Mimecast Admin Console
In this tutorial, you learn how to integrate Mimecast Admin Console with Azure Active Directory (Azure AD ).
Integrating Mimecast Admin Console with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Mimecast Admin Console.
You can enable your users to be automatically signed-in to Mimecast Admin Console (Single Sign-On) with
you begin.
Prerequisites
To configure Azure AD integration with Mimecast Admin Console, you need the following items:
Mimecast Admin Console single sign-on enabled subscription
Mimecast Admin Console supports SP initiated SSO
Adding Mimecast Admin Console from the gallery

To configure the integration of Mimecast Admin Console into Azure AD, you need to add Mimecast Admin
Console from the gallery to your list of managed SaaS apps.
To add Mimecast Admin Console from the gallery, perform the following steps:
4. In the search box, type Mimecast Admin Console, select Mimecast Admin Console from result panel

In this section, you configure and test Azure AD single sign-on with Mimecast Admin Console based on a test user
in Mimecast Admin Console needs to be established.
To configure and test Azure AD single sign-on with Mimecast Admin Console, you need to complete the following
building blocks:
2. Configure Mimecast Admin Console Single Sign-On - to configure the Single Sign-On settings on
application side.
5. Create Mimecast Admin Console test user - to have a counterpart of Britta Simon in Mimecast Admin
Console that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with Mimecast Admin Console, perform the following steps:
1. In the Azure portal, on the Mimecast Admin Console application integration page, select Single sign-on.
dialog.

In the Sign-on URL textbox, type the URL:
https://webmail-uk.mimecast.com
https://webmail-us.mimecast.com
NOTE
The sign on URL is region specific.
6. On the Set up Mimecast Admin Console section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Mimecast Admin Console Single Sign-On
1. In a different web browser window, log into your Mimecast Admin Console as an administrator.
2. Go to Services > Application.
3. Click Authentication Profiles.
4. Click New Authentication Profile.
5. In the Authentication Profile section, perform the following steps:

a. In the Description textbox, type a name for your configuration.
b. Select Enforce SAML Authentication for Mimecast Admin Console.
c. As Provider, select Azure Active Directory.
d. Paste Azure Ad Identifier, which you have copied from the Azure portal into the Issuer URL textbox.
e. Paste Login URL, which you have copied from the Azure portal into the Login URL textbox.
f. Paste Login URL, which you have copied from the Azure portal into the Logout URL textbox.
NOTE
The Login URL value and the Logout URL value are for the Mimecast Admin Console the same.
g. Open your base-64 certificate downloaded from Azure portal in notepad, remove the first line (“ --“) and
the last line (“--“), copy the remaining content of it into your clipboard, and then paste it to the Identity
Provider Certificate (Metadata) textbox.
h. Select Allow Single Sign On.
i. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Mimecast Admin
Console.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Mimecast Admin
Console.
2. In the applications list, type and select Mimecast Admin Console.

Create Mimecast Admin Console test user
In order to enable Azure AD users to log into Mimecast Admin Console, they must be provisioned into Mimecast
Admin Console. In the case of Mimecast Admin Console, provisioning is a manual task.
You need to register a domain before you can create users.
1. Sign on to your Mimecast Admin Console as administrator.
2. Go to Directories > Internal.
3. Click Register New Domain.
4. After your new domain has been created, click New Address.
5. In the new address dialog, perform the following steps:
a. Type the Email Address, Global Name, Password, and Confirm Password attributes of a valid Azure
AD account you want to provision into the related textboxes.
b. Click Save.
NOTE
You can use any other Mimecast Admin Console user account creation tools or APIs provided by Mimecast Admin Console to
Test single sign-on

When you click the Mimecast Admin Console tile in the Access Panel, you should be automatically signed in to the
Mimecast Admin Console for which you set up SSO. For more information about the Access Panel, see
Mimecast Personal Portal
In this tutorial, you learn how to integrate Mimecast Personal Portal with Azure Active Directory (Azure AD ).
Integrating Mimecast Personal Portal with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Mimecast Personal Portal.
You can enable your users to be automatically signed-in to Mimecast Personal Portal (Single Sign-On) with
you begin.
Prerequisites
To configure Azure AD integration with Mimecast Personal Portal, you need the following items:
Mimecast Personal Portal single sign-on enabled subscription
Mimecast Personal Portal supports SP initiated SSO
Adding Mimecast Personal Portal from the gallery

To configure the integration of Mimecast Personal Portal into Azure AD, you need to add Mimecast Personal Portal
To add Mimecast Personal Portal from the gallery, perform the following steps:
4. In the search box, type Mimecast Personal Portal, select Mimecast Personal Portal from result panel

In this section, you configure and test Azure AD single sign-on with Mimecast Personal Portal based on a test user
in Mimecast Personal Portal needs to be established.
To configure and test Azure AD single sign-on with Mimecast Personal Portal, you need to complete the following
building blocks:
2. Configure Mimecast Personal Portal Single Sign-On - to configure the Single Sign-On settings on
application side.
5. Create Mimecast Personal Portal test user - to have a counterpart of Britta Simon in Mimecast Personal
Portal that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with Mimecast Personal Portal, perform the following steps:
1. In the Azure portal, on the Mimecast Personal Portal application integration page, select Single sign-on.
dialog.

a. In the Sign-on URL textbox, type a URL:
REGION VALUE
Europe https://eu-api.mimecast.com/login/saml
United States https://us-api.mimecast.com/login/saml
South Africa https://za-api.mimecast.com/login/saml
Australia https://au-api.mimecast.com/login/saml
Offshore https://jer-api.mimecast.com/login/saml
REGION VALUE
Europe https://eu-api.mimecast.com/sso/<accountcode>
United States https://us-api.mimecast.com/sso/<accountcode>
South Africa https://za-api.mimecast.com/sso/<accountcode>
Australia https://au-api.mimecast.com/sso/<accountcode>
Offshore https://jer-api.mimecast.com/sso/<accountcode>
c. In the Reply URL textbox, type a URL:
REGION VALUE
Europe https://eu-api.mimecast.com/login/saml
REGION VALUE
United States https://us-api.mimecast.com/login/saml
South Africa https://za-api.mimecast.com/login/saml
Australia https://au-api.mimecast.com/login/saml
Offshore https://jer-api.mimecast.com/login/saml
NOTE
The Identifier value is not real. Update the value with the actual Identifier. Contact Mimecast Personal Portal Client
the Azure portal.
6. On the Set up Mimecast Personal Portal section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Mimecast Personal Portal Single Sign-On
1. In a different web browser window, log into your Mimecast Personal Portal as an administrator.
2. Go to Services > Applications.
3. Click Authentication Profiles.
4. Click New Authentication Profile.
5. In the Authentication Profile section, perform the following steps:
a. In the Description textbox, type a name for your configuration.

b. Select Enforce SAML Authentication for Mimecast Personal Portal.
c. As Provider, select Azure Active Directory.
d. In Issuer URL textbox, paste the value of Azure Ad Identifier, which you have copied from Azure portal.
e. In Login URL textbox, paste the value of Login URL, which you have copied from Azure portal.
f. In Logout URL textbox, paste the value of Logout URL, which you have copied from Azure portal.
g. Open your base-64 encoded certificate in notepad downloaded from Azure portal, copy the content of it
into your clipboard, and then paste it to the Identity Provider Certificate (Metadata) textbox.
h. Select Allow Single Sign On.
i. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Mimecast Personal
Portal.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Mimecast
Personal Portal.
2. In the applications list, type and select Mimecast Personal Portal.

Create Mimecast Personal Portal test user
In order to enable Azure AD users to log into Mimecast Personal Portal, they must be provisioned into Mimecast
Personal Portal. In the case of Mimecast Personal Portal, provisioning is a manual task.
You need to register a domain before you can create users.
1. Sign on to your Mimecast Personal Portal as administrator.
2. Go to Directories > Internal.
3. Click Register New Domain.
4. After your new domain has been created, click New Address.
5. In the new address dialog, perform the following steps of a valid Azure AD account you want to provision:
a. In the Email Address textbox, type Email Address of the user as BrittaSimon@contoso.com.
b. In the Global Name textbox, type the username as BrittaSimon.
c. In the Password, and Confirm Password textboxes, type the Password of the user.
b. Click Save.
NOTE
You can use any other Mimecast Personal Portal user account creation tools or APIs provided by Mimecast Personal Portal to
Test single sign-on

When you click the Mimecast Personal Portal tile in the Access Panel, you should be automatically signed in to the
Mimecast Personal Portal for which you set up SSO. For more information about the Access Panel, see
Mindflash
In this tutorial, you learn how to integrate Mindflash with Azure Active Directory (Azure AD ). Integrating Mindflash
You can control in Azure AD who has access to Mindflash.
You can enable your users to be automatically signed-in to Mindflash (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Mindflash, you need the following items:
Mindflash single sign-on enabled subscription
Mindflash supports SP initiated SSO
Adding Mindflash from the gallery

To configure the integration of Mindflash into Azure AD, you need to add Mindflash from the gallery to your list of
managed SaaS apps.
To add Mindflash from the gallery, perform the following steps:
4. In the search box, type Mindflash, select Mindflash from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Mindflash based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Mindflash
To configure and test Azure AD single sign-on with Mindflash, you need to complete the following building blocks:
2. Configure Mindflash Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Mindflash test user - to have a counterpart of Britta Simon in Mindflash that is linked to the Azure AD
To configure Azure AD single sign-on with Mindflash, perform the following steps:
1. In the Azure portal, on the Mindflash application integration page, select Single sign-on.
dialog.

https://<companyname>.mindflash.com
https://<companyname>.mindflash.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Mindflash Client
6. On the Set up Mindflash section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Mindflash Single Sign-On
To configure single sign-on on Mindflash side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to Mindflash support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Mindflash.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Mindflash.
2. In the applications list, select Mindflash.
Create Mindflash test user
In order to enable Azure AD users to log into Mindflash, they must be provisioned into Mindflash. In the case of
Mindflash, provisioning is a manual task.
1. Log in to your Mindflash company site as an administrator.
2. Go to Manage Users.
3. Click the Add Users, and then click New.

4. In the Add New Users section, perform the following steps of a valid Azure AD account you want to
provision:
a. In the First name textbox, type First name of the user as Britta.
b. In the Last name textbox, type Last name of the user as Simon.
c. In the Email textbox, type Email Address of the user as BrittaSimon@contoso.com.
b. Click Add.
NOTE
You can use any other Mindflash user account creation tools or APIs provided by Mindflash to provision Azure AD user
accounts.
Test single sign-on

When you click the Mindflash tile in the Access Panel, you should be automatically signed in to the Mindflash for
MindTickle
In this tutorial, you learn how to integrate MindTickle with Azure Active Directory (Azure AD ). Integrating
MindTickle with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to MindTickle.
You can enable your users to be automatically signed-in to MindTickle (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with MindTickle, you need the following items:
MindTickle single sign-on enabled subscription
MindTickle supports SP initiated SSO
MindTickle supports Just In Time user provisioning
Adding MindTickle from the gallery

To configure the integration of MindTickle into Azure AD, you need to add MindTickle from the gallery to your list
To add MindTickle from the gallery, perform the following steps:
4. In the search box, type MindTickle, select MindTickle from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with MindTickle based on a test user called Britta
MindTickle needs to be established.
To configure and test Azure AD single sign-on with MindTickle, you need to complete the following building
blocks:
2. Configure MindTickle Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create MindTickle test user - to have a counterpart of Britta Simon in MindTickle that is linked to the Azure
To configure Azure AD single sign-on with MindTickle, perform the following steps:
1. In the Azure portal, on the MindTickle application integration page, select Single sign-on.
dialog.
following steps:
c. After the metadata file is successfully uploaded, the Identifier value gets auto populated in Basic SAML
Configuration section:
In the Sign-on URL text box, type a URL using the following pattern: https://<subdomain>.mindtickle.com
NOTE
If the Identifier value does not get auto polulated, then please fill in the value manually according to your
requirement. The Sign-on URL value is not real. Update the value with the actual Sign-on URL. Contact MindTickle
support team to get this value.
6. On the Set up MindTickle section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure MindTickle Single Sign-On
To configure single sign-on on MindTickle side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to MindTickle support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to MindTickle.
1. In the Azure portal, select Enterprise Applications, select All applications, then select MindTickle.
2. In the applications list, select MindTickle.

Create MindTickle test user
In this section, a user called Britta Simon is created in MindTickle. MindTickle supports just-in-time user
exist in MindTickle, a new one is created after authentication.
Test single sign-on
When you click the MindTickle tile in the Access Panel, you should be automatically signed in to the MindTickle for
integration with mindWireless
In this tutorial, you'll learn how to integrate mindWireless with Azure Active Directory (Azure AD ). When you
integrate mindWireless with Azure AD, you can:
Control in Azure AD who has access to mindWireless.
Enable your users to be automatically signed-in to mindWireless with their Azure AD accounts.
Prerequisites
mindWireless single sign-on (SSO ) enabled subscription.
mindWireless supports IDP initiated SSO
Adding mindWireless from the gallery

To configure the integration of mindWireless into Azure AD, you need to add mindWireless from the gallery to
5. In the Add from the gallery section, type mindWireless in the search box.
6. Select mindWireless from results panel and then add the app. Wait a few seconds while the app is added to
your tenant.
Configure and test Azure AD single sign-on for mindWireless

Configure and test Azure AD SSO with mindWireless using a test user called B.Simon. For SSO to work, you
need to establish a link relationship between an Azure AD user and the related user in mindWireless.
To configure and test Azure AD SSO with mindWireless, complete the following building blocks:
2. Configure mindWireless SSO - to configure the single sign-on settings on application side.
Create mindWireless test user - to have a counterpart of B.Simon in mindWireless that is linked to the

1. In the Azure portal, on the mindWireless application integration page, find the Manage section and select
single sign-on.
edit the settings.
a. In the Identifier text box, type a URL using the following pattern: https://<subdomain>.mwsmart.com/
https://<subdomain>.mwsmart.com/SAML/AssertionConsumerService.aspx
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact mindWireless Client
5. mindWireless application expects the SAML assertions in a specific format, which requires you to add
6. In addition to above, mindWireless application expects few more attributes to be passed back in SAML
your requirements.
Employee ID user.employeeid
http://schemas.xmlsoap.org/ws/2005/05/identity/claims
NOTE
The claim name always be Employee ID and the value of which we have mapped to user.employeeid, which
contains the EmployeeID of the user. Here the user mapping from Azure AD to mindWireless is done on the
EmployeeID but you can map it to a different value also based on your application settings. You can work with the
mindWireless support team first to use the correct identifier of a user and map that value with the Employee ID
claim.
8. On the Set up mindWireless section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to mindWireless.
2. In the applications list, select mindWireless.
Configure mindWireless SSO

To configure single sign-on on mindWireless side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to mindWireless support team. They set this setting to have the SAML
Create mindWireless test user
In this section, you create a user called B.Simon in mindWireless. Work with mindWireless support team to add the
users in the mindWireless platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the mindWireless tile in the Access Panel, you should be automatically signed in to the
mindWireless for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Try mindWireless with Azure AD
Tutorial: Integrate Miro with Azure Active Directory
In this tutorial, you'll learn how to integrate Miro with Azure Active Directory (Azure AD ). When you integrate Miro
Control in Azure AD who has access to Miro.
Enable your users to be automatically signed-in to Miro with their Azure AD accounts.
Prerequisites
Miro single sign-on (SSO ) enabled subscription.
In this tutorial, you configure and test Azure AD SSO in a test environment. Miro supports SP and IDP initiated
SSO and supports Just In Time user provisioning.
Adding Miro from the gallery

To configure the integration of Miro into Azure AD, you need to add Miro from the gallery to your list of managed
SaaS apps.
5. In the Add from the gallery section, type Miro in the search box.
6. Select Miro from results panel and then add the app. Wait a few seconds while the app is added to your tenant.

Configure and test Azure AD SSO with Miro using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Miro.
To configure and test Azure AD SSO with Miro, complete the following building blocks:
2. Configure Miro to configure the SSO settings on application side.
5. Create Miro test user to have a counterpart of B.Simon in Miro that is linked to the Azure AD representation
of user.
1. In the Azure portal, on the Miro application integration page, find the Manage section and select Single
sign-on.
In the Identifier text box, type a URL: https://miro.com
initiated mode:
In the Sign-on URL text box, type a URL: https://miro.com/sso/saml
computer.
7. On the Set up Miro section, copy the appropriate URL (s) based on your requirement.
Configure Miro
To configure single sign-on on Miro side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to Miro support team. They set this setting to have the SAML SSO
connection set properly on both sides
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Miro.
2. In the applications list, select Miro.
Create Miro test user
In this section, a user called B.Simon is created in Miro. Miro supports just-in-time provisioning, which can be
enabled as per requirement. There is no action item for you in this section. If a user doesn't already exist in Miro, a
new one is created when you attempt to access Miro.
Test SSO
When you select the Miro tile in the Access Panel, you should be automatically signed in to the Miro for which you
Tutorial: Azure Active Directory integration with Mitel
MiCloud Connect
In this tutorial, you'll learn how to integrate Mitel MiCloud Connect with Azure Active Directory (Azure AD ).
Integrating MiCloud Connect with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to MiCloud Connect apps using their enterprise credentials.
You can enable users on your account to be automatically signed-in to MiCloud Connect (Single Sign-On) with
you begin.
Prerequisites
To configure Azure AD integration with MiCloud Connect, you need the following items:
If you don't have an Azure AD environment, you can get a free account
A Mitel MiCloud Connect account
In this tutorial, you'll configure and test Azure AD single sign-on (SSO ).
Mitel Connect supports SP initiated SSO
Adding Mitel Connect from the gallery

To configure the integration of Mitel Connect into Azure AD, you need to add Mitel Connect from the gallery to
your list of managed SaaS apps in the Azure portal.
To add Mitel Connect from the gallery, do the following steps:
1. In the Azure portal, on the left navigation panel, click Azure Active Directory.
2. Click Enterprise Applications and then click All Applications.

3. Click New application.
4. Type Mitel Connect in the search field, click Mitel Connect from results panel, and then click Add.

In this section, you'll configure and test Azure AD single sign-on with MiCloud Connect based on a test user
named Britta Simon. For single sign-on to work, a link relationship between an Azure AD user and the related
user in MiCloud Connect needs to be established.
To configure and test Azure AD single sign-on with MiCloud Connect, you need to complete the following steps:
1. Configure MiCloud Connect for SSO with Azure AD - to enable your users to use this feature and to
configure the SSO settings on the application side.
4. Create a Mitel MiCloud Connect test user - to have a counterpart of Britta Simon on your MiCloud Connect
account that is linked to the Azure AD representation of the user.
Configure MiCloud Connect for SSO with Azure AD
In this section, you'll enable Azure AD single sign-on for MiCloud Connect in the Azure portal and configure your
MiCloud Connect account to allow SSO using Azure AD.
To configure MiCloud Connect with SSO for Azure AD, it is easiest to open the Azure portal and the Mitel Account
portal side by side. You'll need to copy some information from the Azure portal to the Mitel Account portal and
some from the Mitel Account portal to the Azure portal.
1. To open the configuration page in the Azure portal, do the following:
a. On the Mitel Connect application integration page, click Single sign-on.
b. In the Select a Single sign-on method dialog, click SAML.
The SAML -based sign-on page is displayed.

2. To open the configuration dialog in the Mitel Account portal, do the following:
a. On the Phone System menu, click Add-On Features.
b. To the right of Single Sign-On, click Activate or Settings.
The Connect Single Sign-On Settings dialog box appears.
3. Select the Enable Single Sign-On check box.
4. In the Azure portal, click the Edit icon in the Basic SAML Configuration section.
The Basic SAML Configuration dialog box appears.
5. Copy the URL from the Mitel Identifier (Entity ID ) field in the Mitel Account portal and paste it into the
Identifier (Entity ID ) field in the Azure portal.
6. Copy the URL from the Reply URL (Assertion Consumer Service URL ) field in the Mitel Account portal
and paste it into the Reply URL (Assertion Consumer Service URL ) field in the Azure portal.
7. In the Sign on URL text box, type one of the following URLs:
https://portal.shoretelsky.com - to use the Mitel Account portal as your default Mitel application
https://teamwork.shoretel.com - to use Teamwork as your default Mitel application
NOTE: The default Mitel application is the application accessed when a user clicks on the Mitel Connect tile
in the Access Panel. This is also the application accessed when doing a test setup from Azure AD.
8. Click Save in the Basic SAML Configuration dialog box in the Azure portal.
9. In the SAML Signing Certificate section on the SAML -based sign-on page in the Azure portal, click
Download next to Certificate (Base64) to download the Signing Certificate and save it to your
computer.
10. Open the Signing Certificate file in a text editor, copy all data in the file, and then paste the data in the
Signing Certificate field in the Mitel Account portal.
11. In the Setup Mitel Connect section on the SAML -based sign-on page of the Azure portal, do the
following:
a. Copy the URL from the Login URL field and paste it into the Sign-in URL field in the Mitel Account
portal.
b. Copy the URL from the Azure AD Identifier field and paste it into the Entity ID field in the Mitel
Account portal.
12. Click Save on the Connect Single Sign-On Settings dialog box in the Mitel Account portal.
1. In the Azure portal, in the left pane, click Azure Active Directory, click Users, and then click All users.
2. Click New user at the top of the screen.
3. In the User properties dialog, do the following steps:
a. In the Name field, type BrittaSimon.

b. In the User name field, type brittasimon@<yourcompanydomain>.<extension>.
For example, BrittaSimon@contoso.com.
c. Select the Show password check box, and then write down the value that is displayed in the Password
box.
d. Click Create.
In this section, you'll enable Britta Simon to use Azure single sign-on by granting access to Mitel Connect.
1. In the Azure portal, click Enterprise Applications, and then click All applications.
2. In the applications list, click Mitel Connect.
4. Click Add user, then click Users and groups in the Add Assignment dialog.
5. In the Users and groups dialog, select Britta Simon in the Users list, then click Select at the bottom of the
screen.
6. If you are expecting any role value in the SAML assertion, select the appropriate role for the user from the
list in the Select Role dialog, and then click Select at the bottom of the screen.
7. In the Add Assignment dialog, click Assign.
Create a Mitel MiCloud Connect test user
In this section, you create a user named Britta Simon on your MiCloud Connect account. Users must be created
and activated before using single sign-on.
For details about adding users in the Mitel Account portal, see the Adding a User article in the Mitel Knowledge
Base.
Create a user on your MiCloud Connect account with the following details:
Name: Britta Simon
Business Email Address: brittasimon@<yourcompanydomain>.<extension>
(Example: brittasimon@contoso.com)
Username: brittasimon@<yourcompanydomain>.<extension>
(Example: brittasimon@contoso.com; the user’s username is typically the same as the user’s business email
address)
NOTE: The user’s MiCloud Connect username must be identical to the user’s email address in Azure.
Test single sign-on
In this section, you'll test your Azure AD single sign-on configuration using the Access Panel.
When you click the Mitel Connect tile in the Access Panel, you should be automatically redirected to sign in to the
MiCloud Connect application you configured as your default in the Sign on URL field. For more information
about the Access Panel, see Introduction to the Access Panel.
Mixpanel
In this tutorial, you learn how to integrate Mixpanel with Azure Active Directory (Azure AD ). Integrating Mixpanel
You can control in Azure AD who has access to Mixpanel.
You can enable your users to be automatically signed-in to Mixpanel (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Mixpanel, you need the following items:
Mixpanel single sign-on enabled subscription
Mixpanel supports SP initiated SSO
Adding Mixpanel from the gallery

To configure the integration of Mixpanel into Azure AD, you need to add Mixpanel from the gallery to your list of
managed SaaS apps.
To add Mixpanel from the gallery, perform the following steps:
4. In the search box, type Mixpanel, select Mixpanel from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Mixpanel based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Mixpanel
To configure and test Azure AD single sign-on with Mixpanel, you need to complete the following building blocks:
2. Configure Mixpanel Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Mixpanel test user - to have a counterpart of Britta Simon in Mixpanel that is linked to the Azure AD
To configure Azure AD single sign-on with Mixpanel, perform the following steps:
1. In the Azure portal, on the Mixpanel application integration page, select Single sign-on.
dialog.

In the Sign-on URL text box, type a URL using the following pattern: https://mixpanel.com/login/
NOTE
Please register at https://mixpanel.com/register/ to set up your login credentials and contact the Mixpanel support
team to enable SSO settings for your tenant. You can also get your Sign On URL value if necessary from your
Mixpanel support team.
6. On the Set up Mixpanel section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Mixpanel Single Sign-On
1. In a different browser window, sign-on to your Mixpanel application as an administrator.
2. On bottom of the page, click the little gear icon in the left corner.
3. Click the Access security tab, and then click Change settings.
4. On the Change your certificate dialog page, click Choose file to upload your downloaded certificate, and
then click NEXT.
5. In the authentication URL textbox on the Change your authentication URL dialog page, paste the value
of Login URL which you have copied from Azure portal, and then click NEXT.
6. Click Done.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Mixpanel.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Mixpanel.
2. In the applications list, select Mixpanel.

Create Mixpanel test user
The objective of this section is to create a user called Britta Simon in Mixpanel.
1. Sign on to your Mixpanel company site as an administrator.
2. On the bottom of the page, click the little gear button on the left corner to open the Settings window.
3. Click the Team tab.
4. In the team member textbox, type Britta's email address in the Azure.
5. Click Invite.
NOTE
The user will get an email to set up the profile.
Test single sign-on

When you click the Mixpanel tile in the Access Panel, you should be automatically signed in to the Mixpanel for
MOBI
In this tutorial, you learn how to integrate MOBI with Azure Active Directory (Azure AD ). Integrating MOBI with
You can control in Azure AD who has access to MOBI.
You can enable your users to be automatically signed-in to MOBI (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with MOBI, you need the following items:
MOBI single sign-on enabled subscription
MOBI supports SP and IDP initiated SSO
Adding MOBI from the gallery

To configure the integration of MOBI into Azure AD, you need to add MOBI from the gallery to your list of
managed SaaS apps.
To add MOBI from the gallery, perform the following steps:
4. In the search box, type MOBI, select MOBI from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with MOBI based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in MOBI
To configure and test Azure AD single sign-on with MOBI, you need to complete the following building blocks:
2. Configure MOBI Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create MOBI test user - to have a counterpart of Britta Simon in MOBI that is linked to the Azure AD
To configure Azure AD single sign-on with MOBI, perform the following steps:
1. In the Azure portal, on the MOBI application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type a URL using the following pattern: https://<subdomain>.thefutureis.mobi
https://<subdomain>.thefutureis.mobi/saml_consume
initiated mode:
https://<subdomain>.thefutureis.mobi/login
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact MOBI
7. On the Set up MOBI section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure MOBI Single Sign-On
To configure single sign-on on MOBI side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to MOBI support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to MOBI.
1. In the Azure portal, select Enterprise Applications, select All applications, then select MOBI.
2. In the applications list, select MOBI.

Create MOBI test user
In this section, you create a user called Britta Simon in MOBI. Work with MOBI support team to add the users in
the MOBI platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the MOBI tile in the Access Panel, you should be automatically signed in to the MOBI for which
MobiControl
In this tutorial, you learn how to integrate MobiControl with Azure Active Directory (Azure AD ). Integrating
MobiControl with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to MobiControl.
You can enable your users to be automatically signed-in to MobiControl (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with MobiControl, you need the following items:
MobiControl single sign-on enabled subscription
MobiControl supports SP initiated SSO
Adding MobiControl from the gallery

To configure the integration of MobiControl into Azure AD, you need to add MobiControl from the gallery to your
To add MobiControl from the gallery, perform the following steps:
4. In the search box, type MobiControl, select MobiControl from result panel then click Add button to add
the application.

In this section, you configure and test Azure AD single sign-on with MobiControl based on a test user called Britta
MobiControl needs to be established.
To configure and test Azure AD single sign-on with MobiControl, you need to complete the following building
blocks:
2. Configure MobiControl Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create MobiControl test user - to have a counterpart of Britta Simon in MobiControl that is linked to the
To configure Azure AD single sign-on with MobiControl, perform the following steps:
1. In the Azure portal, on the MobiControl application integration page, select Single sign-on.
dialog.

https://<SUBDOMAIN>.corp.soti.net/mobicontrol
https://<SUBDOMAIN>.mobicontrolcloud.com/mobicontrol
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact MobiControl Client
Configure MobiControl Single Sign-On

To configure single sign-on on MobiControl side, you need to send the App Federation Metadata Url to
MobiControl support team. They set this setting to have the SAML SSO connection set properly on both sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to MobiControl.
1. In the Azure portal, select Enterprise Applications, select All applications, then select MobiControl.
2. In the applications list, select MobiControl.
Create MobiControl test user
In this section, you create a user called Britta Simon in MobiControl. Work with MobiControl support team to add
the users in the MobiControl platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the MobiControl tile in the Access Panel, you should be automatically signed in to the MobiControl
Mobile Xpense
In this tutorial, you learn how to integrate Mobile Xpense with Azure Active Directory (Azure AD ). Integrating
Mobile Xpense with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Mobile Xpense.
You can enable your users to be automatically signed-in to Mobile Xpense (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Mobile Xpense, you need the following items:
Mobile Xpense single sign-on enabled subscription
Mobile Xpense supports SP and IDP initiated SSO
Adding Mobile Xpense from the gallery

To configure the integration of Mobile Xpense into Azure AD, you need to add Mobile Xpense from the gallery to
To add Mobile Xpense from the gallery, perform the following steps:
4. In the search box, type Mobile Xpense, select Mobile Xpense from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with Mobile Xpense based on a test user called
Mobile Xpense needs to be established.
To configure and test Azure AD single sign-on with Mobile Xpense, you need to complete the following building
blocks:
2. Configure Mobile Xpense Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Mobile Xpense test user - to have a counterpart of Britta Simon in Mobile Xpense that is linked to the
To configure Azure AD single sign-on with Mobile Xpense, perform the following steps:
1. In the Azure portal, on the Mobile Xpense application integration page, select Single sign-on.
dialog.
https://mobilexpense.com/ServiceProvider
https://<sub-domain>.mobilexpense.com/NET/SSO/SAML20/SAML/AssertionConsumerService.aspx
initiated mode:
https://<sub-domain>.mobilexpense.com/<customername>
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact Mobile
Xpense Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
7. On the Set up Mobile Xpense section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Mobile Xpense Single Sign-On
To configure single sign-on on Mobile Xpense side, you need to send the downloaded Federation Metadata
XML and appropriate copied URLs from Azure portal to Mobile Xpense support team. They set this setting to have

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Mobile Xpense.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Mobile Xpense.
2. In the applications list, select Mobile Xpense.

Create Mobile Xpense test user
In this section, you create a user called Britta Simon in Mobile Xpense. Work with Mobile Xpense support team to
add the users in the Mobile Xpense platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Mobile Xpense tile in the Access Panel, you should be automatically signed in to the Mobile
Xpense for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
MobileIron
In this tutorial, you learn how to integrate MobileIron with Azure Active Directory (Azure AD ). Integrating
MobileIron with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to MobileIron.
You can enable your users to be automatically signed-in to MobileIron (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with MobileIron, you need the following items:
MobileIron single sign-on enabled subscription
MobileIron supports SP and IDP initiated SSO
Adding MobileIron from the gallery

To configure the integration of MobileIron into Azure AD, you need to add MobileIron from the gallery to your list
To add MobileIron from the gallery, perform the following steps:
4. In the search box, type MobileIron, select MobileIron from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with MobileIron based on a test user called Britta
MobileIron needs to be established.
To configure and test Azure AD single sign-on with MobileIron, you need to complete the following building
blocks:
2. Configure MobileIron Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create MobileIron test user - to have a counterpart of Britta Simon in MobileIron that is linked to the Azure
To configure Azure AD single sign-on with MobileIron, perform the following steps:
1. In the Azure portal, on the MobileIron application integration page, select Single sign-on.
dialog.
4. On the Basic SAML Configuration section, perform the following steps if you wish to configure the
application in IDP initiated mode:
a. In the Identifier text box, type a URL using the following pattern: https://www.mobileiron.com/<key>
https://<host>.mobileiron.com/saml/SSO/alias/<key>
initiated mode:
https://<host>.mobileiron.com/user/login.html
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL, and Sign-On URL. You will get the
values of key and host from the administrative portal of MobileIron which is explained later in the tutorial.
Configure MobileIron Single Sign-On

1. In a different web browser window, log in to your MobileIron company site as an administrator.
2. Go to Admin > Identity and select AAD option in the Info on Cloud IDP Setup field.
3. Copy the values of Key and Host and paste them to complete the URLs in the Basic SAML Configuration
section in Azure portal.
4. In the Export metadata file from AAD and import to MobileIron Cloud Field click Choose File to
upload the downloaded metadata from Azure portal. Click Done once uploaded.


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to MobileIron.
1. In the Azure portal, select Enterprise Applications, select All applications, then select MobileIron.
2. In the applications list, type and select MobileIron.
Create MobileIron test user
To enable Azure AD users to log in to MobileIron, they must be provisioned into MobileIron.
In the case of MobileIron, provisioning is a manual task.
1. Log in to your MobileIron company site as an administrator.
2. Go to Users and Click on Add > Single User.
3. On the “Single User” dialog page, perform the following steps:
a. In E -mail Address text box, enter the email of user like brittasimon@contoso.com.
c. In Last Name text box, enter the last name of user like Simon.
d. Click Done.
Test single sign-on
When you click the MobileIron tile in the Access Panel, you should be automatically signed in to the MobileIron for
moconavi
In this tutorial, you learn how to integrate moconavi with Azure Active Directory (Azure AD ). Integrating moconavi
You can control in Azure AD who has access to moconavi.
You can enable your users to be automatically signed-in to moconavi (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with moconavi, you need the following items:
moconavi single sign-on enabled subscription
moconavi supports SP initiated SSO
Adding moconavi from the gallery

To configure the integration of moconavi into Azure AD, you need to add moconavi from the gallery to your list of
managed SaaS apps.
To add moconavi from the gallery, perform the following steps:
4. In the search box, type moconavi, select moconavi from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with moconavi based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in moconavi
To configure and test Azure AD single sign-on with moconavi, you need to complete the following building blocks:
2. Configure moconavi Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create moconavi test user - to have a counterpart of Britta Simon in moconavi that is linked to the Azure AD
To configure Azure AD single sign-on with moconavi, perform the following steps:
1. In the Azure portal, on the moconavi application integration page, select Single sign-on.
dialog.

https://<yourserverurl>/moconavi-saml2/saml/login
b. In the Identifier box, type a URL using the following pattern: https://<yourserverurl>/moconavi-saml2
https://<yourserverurl>/moconavi-saml2/saml/SSO
NOTE
moconavi Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
6. On the Set up moconavi section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure moconavi Single Sign-On
To configure single sign-on on moconavi side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to moconavi support team. They set this setting to have the SAML

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to moconavi.
1. In the Azure portal, select Enterprise Applications, select All applications, then select moconavi.
2. In the applications list, select moconavi.

Create moconavi test user
In this section, you create a user called Britta Simon in moconavi. Work with moconavi support team to add the
users in the moconavi platform. Users must be created and activated before you use single sign-on.
Test single sign-on
1. Install moconavi from Microsoft store.
2. Start moconavi.
3. Click Connect setting button.
4. Enter https://mcs-admin.moconavi.biz/gateway into Connect to URL textbox and then click Done button.
5. On the following screenshot, perform the following steps:
a. Enter Input Authentication Key: azureAD into Input Authentication Key textbox.
b. Enter Input User ID: your ad account into Input User ID textbox.
c. Click LOGIN.
6. Input your Azure AD password to Password textbox and then click Login button.
7. Azure AD authentication is successful when the menu is displayed.
Tutorial: Integrate monday.com with Azure Active
Directory
In this tutorial, you'll learn how to integrate monday.com with Azure Active Directory (Azure AD ). When you
integrate monday.com with Azure AD, you can:
Control in Azure AD who has access to monday.com.
Enable your users to be automatically signed-in to monday.com with their Azure AD accounts.
Prerequisites
monday.com single sign-on (SSO ) enabled subscription.
In this tutorial, you configure and test Azure AD SSO in a test environment. monday.com supports SP and IDP
Adding monday.com from the gallery

To configure the integration of monday.com into Azure AD, you need to add monday.com from the gallery to your
5. In the Add from the gallery section, type monday.com in the search box.
6. Select monday.com from results panel and then add the app. Wait a few seconds while the app is added to
your tenant.

Configure and test Azure AD SSO with monday.com using a test user called B.Simon. For SSO to work, you need
to establish a link relationship between an Azure AD user and the related user in monday.com.
To configure and test Azure AD SSO with monday.com, complete the following building blocks:
2. Configure monday.com to configure the SSO settings on application side.
5. Create monday.com test user to have a counterpart of B.Simon in monday.com that is linked to the Azure AD
1. In the Azure portal, on the monday.com application integration page, find the Manage section and select
Single sign-on.
4. In the Basic SAML Configuration pane, if you have a service provider metadata file and you want to
configure in IDP -initiated mode, perform the following steps:
a. Select Upload metadata file.
b. To select the metadata file, select the folder icon, and then select Upload.
c. After the metadata file is successfully uploaded, the Identifier and Reply URL values are
automatically populated in the Basic SAML Configuration pane:
NOTE
If the Identifier and Reply URL values do not get populated automatically, then fill in the values manually.
The Identifier and the Reply URL are the same and value is in the following pattern:
https://<your-domain>.monday.com/saml/saml_callback
initiated mode:
In the Sign-on URL text box, type a URL using the following pattern: https://<your-domain>.monday.com
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-On URL. Contact
monday.com Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
6. Your monday.com application expects the SAML assertions in a specific format, which requires you to add
7. In addition to above, monday.com application expects few more attributes to be passed back in SAML
Email user.mail
c. Remove the Namespace.
f. Click Ok.
g. Click Save.
9. On the Set up monday.com section, copy the appropriate URL (s) based on your requirement.
Configure monday.com
1. To automate the configuration within monday.com, you need to install My Apps Secure Sign-in browser
2. After adding extension to the browser, click on Setup monday.com which will direct you to the
monday.com application. From there, provide the admin credentials to sign into monday.com. The browser
extension will automatically configure the application for you and automate steps 3-6.
3. If you want to setup monday.com manually, open a new web browser window and sign in to monday.com as
an administrator and perform the following steps:
4. Go to the Profile on the top right corner of page and click on Admin.
5. Select Security and make sure to click on Open next to SAML.

6. Fill in the details below from your IDP.
NOTE
For more details refer this article

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to monday.com.
2. In the applications list, select monday.com.
Create monday.com test user
In this section, a user called B.Simon is created in monday.com. monday.com supports just-in-time provisioning,
monday.com, a new one is created when you attempt to access monday.com.
Test SSO
When you select the monday.com tile in the Access Panel, you should be automatically signed in to the
monday.com for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Montage Online
In this tutorial, you learn how to integrate Montage Online with Azure Active Directory (Azure AD ). Integrating
Montage Online with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Montage Online.
You can enable your users to be automatically signed-in to Montage Online (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Montage Online, you need the following items:
Montage Online single sign-on enabled subscription
Montage Online supports SP initiated SSO
Adding Montage Online from the gallery

To configure the integration of Montage Online into Azure AD, you need to add Montage Online from the gallery
To add Montage Online from the gallery, perform the following steps:
4. In the search box, type Montage Online, select Montage Online from result panel then click Add button

In this section, you configure and test Azure AD single sign-on with Montage Online based on a test user called
Montage Online needs to be established.
To configure and test Azure AD single sign-on with Montage Online, you need to complete the following building
blocks:
2. Configure Montage Online Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Montage Online test user - to have a counterpart of Britta Simon in Montage Online that is linked to
To configure Azure AD single sign-on with Montage Online, perform the following steps:
1. In the Azure portal, on the Montage Online application integration page, select Single sign-on.
dialog.

For Production Environment: https://<subdomain>.montageonline.co.nz/
For Test Environment: https://build-<subdomain>.montageonline.co.nz/
b. In the Identifier textbox, type a URL:

For Production Environment: MOL_Azure
For Test Environment: MOL_Azure_Build
NOTE
The Sign-on URL value is not real. Update the value with the actual Sign-On URL. Contact Montage Online Client
the Azure portal.
6. On the Set up Montage Online section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Montage Online Single Sign-On
To configure single sign-on on Montage Online side, you need to send the downloaded Certificate (Base64)
and appropriate copied URLs from Azure portal to Montage Online support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Montage Online.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Montage Online.
2. In the applications list, select Montage Online.

Create Montage Online test user
In this section, you create a user called Britta Simon in Montage Online. Work with Montage Online support team
to add the users in the Montage Online platform. Users must be created and activated before you use single sign-
on.
Test single sign-on
When you click the Montage Online tile in the Access Panel, you should be automatically signed in to the Montage
Panel.
integration with Motus
In this tutorial, you'll learn how to integrate Motus with Azure Active Directory (Azure AD ). When you integrate
Motus with Azure AD, you can:
Control in Azure AD who has access to Motus.
Enable your users to be automatically signed-in to Motus with their Azure AD accounts.
Prerequisites
Motus single sign-on (SSO ) enabled subscription.
Motus supports SP and IDP initiated SSO
NOTE
Adding Motus from the gallery

To configure the integration of Motus into Azure AD, you need to add Motus from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Motus in the search box.
6. Select Motus from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Motus

Configure and test Azure AD SSO with Motus using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Motus.
To configure and test Azure AD SSO with Motus, complete the following building blocks:
2. Configure Motus SSO - to configure the single sign-on settings on application side.
a. Create Motus test user - to have a counterpart of B.Simon in Motus that is linked to the Azure AD

1. In the Azure portal, on the Motus application integration page, find the Manage section and select single
sign-on.
edit the settings.
the Save button.
initiated mode:
In the Sign-on URL text box, type a URL: https://app.motus.com/
computer.
7. On the Set up Motus section, copy the appropriate URL (s) based on your requirement.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Motus.
2. In the applications list, select Motus.
Configure Motus SSO

To configure single sign-on on Motus side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to Motus support team. They set this setting to have the SAML SSO
Create Motus test user
In this section, you create a user called B.Simon in Motus. Work with Motus support team to add the users in the
Motus platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the Motus tile in the Access Panel, you should be automatically signed in to the Motus for which
Try Motus with Azure AD
MOVEit Transfer - Azure AD integration
In this tutorial, you learn how to integrate MOVEit Transfer - Azure AD integration with Azure Active Directory
(Azure AD ). Integrating MOVEit Transfer - Azure AD integration with Azure AD provides you with the following
benefits:
You can control in Azure AD who has access to MOVEit Transfer - Azure AD integration.
You can enable your users to be automatically signed-in to MOVEit Transfer - Azure AD integration (Single
you begin.
Prerequisites
To configure Azure AD integration with MOVEit Transfer - Azure AD integration, you need the following items:
MOVEit Transfer - Azure AD integration single sign-on enabled subscription
MOVEit Transfer - Azure AD integration supports SP initiated SSO
Adding MOVEit Transfer - Azure AD integration from the gallery

To configure the integration of MOVEit Transfer - Azure AD integration into Azure AD, you need to add MOVEit
Transfer - Azure AD integration from the gallery to your list of managed SaaS apps.
To add MOVEit Transfer - Azure AD integration from the gallery, perform the following steps:
4. In the search box, type MOVEit Transfer - Azure AD integration, select MOVEit Transfer - Azure AD
integration from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with MOVEit Transfer - Azure AD integration based
the related user in MOVEit Transfer - Azure AD integration needs to be established.
To configure and test Azure AD single sign-on with MOVEit Transfer - Azure AD integration, you need to complete
2. Configure MOVEit Transfer - Azure AD integration Single Sign-On - to configure the Single Sign-On
5. Create MOVEit Transfer - Azure AD integration test user - to have a counterpart of Britta Simon in
MOVEit Transfer - Azure AD integration that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with MOVEit Transfer - Azure AD integration, perform the following steps:
1. In the Azure portal, on the MOVEit Transfer - Azure AD integration application integration page, select
Single sign-on.
dialog.
following steps:
c. After the metadata file is successfully uploaded, the Identifier and Reply URL value gets auto populated
in Basic SAML Configuration section:
In the Sign-on URL text box, type a URL using the following pattern: https://contoso.com
NOTE
The Sign-on URL value is not real. Update the value with the actual Sign-On URL. Contact MOVEit Transfer - Azure
AD integration Client support team to get the value. You can download the Service Provider Metadata file from
the Service Provider Metadata URL which is explained later in the Configure MOVEit Transfer - Azure AD
integration Single Sign-On section of the tutorial. You can also refer to the patterns shown in the Basic SAML
6. On the Set up MOVEit Transfer - Azure AD integration section, copy the appropriate URL (s) as per your
requirement.
a. Login URL
c. Logout URL
Configure MOVEit Transfer - Azure AD integration Single Sign-On
1. Sign on to your MOVEit Transfer tenant as an administrator.
3. Click Single Signon link, which is under Security Policies -> User Auth.
4. Click the Metadata URL link to download the metadata document.
Verify entityID matches Identifier in the Basic SAML Configuration section .

Verify AssertionConsumerService Location URL matches REPLY URL in the Basic SAML
5. Click Add Identity Provider button to add a new Federated Identity Provider.
6. Click Browse... to select the metadata file which you downloaded from Azure portal, then click Add
Identity Provider to upload the downloaded file.
7. Select "Yes" as Enabled in the Edit Federated Identity Provider Settings... page and click Save.
8. In the Edit Federated Identity Provider User Settings page, perform the following actions:
a. Select SAML NameID as Login name.
b. Select Other as Full name and in the Attribute name textbox put the value:
http://schemas.microsoft.com/identity/claims/displayname .
c. Select Other as Email and in the Attribute name textbox put the value:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress .
d. Select Yes as Auto-create account on signon.

e. Click Save button.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to MOVEit Transfer - Azure
AD integration.
1. In the Azure portal, select Enterprise Applications, select All applications, then select MOVEit Transfer
- Azure AD integration.
2. In the applications list, select MOVEit Transfer - Azure AD integration.

Create MOVEit Transfer - Azure AD integration test user
The objective of this section is to create a user called Britta Simon in MOVEit Transfer - Azure AD integration.
MOVEit Transfer - Azure AD integration supports just-in-time provisioning, which you have enabled. There is no
action item for you in this section. A new user is created during an attempt to access MOVEit Transfer - Azure AD
integration if it doesn't exist yet.
NOTE
If you need to create a user manually, you need to contact the MOVEit Transfer - Azure AD integration Client support team.
Test single sign-on

When you click the MOVEit Transfer - Azure AD integration tile in the Access Panel, you should be automatically
signed in to the MOVEit Transfer - Azure AD integration for which you set up SSO. For more information about
Tutorial: Azure Active Directory integration with Moxi
Engage
In this tutorial, you learn how to integrate Moxi Engage with Azure Active Directory (Azure AD ). Integrating Moxi
Engage with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Moxi Engage.
You can enable your users to be automatically signed-in to Moxi Engage (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Moxi Engage, you need the following items:
Moxi Engage single sign-on enabled subscription
Moxi Engage supports SP initiated SSO
Adding Moxi Engage from the gallery

To configure the integration of Moxi Engage into Azure AD, you need to add Moxi Engage from the gallery to your
To add Moxi Engage from the gallery, perform the following steps:
4. In the search box, type Moxi Engage, select Moxi Engage from result panel then click Add button to add
the application.

In this section, you configure and test Azure AD single sign-on with Moxi Engage based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Moxi
Engage needs to be established.
To configure and test Azure AD single sign-on with Moxi Engage, you need to complete the following building
blocks:
2. Configure Moxi Engage Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Moxi Engage test user - to have a counterpart of Britta Simon in Moxi Engage that is linked to the
To configure Azure AD single sign-on with Moxi Engage, perform the following steps:
1. In the Azure portal, on the Moxi Engage application integration page, select Single sign-on.
dialog.

https://svc.<moxiworks-integration-domain>/service/v1/auth/inbound/saml/aad
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact Moxi Engage Client support team to get
6. On the Set up Moxi Engage section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Moxi Engage Single Sign-On
To configure single sign-on on Moxi Engage side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to Moxi Engage support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Moxi Engage.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Moxi Engage.
2. In the applications list, select Moxi Engage.
Create Moxi Engage test user
In this section, you create a user called Britta Simon in Moxi Engage. Work with Moxi Engage support team to add
the users in the Moxi Engage platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Moxi Engage tile in the Access Panel, you should be automatically signed in to the Moxi Engage
Moxtra
In this tutorial, you learn how to integrate Moxtra with Azure Active Directory (Azure AD ). Integrating Moxtra with
You can control in Azure AD who has access to Moxtra.
You can enable your users to be automatically signed-in to Moxtra (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Moxtra, you need the following items:
Moxtra single sign-on enabled subscription
Moxtra supports SP initiated SSO
Adding Moxtra from the gallery

To configure the integration of Moxtra into Azure AD, you need to add Moxtra from the gallery to your list of
managed SaaS apps.
To add Moxtra from the gallery, perform the following steps:
4. In the search box, type Moxtra, select Moxtra from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Moxtra based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Moxtra
To configure and test Azure AD single sign-on with Moxtra, you need to complete the following building blocks:
2. Configure Moxtra Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Moxtra test user - to have a counterpart of Britta Simon in Moxtra that is linked to the Azure AD
To configure Azure AD single sign-on with Moxtra, perform the following steps:
1. In the Azure portal, on the Moxtra application integration page, select Single sign-on.
dialog.

https://www.moxtra.com/service/#login
5. Moxtra application expects the SAML assertions in a specific format, which requires you to add custom
6. In addition to above, Moxtra application expects few more attributes to be passed back in SAML response.
idpid < Azure AD Identifier >
NOTE
The value of idpid attribute is not real. You can get the actual value from Set up Moxtra section from step#8.
f. Click Ok
g. Click Save.
8. On the Set up Moxtra section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Moxtra Single Sign-On
1. In another browser window, sign on to your Moxtra company site as an administrator.
2. In the toolbar on the left, click Admin Console > SAML Single Sign-on, and then click New.
3. On the SAML page, perform the following steps:
a. In the Name textbox, type a name for your configuration (e.g.: SAML).
b. In the IdP Entity ID textbox, paste the value of Azure AD Identifier which you have copied from Azure
portal.
c. In Login URL textbox, paste the value of Login URL which you have copied from Azure portal.
d. In the AuthnContextClassRef textbox, type urn:oasis:names:tc:SAML:2.0:ac:classes:Password.
e. In the NameID Format textbox, type urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.
f. Open certificate which you have downloaded from Azure portal in notepad, copy the content, and then
paste it into the Certificate textbox.
g. In the SAML email domain textbox, type your SAML email domain.
NOTE
To see the steps to verify the domain, click the "i" below.
h. Click Update.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Moxtra.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Moxtra.
2. In the applications list, select Moxtra.

Create Moxtra test user
The objective of this section is to create a user called Britta Simon in Moxtra.
To create a user called Britta Simon in Moxtra, perform the following steps:
1. Sign on to your Moxtra company site as an administrator.
2. In the toolbar on the left, click Admin Console > User Management, and then Add User.
c. In the Email textbox, type Britta's email address same as on Azure portal.
d. In the Division textbox, type Dev.
e. In the Department textbox, type IT.
f. Select Administrator.
g. Click Add.
Test single sign-on
When you click the Moxtra tile in the Access Panel, you should be automatically signed in to the Moxtra for which
Mozy Enterprise
In this tutorial, you learn how to integrate Mozy Enterprise with Azure Active Directory (Azure AD ). Integrating
Mozy Enterprise with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Mozy Enterprise.
You can enable your users to be automatically signed-in to Mozy Enterprise (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Mozy Enterprise, you need the following items:
Mozy Enterprise single sign-on enabled subscription
Mozy Enterprise supports SP initiated SSO
Adding Mozy Enterprise from the gallery

To configure the integration of Mozy Enterprise into Azure AD, you need to add Mozy Enterprise from the gallery
To add Mozy Enterprise from the gallery, perform the following steps:
4. In the search box, type Mozy Enterprise, select Mozy Enterprise from result panel then click Add button

In this section, you configure and test Azure AD single sign-on with Mozy Enterprise based on a test user called
Mozy Enterprise needs to be established.
To configure and test Azure AD single sign-on with Mozy Enterprise, you need to complete the following building
blocks:
2. Configure Mozy Enterprise Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Mozy Enterprise test user - to have a counterpart of Britta Simon in Mozy Enterprise that is linked to
To configure Azure AD single sign-on with Mozy Enterprise, perform the following steps:
1. In the Azure portal, on the Mozy Enterprise application integration page, select Single sign-on.
dialog.

https://<tenantname>.Mozyenterprise.com
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact Mozy Enterprise Client support team to
6. On the Set up Mozy Enterprise section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Mozy Enterprise Single Sign-On
1. In a different web browser window, log into your Mozy Enterprise company site as an administrator.
2. In the Configuration section, click Authentication Policy.
3. On the Authentication Policy section, perform the following steps:
a. Select Directory Service as Provider.

b. Select Use LDAP Push.
c. Click the SAML Authentication tab.
d. Paste Login URL, which you have copied from the Azure portal into the Authentication URL textbox.
e. Paste Azure AD Identifier, which you have copied from the Azure portal into the SAML Endpoint
textbox.
f. Open your downloaded base-64 encoded certificate in notepad, copy the content of it into your clipboard,
and then paste the entire Certificate into SAML Certificate textbox.
g. Select Enable SSO for Admins to log in with their network credentials.
h. Click Save Changes.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Mozy Enterprise.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Mozy Enterprise.
2. In the applications list, select Mozy Enterprise.
Create Mozy Enterprise test user
In order to enable Azure AD users to log into Mozy Enterprise, they must be provisioned into Mozy Enterprise. In
the case of Mozy Enterprise, provisioning is a manual task.
NOTE
You can use any other Mozy Enterprise user account creation tools or APIs provided by Mozy Enterprise to provision Azure
AD user accounts.

1. Log in to your Mozy Enterprise tenant.
2. Click Users, and then click Add New User.
NOTE
The Add New User option is only displayed only if Mozy is selected as the provider under Authentication policy. If
SAML Authentication is configured, then the users are added automatically on their first login through Single sign on.
3. On the new user dialog, perform the following steps:
a. From the Choose a Group list, select a group.

b. From the What type of user list, select a type.
c. In the Username textbox, type the name of the Azure AD user.
d. In the Email textbox, type the email address of the Azure AD user.
e. Select Send user instruction email.
f. Click Add User(s).
NOTE
After creating the user, an email will be sent to the Azure AD user that includes a link to confirm the account before it
becomes active.
Test single sign-on

When you click the Mozy Enterprise tile in the Access Panel, you should be automatically signed in to the Mozy
Panel.
integration with MS Azure SSO Access for Ethidex
Compliance Office™
In this tutorial, you'll learn how to integrate MS Azure SSO Access for Ethidex Compliance Office™ with Azure
Active Directory (Azure AD ). When you integrate MS Azure SSO Access for Ethidex Compliance Office™ with
Azure AD, you can:
Control in Azure AD who has access to MS Azure SSO Access for Ethidex Compliance Office™.
Enable your users to be automatically signed-in to MS Azure SSO Access for Ethidex Compliance Office™ with
Prerequisites
MS Azure SSO Access for Ethidex Compliance Office™ single sign-on (SSO ) enabled subscription.
MS Azure SSO Access for Ethidex Compliance Office™ supports IDP initiated SSO
Adding MS Azure SSO Access for Ethidex Compliance Office™ from

the gallery
To configure the integration of MS Azure SSO Access for Ethidex Compliance Office™ into Azure AD, you need to
add MS Azure SSO Access for Ethidex Compliance Office™ from the gallery to your list of managed SaaS apps.
5. In the Add from the gallery section, type MS Azure SSO Access for Ethidex Compliance Office™ in the
search box.
6. Select MS Azure SSO Access for Ethidex Compliance Office™ from results panel and then add the app.
Wait a few seconds while the app is added to your tenant.
Configure and test Azure AD single sign-on for MS Azure SSO Access
for Ethidex Compliance Office™
Configure and test Azure AD SSO with MS Azure SSO Access for Ethidex Compliance Office™ using a test user
called B.Simon. For SSO to work, you need to establish a link relationship between an Azure AD user and the
related user in MS Azure SSO Access for Ethidex Compliance Office™.
To configure and test Azure AD SSO with MS Azure SSO Access for Ethidex Compliance Office™, complete the
2. Configure MS Azure SSO Access for Ethidex Compliance Office SSO - to configure the single sign-on
a. Create MS Azure SSO Access for Ethidex Compliance Office test user - to have a counterpart of
B.Simon in MS Azure SSO Access for Ethidex Compliance Office™ that is linked to the Azure AD

1. In the Azure portal, on the MS Azure SSO Access for Ethidex Compliance Office™ application
integration page, find the Manage section and select single sign-on.
edit the settings.
a. In the Identifier text box, type a URL using the following pattern: com.ethidex.prod.<CLIENTID>
https://www.ethidex.com/saml2/sp/acs/<CLIENTID>
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact MS Azure SSO Access
for Ethidex Compliance Office™ support team to get these values. You can also refer to the patterns shown in the
5. MS Azure SSO Access for Ethidex Compliance Office™ application application expects the SAML assertions
in a specific format, which requires you to add custom attribute mappings to your SAML token attributes
configuration. The following screenshot shows the list of default attributes, where as nameidentifier is
mapped with user.userprincipalname. MS Azure SSO Access for Ethidex Compliance Office™ application
7. On the Set up MS Azure SSO Access for Ethidex Compliance Office™ section, copy the appropriate
URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to MS Azure SSO Access for
Ethidex Compliance Office™.
2. In the applications list, select MS Azure SSO Access for Ethidex Compliance Office™.
Configure MS Azure SSO Access for Ethidex Compliance Office SSO

To configure single sign-on on MS Azure SSO Access for Ethidex Compliance Office™ side, you need to send
the downloaded Certificate (Raw) and appropriate copied URLs from Azure portal to MS Azure SSO Access for
Ethidex Compliance Office™ support team. They set this setting to have the SAML SSO connection set properly on
both sides.
Create MS Azure SSO Access for Ethidex Compliance Office test user
In this section, you create a user called B.Simon in MS Azure SSO Access for Ethidex Compliance Office™. Work
with MS Azure SSO Access for Ethidex Compliance Office™ support team to add the users in the MS Azure SSO
Access for Ethidex Compliance Office™ platform. Users must be created and activated before you use single sign-
on.
Test SSO
When you click the MS Azure SSO Access for Ethidex Compliance Office™ tile in the Access Panel, you should be
automatically signed in to the MS Azure SSO Access for Ethidex Compliance Office™ for which you set up SSO.
Try MS Azure SSO Access for Ethidex Compliance Office™ with Azure AD
integration with MyAryaka
In this tutorial, you'll learn how to integrate MyAryaka with Azure Active Directory (Azure AD ). When you integrate
MyAryaka with Azure AD, you can:
Control in Azure AD who has access to MyAryaka.
Enable your users to be automatically signed-in to MyAryaka with their Azure AD accounts.
Prerequisites
MyAryaka single sign-on (SSO ) enabled subscription.
MyAryaka supports SP initiated SSO
Adding MyAryaka from the gallery

To configure the integration of MyAryaka into Azure AD, you need to add MyAryaka from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type MyAryaka in the search box.
6. Select MyAryaka from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for MyAryaka

Configure and test Azure AD SSO with MyAryaka using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in MyAryaka.
To configure and test Azure AD SSO with MyAryaka, complete the following building blocks:
2. Configure MyAryaka SSO - to configure the single sign-on settings on application side.
Create MyAryaka test user - to have a counterpart of B.Simon in MyAryaka that is linked to the Azure

1. In the Azure portal, on the MyAryaka application integration page, find the Manage section and select
single sign-on.
edit the settings.
a. In the Sign on URL text box, use one of the following pattern:
https://my.aryaka.com/
https://kso.aryaka.com/auth/realms/<CUSTOMERID>
https://kso.aryaka.com/auth/realms/<CUSTOMERID>
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact MyAryaka Client

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to MyAryaka.
2. In the applications list, select MyAryaka.
Configure MyAryaka SSO

To configure single sign-on on MyAryaka side, you need to send the App Federation Metadata Url to
MyAryaka support team. They set this setting to have the SAML SSO connection set properly on both sides.
Create MyAryaka test user
In this section, you create a user called B.Simon in MyAryaka. Work with MyAryaka support team to add the users
in the MyAryaka platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the MyAryaka tile in the Access Panel, you should be automatically signed in to the MyAryaka for
Try MyAryaka with Azure AD
Tutorial: Azure Active Directory integration with My
Award Points Top Sub/Top Team
In this tutorial, you learn how to integrate My Award Points Top Sub/Top Team with Azure Active Directory (Azure
AD ). Integrating My Award Points Top Sub/Top Team with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to My Award Points Top Sub/Top Team.
You can enable your users to be automatically signed-in to My Award Points Top Sub/Top Team (Single Sign-
you begin.
Prerequisites
To configure Azure AD integration with My Award Points Top Sub/Top Team, you need the following items:
My Award Points Top Sub/Top Team single sign-on enabled subscription
My Award Points Top Sub/Top Team supports SP initiated SSO
Adding My Award Points Top Sub/Top Team from the gallery

To configure the integration of My Award Points Top Sub/Top Team into Azure AD, you need to add My Award
Points Top Sub/Top Team from the gallery to your list of managed SaaS apps.
To add My Award Points Top Sub/Top Team from the gallery, perform the following steps:
4. In the search box, type My Award Points Top Sub/Top Team, select My Award Points Top Sub/Top
Team from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with My Award Points Top Sub/Top Team based on
related user in My Award Points Top Sub/Top Team needs to be established.
To configure and test Azure AD single sign-on with My Award Points Top Sub/Top Team, you need to complete the
2. Configure My Award Points Top Sub/Top Team Single Sign-On - to configure the Single Sign-On settings
5. Create My Award Points Top Sub/Top Team test user - to have a counterpart of Britta Simon in My Award
Points Top Sub/Top Team that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with My Award Points Top Sub/Top Team, perform the following steps:
1. In the Azure portal, on the My Award Points Top Sub/Top Team application integration page, select
Single sign-on.
dialog.

https://microsoftrr.performnet.com/biwv1auth/Shibboleth.sso/Login?providerId=<Azure AD Identifier>
NOTE
The value is not real. You will get the <Azure AD Identifier> value in the later steps in this tutorial.
6. On the Set up My Award Points Top Sub/Top Team section, copy the appropriate URL (s) as per your
requirement.
a. Login URL
c. Logout URL
NOTE
Append the copied Azure AD Identifier value with the Sign on URL in the place of <Azure AD Identifier> in the
Configure My Award Points Top Sub/Top Team Single Sign-On

To configure single sign-on on My Award Points Top Sub/Top Team side, you need to send the downloaded
Federation Metadata XML and appropriate copied URLs from Azure portal to My Award Points Top Sub/Top
Team support team. They set this setting to have the SAML SSO connection set properly on both sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to My Award Points Top
Sub/Top Team.
1. In the Azure portal, select Enterprise Applications, select All applications, then select My Award Points
Top Sub/Top Team.
2. In the applications list, select My Award Points Top Sub/Top Team.
Create My Award Points Top Sub/Top Team test user
In this section, you create a user called Britta Simon in My Award Points Top Sub/Top Team. Work with My Award
Points Top Sub/Top Team support team to add the users in the My Award Points Top Sub/Top Team platform.
Test single sign-on
When you click the My Award Points Top Sub/Top Team tile in the Access Panel, you should be automatically
signed in to the My Award Points Top Sub/Top Team for which you set up SSO. For more information about the
myPolicies
In this tutorial, you learn how to integrate myPolicies with Azure Active Directory (Azure AD ). Integrating
myPolicies with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to myPolicies.
You can enable your users to be automatically signed-in to myPolicies (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with myPolicies, you need the following items:
myPolicies single sign-on enabled subscription
myPolicies supports IDP initiated SSO
Adding myPolicies from the gallery

To configure the integration of myPolicies into Azure AD, you need to add myPolicies from the gallery to your list
To add myPolicies from the gallery, perform the following steps:
4. In the search box, type myPolicies, select myPolicies from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with myPolicies based on a test user called Britta
myPolicies needs to be established.
To configure and test Azure AD single sign-on with myPolicies, you need to complete the following building blocks:
2. Configure myPolicies Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create myPolicies test user - to have a counterpart of Britta Simon in myPolicies that is linked to the Azure
To configure Azure AD single sign-on with myPolicies, perform the following steps:
1. In the Azure portal, on the myPolicies application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type a URL using the following pattern: https://<tenantname>.mypolicies.com/
https://<tenantname>.mypolicies.com/users/auth/saml/callback
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact myPolicies Client
6. On the Set up myPolicies section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure myPolicies Single Sign-On
To configure single sign-on on myPolicies side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to myPolicies support team. They set this setting to have the SAML

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to myPolicies.
1. In the Azure portal, select Enterprise Applications, select All applications, then select myPolicies.
2. In the applications list, select myPolicies.
Create myPolicies test user
In this section, you create a user called Britta Simon in myPolicies. Work with myPolicies support team to add the
users in the myPolicies platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the myPolicies tile in the Access Panel, you should be automatically signed in to the myPolicies for
integration with MyVR
In this tutorial, you'll learn how to integrate MyVR with Azure Active Directory (Azure AD ). When you integrate
MyVR with Azure AD, you can:
Control in Azure AD who has access to MyVR.
Enable your users to be automatically signed-in to MyVR with their Azure AD accounts.
Prerequisites
MyVR single sign-on (SSO ) enabled subscription.
MyVR supports SP and IDP initiated SSO
MyVR supports Just In Time user provisioning
NOTE
Adding MyVR from the gallery

To configure the integration of MyVR into Azure AD, you need to add MyVR from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type MyVR in the search box.
6. Select MyVR from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for MyVR

Configure and test Azure AD SSO with MyVR using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in MyVR.
To configure and test Azure AD SSO with MyVR, complete the following building blocks:
2. Configure MyVR SSO - to configure the single sign-on settings on application side.
a. Create MyVR test user - to have a counterpart of B.Simon in MyVR that is linked to the Azure AD

1. In the Azure portal, on the MyVR application integration page, find the Manage section and select single
sign-on.
edit the settings.
the Save button.
initiated mode:
In the Sign-on URL text box, type a URL: https://ess.virtualroster.net/ess/login.aspx
6. MyVR application expects the SAML assertions in a specific format, which requires you to add custom
default attributes.
7. In addition to above, MyVR application expects few more attributes to be passed back in SAML response
requirement.
employeeid user.employeeid
9. On the Set up MyVR section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to MyVR.
2. In the applications list, select MyVR.
Configure MyVR SSO

To configure single sign-on on MyVR side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to MyVR support team. They set this setting to have the SAML SSO
Create MyVR test user
In this section, a user called B.Simon is created in MyVR. MyVR supports just-in-time user provisioning, which is
enabled by default. There is no action item for you in this section. If a user doesn't already exist in MyVR, a new one
Test SSO
When you click the MyVR tile in the Access Panel, you should be automatically signed in to the MyVR for which
Try MyVR with Azure AD
Tutorial: Integrate MyWorkDrive with Azure Active
Directory
In this tutorial, you'll learn how to integrate MyWorkDrive with Azure Active Directory (Azure AD ). When you
integrate MyWorkDrive with Azure AD, you can:
Control in Azure AD who has access to MyWorkDrive.
Enable your users to be automatically signed-in to MyWorkDrive with their Azure AD accounts.
Prerequisites
MyWorkDrive single sign-on (SSO ) enabled subscription.
In this tutorial, you configure and test Azure AD SSO in a test environment. MyWorkDrive supports SP and IDP
initiated SSO
Adding MyWorkDrive from the gallery

To configure the integration of MyWorkDrive into Azure AD, you need to add MyWorkDrive from the gallery to
5. In the Add from the gallery section, type MyWorkDrive in the search box.
6. Select MyWorkDrive from results panel and then add the app. Wait a few seconds while the app is added to
your tenant.

Configure and test Azure AD SSO with MyWorkDrive using a test user called Britta Simon. For SSO to work,
you need to establish a link relationship between an Azure AD user and the related user in MyWorkDrive.
To configure and test Azure AD SSO with MyWorkDrive, complete the following building blocks:
2. Configure MyWorkDrive SSO - to configure the Single Sign-On settings on application side.
5. Create MyWorkDrive test user - to have a counterpart of Britta Simon in MyWorkDrive that is linked to the
1. In the Azure portal, on the MyWorkDrive application integration page, find the Manage section and select
Single sign-on.
4. On the Basic SAML Configuration page, If you wish to configure the application in IDP initiated mode,
enter the values for the following field:
https://<SERVER.DOMAIN.COM>/SAML/AssertionConsumerService.aspx
initiated mode:
https://<SERVER.DOMAIN.COM>/Account/Login-saml
NOTE
These values are not real. Update these values with the actual Reply URL and Sign-On URL. Input your own
company's MyWorkDrive Server host name:e.g.
Reply URL: https://yourserver.yourdomain.com/SAML/AssertionConsumerService.aspx
Sign-on URL: https://yourserver.yourdomain.com/Account/Login-saml
Contact MyWorkDrive support team if you are unsure how to setup your own host name and SSL certificate for
these values.
button to copy App Federation Metadata Url to your clipboard.
Configure MyWorkDrive SSO
1. To automate the configuration within MyWorkDrive, you need to install My Apps Secure Sign-in browser
2. After adding extension to the browser, click on Setup MyWorkDrive will direct you to the MyWorkDrive
application. From there, provide the admin credentials to sign into MyWorkDrive. The browser extension
will automatically configure the application for you and automate steps 3-4.
3. If you want to setup MyWorkDrive manually, In a different web browser window, sign in to MyWorkDrive
as a Security Administrator.
4. On the MyWorkDrive Server in the admin panel, click on ENTERPRISE and perform the following steps:
a. Enable SAML/ADFS SSO.

b. Select SAML - Azure AD
c. In the Azure App Federation Metadata Url textbox, paste the value of App Federation Metadata Url
which you have copied from the Azure portal.
d. Click Save
NOTE
For additional information review the MyWorkDrive Azure AD support article.

box.
d. Click Create.
In this section, you'll enable Britta Simon to use Azure single sign-on by granting access to MyWorkDrive.
2. In the applications list, select MyWorkDrive.
Create MyWorkDrive test user
In this section, you create a user called Britta Simon in MyWorkDrive. Work with MyWorkDrive support team to
add the users in the MyWorkDrive platform. Users must be created and activated before you use single sign-on.
Test SSO
When you select the MyWorkDrive tile in the Access Panel, you should be automatically signed in to the
MyWorkDrive for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Tutorial: Azure Active Directory integration with N2F
- Expense reports
In this tutorial, you learn how to integrate N2F - Expense reports with Azure Active Directory (Azure AD ).
Integrating N2F - Expense reports with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to N2F - Expense reports.
You can enable your users to be automatically signed-in to N2F - Expense reports (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with N2F - Expense reports, you need the following items:
N2F - Expense reports single sign-on enabled subscription
N2F - Expense reports supports SP and IDP initiated SSO
Adding N2F - Expense reports from the gallery

To configure the integration of N2F - Expense reports into Azure AD, you need to add N2F - Expense reports from
To add N2F - Expense reports from the gallery, perform the following steps:
4. In the search box, type N2F - Expense reports, select N2F - Expense reports from result panel then click

In this section, you configure and test Azure AD single sign-on with N2F - Expense reports based on a test user
in N2F - Expense reports needs to be established.
To configure and test Azure AD single sign-on with N2F - Expense reports, you need to complete the following
building blocks:
2. Configure N2F - Expense reports Single Sign-On - to configure the Single Sign-On settings on application
side.
5. Create N2F - Expense reports test user - to have a counterpart of Britta Simon in N2F - Expense reports that
To configure Azure AD single sign-on with N2F - Expense reports, perform the following steps:
1. In the Azure portal, on the N2F - Expense reports application integration page, select Single sign-on.
dialog.
the user does not have to perform any steps as the app is already pre-integrated with Azure.
initiated mode:
In the Sign-on URL text box, type a URL: https://www.n2f.com/app/
7. On the Set up myPolicies section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure N2F - Expense reports Single Sign-On
1. In a different web browser window, sign in to your N2F - Expense reports company site as an administrator.
2. Click on Settings and then select Advance Settings from the dropdown.
3. Select Account settings tab.

4. Select Authentication and then select + Add an authentication method tab.
5. Select SAML Microsoft Office 365 as Authentication method.
6. On the Authentication method section, perform the following steps:

a. In the Entity ID textbox, paste the Azure AD Identifier value, which you have copied from the Azure
portal.
b. In the Metadata URL textbox, paste the App Federation Metadata Url value, which you have copied
c. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to N2F - Expense reports.
1. In the Azure portal, select Enterprise Applications, select All applications, then select N2F - Expense
reports.
2. In the applications list, select N2F - Expense reports.

Create N2F - Expense reports test user
To enable Azure AD users to log in to N2F - Expense reports, they must be provisioned into N2F - Expense reports.
In the case of N2F - Expense reports, provisioning is a manual task.
1. Log in to your N2F - Expense reports company site as an administrator.
2. Click on Settings and then select Advance Settings from the dropdown.
3. Select Users tab from left navigation panel.
4. Select + New user tab.
5. On the User section, perform the following steps:

a. In the Email address textbox, enter the email address of user like brittasimon@contoso.com.
b. In the First name textbox, enter the first name of user like Britta.
c. In the Name textbox, enter the name of user like BrittaSimon.
d. Choose Role, Direct manager (N+1), and Division as per your organization requirement.
e. Click Validate and send invitation.
NOTE
If you are facing any problems while adding the user, please contact N2F - Expense reports support team
Test single sign-on

When you click the N2F - Expense reports tile in the Access Panel, you should be automatically signed in to the
N2F - Expense reports for which you set up SSO. For more information about the Access Panel, see Introduction
Namely
In this tutorial, you learn how to integrate Namely with Azure Active Directory (Azure AD ). Integrating Namely
You can control in Azure AD who has access to Namely.
You can enable your users to be automatically signed-in to Namely (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Namely, you need the following items:
Namely single sign-on enabled subscription
Namely supports SP initiated SSO
Adding Namely from the gallery

To configure the integration of Namely into Azure AD, you need to add Namely from the gallery to your list of
managed SaaS apps.
To add Namely from the gallery, perform the following steps:
4. In the search box, type Namely, select Namely from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Namely based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Namely
To configure and test Azure AD single sign-on with Namely, you need to complete the following building blocks:
2. Configure Namely Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Namely test user - to have a counterpart of Britta Simon in Namely that is linked to the Azure AD
To configure Azure AD single sign-on with Namely, perform the following steps:
1. In the Azure portal, on the Namely application integration page, select Single sign-on.
dialog.

a. In the Sign on URL text box, type a URL using the following pattern: https://<subdomain>.namely.com
https://<subdomain>.namely.com/saml/metadata
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Namely Client
6. On the Set up Namely section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Namely Single Sign-On
1. In another browser window, sign on to your Namely company site as an administrator.
2. In the toolbar on the top, click Company.
3. Click the Settings tab.
4. Click SAML.
5. On the SAML Settings page, perform the following steps:

b. In the Identity provider SSO url textbox, paste the value of Login URL, which you have copied from
Azure portal.
c. Open your downloaded certificate in Notepad, copy the content, and then paste it into the Identity
provider certificate textbox.
d. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Namely.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Namely.
2. In the applications list, select Namely.

Create Namely test user
The objective of this section is to create a user called Britta Simon in Namely.
To create a user called Britta Simon in Namely, perform the following steps:
1. Sign-on to your Namely company site as an administrator.
2. In the toolbar on the top, click People.
3. Click the Directory tab.
4. Click Add New Person.
5. On the Add New Person dialog, perform the following steps:

a. In the First name textbox, type Britta.
b. In the Last name textbox, type Simon.
c. In the Email textbox, type the email address of BrittaSimon.
d. Click Save.
Test single sign-on
When you click the Namely tile in the Access Panel, you should be automatically signed in to the Namely for which
integration with NegometrixPortal Single Sign On
(SSO)
In this tutorial, you'll learn how to integrate NegometrixPortal Single Sign On (SSO ) with Azure Active Directory
(Azure AD ). When you integrate NegometrixPortal Single Sign On (SSO ) with Azure AD, you can:
Control in Azure AD who has access to NegometrixPortal Single Sign On (SSO ).
Enable your users to be automatically signed-in to NegometrixPortal Single Sign On (SSO ) with their Azure AD
accounts.
Prerequisites
NegometrixPortal Single Sign On (SSO ) single sign-on (SSO ) enabled subscription.
NegometrixPortal Single Sign On (SSO ) supports SP initiated SSO
NOTE
Adding NegometrixPortal Single Sign On (SSO) from the gallery

To configure the integration of NegometrixPortal Single Sign On (SSO ) into Azure AD, you need to add
NegometrixPortal Single Sign On (SSO ) from the gallery to your list of managed SaaS apps.
5. In the Add from the gallery section, type NegometrixPortal Single Sign On (SSO ) in the search box.
6. Select NegometrixPortal Single Sign On (SSO ) from results panel and then add the app. Wait a few seconds
Configure and test Azure AD single sign-on for NegometrixPortal

Single Sign On (SSO)
Configure and test Azure AD SSO with NegometrixPortal Single Sign On (SSO ) using a test user called B.Simon.
For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in
NegometrixPortal Single Sign On (SSO ).
To configure and test Azure AD SSO with NegometrixPortal Single Sign On (SSO ), complete the following
building blocks:
2. Configure NegometrixPortal Single Sign On (SSO ) SSO - to configure the single sign-on settings on
application side.
Create NegometrixPortal Single Sign On (SSO ) test user - to have a counterpart of B.Simon in
NegometrixPortal Single Sign On (SSO ) that is linked to the Azure AD representation of user.

1. In the Azure portal, on the NegometrixPortal Single Sign On (SSO ) application integration page, find
edit the settings.
https://portal.negometrix.com/sso/<CUSTOMURL>
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact NegometrixPortal Single Sign On (SSO)
Client support team to get the value. You can also refer to the patterns shown in the Basic SAML Configuration
5. NegometrixPortal Single Sign On (SSO ) application expects the SAML assertions in a specific format, which
6. In addition to above, NegometrixPortal Single Sign On (SSO ) application expects few more attributes to be
passed back in SAML response which are shown below. These attributes are also pre populated but you can
review them as per your requirements.
upn user.userprincipalname

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to NegometrixPortal Single
Sign On (SSO ).
2. In the applications list, select NegometrixPortal Single Sign On (SSO ).
Configure NegometrixPortal Single Sign On (SSO) SSO

To configure single sign-on on NegometrixPortal Single Sign On (SSO ) side, you need to send the App
Federation Metadata Url to NegometrixPortal Single Sign On (SSO ) support team. They set this setting to have
Create NegometrixPortal Single Sign On (SSO ) test user
In this section, you create a user called B.Simon in NegometrixPortal Single Sign On (SSO ). Work
with NegometrixPortal Single Sign On (SSO ) support team to add the users in the NegometrixPortal Single Sign
On (SSO ) platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the NegometrixPortal Single Sign On (SSO ) tile in the Access Panel, you should be automatically
signed in to the NegometrixPortal Single Sign On (SSO ) for which you set up SSO. For more information about
Try NegometrixPortal Single Sign On (SSO ) with Azure AD
integration with NEOGOV
In this tutorial, you'll learn how to integrate NEOGOV with Azure Active Directory (Azure AD ). When you integrate
NEOGOV with Azure AD, you can:
Control in Azure AD who has access to NEOGOV.
Enable your users to be automatically signed-in to NEOGOV with their Azure AD accounts.
Prerequisites
NEOGOV single sign-on (SSO ) enabled subscription.
NEOGOV supports IDP initiated SSO
Adding NEOGOV from the gallery

To configure the integration of NEOGOV into Azure AD, you need to add NEOGOV from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type NEOGOV in the search box.
6. Select NEOGOV from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for NEOGOV

Configure and test Azure AD SSO with NEOGOV using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in NEOGOV.
To configure and test Azure AD SSO with NEOGOV, complete the following building blocks:
2. Configure NEOGOV SSO - to configure the single sign-on settings on application side.
Create NEOGOV test user - to have a counterpart of B.Simon in NEOGOV that is linked to the Azure

1. In the Azure portal, on the NEOGOV application integration page, find the Manage section and select
single sign-on.
edit the settings.
Production https://www.neogov.com/
Sandbox https://www.uat.neogov.net/
Production https://login.neogov.com/authentication/saml/consumer
Sandbox https://login.uat.neogov.net/authentication/saml/consumer
5. NEOGOV application expects the SAML assertions in a specific format, which requires you to add custom
default attributes, where as nameidentifier is mapped with user.userprincipalname. NEOGOV
application expects nameidentifier to be mapped with user.objectid, so you need to edit the attribute
6. In addition to above, NEOGOV application expects few more attributes to be passed back in SAML
your requirements.
mail user.mail

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to NEOGOV.
2. In the applications list, select NEOGOV.
Configure NEOGOV SSO

To configure single sign-on on NEOGOV side, you need to send the App Federation Metadata Url to NEOGOV
Create NEOGOV test user
In this section, you create a user called B.Simon in NEOGOV. Work with NEOGOV support team to add the users
in the NEOGOV platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the NEOGOV tile in the Access Panel, you should be automatically signed in to the NEOGOV for
Try NEOGOV with Azure AD
Neota Logic Studio
In this tutorial, you learn how to integrate Neota Logic Studio with Azure Active Directory (Azure AD ). Integrating
Neota Logic Studio with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Neota Logic Studio.
You can enable your users to be automatically signed-in to Neota Logic Studio (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Neota Logic Studio, you need the following items:
Neota Logic Studio single sign-on enabled subscription
Neota Logic Studio supports SP initiated SSO
Adding Neota Logic Studio from the gallery

To configure the integration of Neota Logic Studio into Azure AD, you need to add Neota Logic Studio from the
To add Neota Logic Studio from the gallery, perform the following steps:
4. In the search box, type Neota Logic Studio, select Neota Logic Studio from result panel then click Add

In this section, you configure and test Azure AD single sign-on with Neota Logic Studio based on a test user called
Neota Logic Studio needs to be established.
To configure and test Azure AD single sign-on with Neota Logic Studio, you need to complete the following
building blocks:
2. Configure Neota Logic Studio Single Sign-On - to configure the Single Sign-On settings on application
side.
5. Create Neota Logic Studio test user - to have a counterpart of Britta Simon in Neota Logic Studio that is
To configure Azure AD single sign-on with Neota Logic Studio, perform the following steps:
1. In the Azure portal, on the Neota Logic Studio application integration page, select Single sign-on.
dialog.

https://.neotalogic.com/a/
https://.neotalogic.com/wb
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Neota Logic Studio
6. On the Set up Neota Logic Studio section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Neota Logic Studio Single Sign-On
To configure single sign-on on Neota Logic Studio side, you need to send the downloaded Federation
Metadata XML and appropriate copied URLs from Azure portal to Neota Logic Studio support team. They set

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Neota Logic Studio.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Neota Logic
Studio.
2. In the applications list, select Neota Logic Studio.
Create Neota Logic Studio test user
In this section, you create a user called Britta Simon in Neota Logic Studio. Work with Neota Logic Studio support
team to add the users in the Neota Logic Studio platform. Users must be created and activated before you use
single sign-on.
Test single sign-on
When you click the Neota Logic Studio tile in the Access Panel, you should be automatically signed in to the Neota
Logic Studio for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
integration with NetDocuments
In this tutorial, you'll learn how to integrate NetDocuments with Azure Active Directory (Azure AD ). When you
integrate NetDocuments with Azure AD, you can:
Control in Azure AD who has access to NetDocuments.
Enable your users to be automatically signed-in to NetDocuments with their Azure AD accounts.
Prerequisites
NetDocuments single sign-on (SSO ) enabled subscription.
NetDocuments supports SP initiated SSO
Adding NetDocuments from the gallery

To configure the integration of NetDocuments into Azure AD, you need to add NetDocuments from the gallery to
5. In the Add from the gallery section, type NetDocuments in the search box.
6. Select NetDocuments from results panel and then add the app. Wait a few seconds while the app is added to
your tenant.
Configure and test Azure AD single sign-on for NetDocuments

Configure and test Azure AD SSO with NetDocuments using a test user called B.Simon. For SSO to work, you
need to establish a link relationship between an Azure AD user and the related user in NetDocuments.
To configure and test Azure AD SSO with NetDocuments, complete the following building blocks:
2. Configure NetDocuments SSO - to configure the single sign-on settings on application side.
a. Create NetDocuments test user - to have a counterpart of B.Simon in NetDocuments that is linked to

1. In the Azure portal, on the NetDocuments application integration page, find the Manage section and
edit the settings.
https://vault.netvoyage.com/neWeb2/docCent.aspx?whr=<Repository ID>
https://vault.netvoyage.com/neWeb2/docCent.aspx?whr=<Repository ID>
c. In the Identifier (Entity ID ) text box, type a URL using the following pattern:
http://netdocuments.com/VAULT
NOTE
These values are not real. Update these values with the actual Sign on URL and Reply URL. Repository ID is a value
starting with CA- followed by 8 character code associated with your NetDocuments Repository. You can check the
NetDocuments Federated Identity support document for more information. Alternatively you can contact
NetDocuments Client support team to get these values if you have difficulties configuring using the above
information . You can also refer to the patterns shown in the Basic SAML Configuration section in the Azure portal.
5. NetDocuments application expects the SAML assertions in a specific format, which requires you to add
NetDocuments application expects nameidentifier to be mapped with employeeid or any other claim
which is applicable to your Organization as nameidentifier, so you need to edit the attribute mapping by
clicking on Edit icon and change the attribute mapping.
computer.
7. On the Set up NetDocuments section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to NetDocuments.
2. In the applications list, select NetDocuments.
Configure NetDocuments SSO

1. In a different web browser window, sign into your NetDocuments company site as an administrator.
2. Go to Admin.
3. Click Add and remove users and groups.
4. Click Configure advanced authentication options.

5. On the Federated Identity dialog, perform the following steps:
a. As Federated identity server type, select Active Directory Federation Services.

b. Click Choose file, to upload the downloaded metadata file which you have downloaded from Azure
portal.
c. Click OK.
Create NetDocuments test user
To enable Azure AD users to sign in to NetDocuments, they must be provisioned into NetDocuments.
In the case of NetDocuments, provisioning is a manual task.
1. Sign on to your NetDocuments company site as administrator.
3. Click Add and remove users and groups.
4. In the Email Address textbox, type the email address of a valid Azure Active Directory account you want to
provision, and then click Add User.
NOTE
The Azure Active Directory account holder will get an email that includes a link to confirm the account before it
becomes active. You can use any other NetDocuments user account creation tools or APIs provided by
NetDocuments to provision Azure Active Directory user accounts.
Test SSO
When you click the NetDocuments tile in the Access Panel, you should be automatically signed in to the
NetDocuments for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Try NetDocuments with Azure AD
Netop Portal
In this tutorial, you learn how to integrate Netop Portal with Azure Active Directory (Azure AD ). Integrating Netop
Portal with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Netop Portal.
You can enable your users to be automatically signed-in to Netop Portal (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Netop Portal, you need the following items:
Netop Portal single sign-on enabled subscription
Netop Portal supports IDP initiated SSO
Adding Netop Portal from the gallery

To configure the integration of Netop Portal into Azure AD, you need to add Netop Portal from the gallery to your
To add Netop Portal from the gallery, perform the following steps:
4. In the search box, type Netop Portal, select Netop Portal from result panel then click Add button to add
the application.

In this section, you configure and test Azure AD single sign-on with Netop Portal based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Netop
Portal needs to be established.
To configure and test Azure AD single sign-on with Netop Portal, you need to complete the following building
blocks:
2. Configure Netop Portal Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Netop Portal test user - to have a counterpart of Britta Simon in Netop Portal that is linked to the
To configure Azure AD single sign-on with Netop Portal, perform the following steps:
1. In the Azure portal, on the Netop Portal application integration page, select Single sign-on.
dialog.
5. Your Netop Portal application expects the SAML assertions in a specific format, which requires you to add
6. In addition to above, Netop Portal application expects few more attributes to be passed back in SAML
NRC-ACCOUNT-ID "adfs-demo"
NRC-EMAIL user.userprincipalname
NRC-GIVEN-NAME user.givenname
NRC-SURNAME user.surname
NRC-USERNAME user.userprincipalname
nameidentifier user.userprincipalname
c. In the Namespace textbox, type https://secure.netop.com.
f. Click Ok
g. Click Save.
8. On the Set up Netop Portal section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Netop Portal Single Sign-On
To configure single sign-on on Netop Portal side, you need to the downloaded Federation Metadata XML and
the Login URL from Azure portal. Follow the instructions in Step 3 of the documentation here to configure NetOp
Portal for Azure AD authentication.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Netop Portal.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Netop Portal.
2. In the applications list, select Netop Portal.
Create Netop Portal test user
In this section, you create a user called Britta Simon in Netop Portal. Work with Netop Portal support team to add
the users in the Netop Portal platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Netop Portal tile in the Access Panel, you should be automatically signed in to the Netop Portal
integration with Netskope Administrator Console
In this tutorial, you'll learn how to integrate Netskope Administrator Console with Azure Active Directory (Azure
AD ). When you integrate Netskope Administrator Console with Azure AD, you can:
Control in Azure AD who has access to Netskope Administrator Console.
Enable your users to be automatically signed-in to Netskope Administrator Console with their Azure AD
accounts.
Prerequisites
Netskope Administrator Console single sign-on (SSO ) enabled subscription.
Netskope Administrator Console supports SP and IDP initiated SSO
Adding Netskope Administrator Console from the gallery

To configure the integration of Netskope Administrator Console into Azure AD, you need to add Netskope
Administrator Console from the gallery to your list of managed SaaS apps.
5. In the Add from the gallery section, type Netskope Administrator Console in the search box.
6. Select Netskope Administrator Console from results panel and then add the app. Wait a few seconds while
Configure and test Azure AD single sign-on for Netskope Administrator

Console
Configure and test Azure AD SSO with Netskope Administrator Console using a test user called B.Simon. For
SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Netskope
Administrator Console.
To configure and test Azure AD SSO with Netskope Administrator Console, complete the following building
blocks:
2. Configure Netskope Administrator Console SSO - to configure the single sign-on settings on application
side.
Create Netskope Administrator Console test user - to have a counterpart of B.Simon in Netskope
Administrator Console that is linked to the Azure AD representation of user.

1. In the Azure portal, on the Netskope Administrator Console application integration page, find the
edit the settings.
a. In the Identifier text box, type a URL using the following pattern: Netskope_<OrgKey>
b. In the Reply URL text box, type a URL using the following pattern: https://<tenant_host_name>/saml/acs
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. You will get these values
initiated mode:
In the Sign-on URL text box, type a URL using the following pattern: https://<tenantname>.goskope.com
NOTE
The Sign-on URL values is not real. Update Sign-on URL value with the actual Sign-on URL. Contact Netskope
Administrator Console Client support team to get Sign-on URL value. You can also refer to the patterns shown in the
6. Netskope Administrator Console application expects the SAML assertions in a specific format, which
7. In addition to above, Netskope Administrator Console application expects few more attributes to be passed
admin-role user.assignedroles
NOTE
Click here to know how to create roles in Azure AD.
9. On the Set up Netskope Administrator Console section, copy the appropriate URL (s) based on your
requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Netskope Administrator
Console.
2. In the applications list, select Netskope Administrator Console.
Configure Netskope Administrator Console SSO

1. Open a new tab in your browser, and sign in to your Netskope Administrator Console company site as an
administrator.
2. Click on the Settings tab from the left navigation pane.
3. Click Administration tab.
4. Click SSO tab.

5. On the Network Settings section, perform the following steps:
a. Copy Assertion Consumer Service URL value and paste it into the Reply URL textbox in the Basic
b. Copy Service Provider Entity ID value and paste it into the Identifier textbox in the Basic SAML
6. Click on the EDIT SETTINGS under the SSO/SLO Settings section.
7. On the Settings popup window, perform the following steps;
a. Select Enable SSO.
b. In the IDP URL textbox, paste the Login URL value, which you have copied from the Azure portal.
c. In the IDP ENTITY ID textbox, paste the Azure AD Identifier value, which you have copied from the
Azure portal.
d. Open your downloaded Base64 encoded certificate in notepad, copy the content of it into your clipboard,
and then paste it to the IDP CERTIFICATE textbox.
e. Select Enable SSO.
f. In the IDP SLO URL textbox, paste the Logout URL value, which you have copied from the Azure portal.
g. Click SUBMIT.
Create Netskope Administrator Console test user
1. Open a new tab in your browser, and sign in to your Netskope Administrator Console company site as an
administrator.
3. Click Active Platform tab.

4. Click Users tab.
5. Click ADD USERS.
6. Enter the email address of the user you want to add and click ADD.
Test SSO
When you click the Netskope Administrator Console tile in the Access Panel, you should be automatically signed in
to the Netskope Administrator Console for which you set up SSO. For more information about the Access Panel,
Try Netskope Administrator Console with Azure AD
integration with Netskope User Authentication
In this tutorial, you'll learn how to integrate Netskope User Authentication with Azure Active Directory (Azure AD ).
When you integrate Netskope User Authentication with Azure AD, you can:
Control in Azure AD who has access to Netskope User Authentication.
Enable your users to be automatically signed-in to Netskope User Authentication with their Azure AD accounts.
Prerequisites
Netskope User Authentication single sign-on (SSO ) enabled subscription.
Netskope User Authentication supports SP and IDP initiated SSO
Adding Netskope User Authentication from the gallery

To configure the integration of Netskope User Authentication into Azure AD, you need to add Netskope User
Authentication from the gallery to your list of managed SaaS apps.
5. In the Add from the gallery section, type Netskope User Authentication in the search box.
6. Select Netskope User Authentication from results panel and then add the app. Wait a few seconds while the
Configure and test Azure AD single sign-on for Netskope User

Authentication
Configure and test Azure AD SSO with Netskope User Authentication using a test user called B.Simon. For SSO
to work, you need to establish a link relationship between an Azure AD user and the related user in Netskope User
Authentication.
To configure and test Azure AD SSO with Netskope User Authentication, complete the following building blocks:
2. Configure Netskope User Authentication SSO - to configure the single sign-on settings on application side.
Create Netskope User Authentication test user - to have a counterpart of B.Simon in Netskope User
Authentication that is linked to the Azure AD representation of user.

1. In the Azure portal, on the Netskope User Authentication application integration page, find the Manage
edit the settings.
https://<tenantname>.goskope.com/<customer entered string>
https://<tenantname>.goskope.com/nsauth/saml2/http-post/<customer entered string>
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. You will get these values
initiated mode:
In the Sign-on URL text box, type a URL using the following pattern: https://<tenantname>.goskope.com
NOTE
The Sign-on URL values is not real. Update Sign-on URL value with the actual Sign-on URL. Contact Netskope User
Authentication Client support team to get Sign-on URL value. You can also refer to the patterns shown in the Basic
7. On the Set up Netskope User Authentication section, copy the appropriate URL (s) based on your
requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Netskope User
Authentication.
2. In the applications list, select Netskope User Authentication.
Configure Netskope User Authentication SSO

1. Open a new tab in your browser, and sign in to your Netskope User Authentication company site as an
administrator.
3. Scroll down to FORWARD PROXY and select SAML.
4. On the SAML Settings page, perform the following steps:

a. Copy SAML Entity ID value and paste it into the Identifier textbox in the Basic SAML Configuration
b. Copy SAML ACS URL value and paste it into the Reply URL textbox in the Basic SAML Configuration
5. Click ADD ACCOUNT.
6. On the Add SAML Account page, perform the following steps:
a. In the NAME textbox, provide the name like Azure AD.

b. In the IDP URL textbox, paste the Login URL value, which you have copied from the Azure portal.
c. In the IDP ENTITY ID textbox, paste the Azure AD Identifier value, which you have copied from the
Azure portal.
d. Open your downloaded metadata file in notepad, copy the content of it into your clipboard, and then
paste it to the IDP CERTIFICATE textbox.
e. Click SAVE.
Create Netskope User Authentication test user
1. Open a new tab in your browser, and sign in to your Netskope User Authentication company site as an
administrator.

4. Click Users tab.
5. Click ADD USERS.
6. Enter the email address of the user you want to add and click ADD.
Test SSO
When you click the Netskope User Authentication tile in the Access Panel, you should be automatically signed in to
the Netskope User Authentication for which you set up SSO. For more information about the Access Panel, see
Try Netskope User Authentication with Azure AD
Tutorial: Integrate Azure AD single sign-on (SSO)
with NetSuite
In this tutorial, you'll learn how to integrate NetSuite with Azure Active Directory (Azure AD ). When you integrate
NetSuite with Azure AD, you can:
Control in Azure AD who has access to NetSuite.
Enable your users to be automatically signed in to NetSuite with their Azure AD accounts.
Manage your accounts in one central location, the Azure portal.
Azure Active Directory?.
Prerequisites
A NetSuite single sign-on (SSO )-enabled subscription.
NetSuite supports:
IDP -initiated SSO.
JIT (just-in-time) user provisioning.
Automated user provisioning.
NOTE
Because the identifier of this application is a fixed string value, only one instance can be configured in one tenant.
Add NetSuite from the gallery

To configure the integration of NetSuite into Azure AD, add NetSuite from the gallery to your list of managed
SaaS apps by doing the following:
1. Sign in to the Azure portal with either a work or school account, or a personal Microsoft account.
5. In the Add from the gallery section, type NetSuite in the search box.
6. In the results pane, select NetSuite, and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for NetSuite

Configure and test Azure AD SSO with NetSuite by using a test user called B.Simon. For SSO to work, you need
to establish a link relationship between an Azure AD user and the related user in NetSuite.
To configure and test Azure AD SSO with NetSuite, complete the following building blocks:
a. Create an Azure AD test user to test Azure AD single sign-on with user B.Simon.
b. Assign the Azure AD test user to enable user B.Simon to use Azure AD single sign-on.
2. Configure NetSuite SSO to configure the single sign-on settings on the application side.
Create the NetSuite test user to have a counterpart of user B.Simon in NetSuite that's linked to the
Azure AD representation of the user.
3. Test SSO to verify that the configuration works.

To enable Azure AD SSO in the Azure portal, do the following:
1. In the Azure portal, on the NetSuite application integration page, look for the Manage section, and then
2. In the Select a single sign-on method pane, select SAML.
3. In the Set up Single Sign-On with SAML pane, select the Edit ("pencil") icon next to Basic SAML
Configuration.
4. In the Basic SAML Configuration section, in the Reply URL text box, type a URL in one of the following
formats:
https://<tenant-name>.NetSuite.com/saml2/acs
https://<tenant-name>.na1.NetSuite.com/saml2/acs
https://<tenant-name>.na2.NetSuite.com/saml2/acs
https://<tenant-name>.sandbox.NetSuite.com/saml2/acs
https://<tenant-name>.na1.sandbox.NetSuite.com/saml2/acs
https://<tenant-name>.na2.sandbox.NetSuite.com/saml2/acs
NOTE
The values in the preceding URLs are not real. Update them with the actual Reply URL. To get the value, contact the
NetSuite Client support team. You can also refer to the formats shown in the Basic SAML Configuration section in
the Azure portal.
The NetSuite application expects the SAML assertions to be displayed in a specific format. You'll need to
add custom attribute mappings to your SAML token attributes configuration.
5. To open the User Attributes pane, select the Edit ("pencil") icon. The pane displays a list of default
attributes, as shown in the following image:
In addition to these attributes, the NetSuite application expects a few more attributes to be passed back in
the SAML response.
6. In the User Attributes pane, under User Claims, perform the following steps to add the SAML token
attribute that's shown in the following table:
account account id
a. Select Add new claim to open the Manage user claims pane.
b. In the Name box, type the attribute name that's shown for that row.
c. Leave the Namespace box blank.
d. In the Source drop-down list, select Attribute.
e. In the Source attribute list, enter the attribute value that's shown for that row.
f. Select OK.
g. Select Save.
NOTE
The value of the account attribute is not real. You'll update this value, as explained later in this tutorial.
7. In the Set up single sign-on with SAML pane, in the SAML Signing Certificate section, look for
Federation Metadata XML.
8. Select Download to download the certificate and save it on your computer.
9. In the Set up NetSuite section, copy the appropriate URL or URLs, depending on your requirement.
In this section, you create a test user in the Azure portal called B.Simon.
1. In the left pane of the Azure portal, select Azure Active Directory > Users > All users.
3. In the User properties pane, follow these steps:
a. In the Name box, enter B.Simon.
b. In the User name box, enter the username@companydomain.extension (for example,
B.Simon@contoso.com).
box.
d. Select Create.
In this section, you enable user B.Simon to use Azure single sign-on by granting access to NetSuite.
2. In the applications list, select NetSuite.
3. In the overview pane, look for the Manage section, and then select the Users and groups link.
4. Select Add user and then, in the Add Assignment pane, select Users and groups.
5. In the Users and groups pane, in the Users drop-down list, select B.Simon, and then select the Select
button at the bottom of the screen.
6. If you're expecting any role value in the SAML assertion, do the following:
a. In the Select Role pane, in the drop-down list, select the appropriate role for the user.
b. At the bottom of the screen, select the Select button.
7. In the Add Assignment pane, select the Assign button.
Configure NetSuite SSO

1. Open a new tab in your browser, and sign in to your NetSuite company site as an administrator.
2. In the top navigation bar, select Setup, and then select Company > Enable Features.
3. In the toolbar at the middle of the page, select SuiteCloud.
4. Under Manage Authentication, select the SAML Single Sign-on check box to enable the SAML single
sign-on option in NetSuite.
5. In the top navigation bar, select Setup.
6. In the Setup Tasks list, select Integration.

7. Under Manage Authentication, select SAML Single Sign-on.
8. In the SAML Setup pane, under NetSuite Configuration, do the following:

a. Select the Primary Authentication Method check box.
b. Under SAMLV2 Identity Provider Metadata, select Upload IDP Metadata File, and then select
Browse to upload the metadata file that you downloaded from the Azure portal.
c. Select Submit.
9. In the NetSuite top navigation bar, select Setup, and then select Company > Company Information.
b. In the Company Information pane, in the right column, copy the Account ID value.
c. Paste the Account ID that you copied from the NetSuite account into the Attribute Value box in Azure
AD.
10. Before users can perform single sign-on into NetSuite, they must first be assigned the appropriate
permissions in NetSuite. To assign these permissions, do the following:
a. In the top navigation bar, select Setup.
b. In the left pane, select Users/Roles, then select Manage Roles.
c. Select New Role.

d. Enter a Name for the new role.
e. Select Save.
f. In the top navigation bar, select Permissions. Then select Setup.
g. Select SAML Single Sign-on, and then select Add.

h. Select Save.
i. In the top navigation bar, select Setup, and then select Setup Manager.
j. In the left pane, select Users/Roles, and then select Manage Users.
k. Select a test user, select Edit, and then select the Access tab.
l. In the Roles pane, assign the appropriate role that you have created.
m. Select Save.
Create the NetSuite test user
In this section, a user called B.Simon is created in NetSuite. NetSuite supports just-in-time user provisioning,
which is enabled by default. There's no action item for you in this section. If a user doesn't already exist in NetSuite,
Test SSO
When you select the NetSuite tile in the Access Panel, you should be automatically signed in to the NetSuite for
Try NetSuite with Azure AD
Tutorial: Azure Active Directory integration with New
Relic
In this tutorial, you learn how to integrate New Relic with Azure Active Directory (Azure AD ). Integrating New Relic
You can control in Azure AD who has access to New Relic.
You can enable your users to be automatically signed-in to New Relic (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with New Relic, you need the following items:
New Relic single sign-on enabled subscription
New Relic supports SP initiated SSO
Adding New Relic from the gallery

To configure the integration of New Relic into Azure AD, you need to add New Relic from the gallery to your list of
managed SaaS apps.
To add New Relic from the gallery, perform the following steps:
4. In the search box, type New Relic, select New Relic from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with New Relic based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in New Relic
To configure and test Azure AD single sign-on with New Relic, you need to complete the following building blocks:
2. Configure New Relic Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create New Relic test user - to have a counterpart of Britta Simon in New Relic that is linked to the Azure AD
To configure Azure AD single sign-on with New Relic, perform the following steps:
1. In the Azure portal, on the New Relic application integration page, select Single sign-on.
dialog.

https://rpm.newrelic.com/accounts/{acc_id}/sso/saml/login - Be sure to substitute your own New Relic
Account ID.
b. In the Identifier (Entity ID ) text box, type a URL: rpm.newrelic.com
6. On the Set up New Relic section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure New Relic Single Sign-On
1. In a different web browser window, sign on to your New Relic company site as administrator.
2. In the menu on the top, click Account Settings.
3. Click the Security and authentication tab, and then click the Single sign on tab.
4. On the SAML dialog page, perform the following steps:
a. Click Choose File to upload your downloaded Azure Active Directory certificate.
b. In the Remote login URL textbox, paste the value of Login URL, which you have copied from Azure
portal.
c. In the Logout landing URL textbox, paste the value of Logout URL, which you have copied from Azure
portal.
d. Click Save my changes.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to New Relic.
1. In the Azure portal, select Enterprise Applications, select All applications, then select New Relic.
2. In the applications list, select New Relic.
Create New Relic test user
In order to enable Azure Active Directory users to log in to New Relic, they must be provisioned into New Relic. In
the case of New Relic, provisioning is a manual task.
To provision a user account to New Relic, perform the following steps:
1. Log in to your New Relic company site as administrator.
3. In the Account pane on the left side, click Summary, and then click Add user.
4. On the Active users dialog, perform the following steps:
a. In the Email textbox, type the email address of a valid Azure Active Directory user you want to provision.
b. As Role select User.
c. Click Add this user.
NOTE
You can use any other New Relic user account creation tools or APIs provided by New Relic to provision Azure AD user
accounts.
Test single sign-on

When you click the New Relic tile in the Access Panel, you should be automatically signed in to the New Relic for
Nexonia
In this tutorial, you learn how to integrate Nexonia with Azure Active Directory (Azure AD ). Integrating Nexonia
You can control in Azure AD who has access to Nexonia.
You can enable your users to be automatically signed-in to Nexonia (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Nexonia, you need the following items:
Nexonia single sign-on enabled subscription
Nexonia supports IDP initiated SSO
Adding Nexonia from the gallery

To configure the integration of Nexonia into Azure AD, you need to add Nexonia from the gallery to your list of
managed SaaS apps.
To add Nexonia from the gallery, perform the following steps:
4. In the search box, type Nexonia, select Nexonia from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Nexonia based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Nexonia
To configure and test Azure AD single sign-on with Nexonia, you need to complete the following building blocks:
2. Configure Nexonia Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Nexonia test user - to have a counterpart of Britta Simon in Nexonia that is linked to the Azure AD
To configure Azure AD single sign-on with Nexonia, perform the following steps:
1. In the Azure portal, on the Nexonia application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type a URL: Nexonia
https://system.nexonia.com/assistant/saml.do?orgCode=<organizationcode>
NOTE
The Reply URL value is not real. Update the value with the actual Reply URL. Contact Nexonia Client support team to
6. On the Set up Nexonia section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Nexonia Single Sign-On
To configure single sign-on on Nexonia side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to Nexonia support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Nexonia.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Nexonia.
2. In the applications list, select Nexonia.
Create Nexonia test user
In this section, you create a user called Britta Simon in Nexonia. Work with Nexonia support team to add the users
in the Nexonia platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Nexonia tile in the Access Panel, you should be automatically signed in to the Nexonia for
Nimblex
In this tutorial, you learn how to integrate Nimblex with Azure Active Directory (Azure AD ). Integrating Nimblex
You can control in Azure AD who has access to Nimblex.
You can enable your users to be automatically signed-in to Nimblex (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Nimblex, you need the following items:
Nimblex single sign-on enabled subscription
Nimblex supports SP initiated SSO
Nimblex supports Just In Time user provisioning
Adding Nimblex from the gallery

To configure the integration of Nimblex into Azure AD, you need to add Nimblex from the gallery to your list of
managed SaaS apps.
To add Nimblex from the gallery, perform the following steps:
4. In the search box, type Nimblex, select Nimblex from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Nimblex based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Nimblex
To configure and test Azure AD single sign-on with Nimblex, you need to complete the following building blocks:
2. Configure Nimblex Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Nimblex test user - to have a counterpart of Britta Simon in Nimblex that is linked to the Azure AD
To configure Azure AD single sign-on with Nimblex, perform the following steps:
1. In the Azure portal, on the Nimblex application integration page, select Single sign-on.
dialog.

https://<YOUR APPLICATION PATH>/Login.aspx
b. In the Identifier box, type a URL using the following pattern: https://<YOUR APPLICATION PATH>/
https://<path-to-application>/SamlReply.aspx
NOTE
Nimblex Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
6. On the Set up Nimblex section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Nimblex Single Sign-On
1. In a different web browser window, sign in to Nimblex as a Security Administrator.
2. On the top right-side of the page, click Settings logo.
3. On the Control Panel page, under Security section click Single Sign-on.
4. On the Manage Single Sign-On page, select your instance name and click Edit.
5. On the Edit SSO Provider page, perform the following steps:

a. In the Description textbox, type your instance name.
b. In Notepad, open the base-64 encoded certificate that you downloaded from the Azure portal, copy its
content, and then paste it into the Certificate box.
c. In the Identity Provider Sso Target Url textbox, paste the value of Login URL, which you have copied
d. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Nimblex.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Nimblex.
2. In the applications list, select Nimblex.

Create Nimblex test user
In this section, a user called Britta Simon is created in Nimblex. Nimblex supports just-in-time user provisioning,
which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Nimblex,
NOTE
If you need to create a user manually, contact Nimblex Client support team.
Test single sign-on
When you click the Nimblex tile in the Access Panel, you should be automatically signed in to the Nimblex for
Nomadesk
In this tutorial, you learn how to integrate Nomadesk with Azure Active Directory (Azure AD ). Integrating
Nomadesk with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Nomadesk.
You can enable your users to be automatically signed-in to Nomadesk (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Nomadesk, you need the following items:
Nomadesk single sign-on enabled subscription
Nomadesk supports SP initiated SSO
Nomadesk supports Just In Time user provisioning
Adding Nomadesk from the gallery

To configure the integration of Nomadesk into Azure AD, you need to add Nomadesk from the gallery to your list
To add Nomadesk from the gallery, perform the following steps:
4. In the search box, type Nomadesk, select Nomadesk from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Nomadesk based on a test user called Britta
Nomadesk needs to be established.
To configure and test Azure AD single sign-on with Nomadesk, you need to complete the following building blocks:
2. Configure Nomadesk Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Nomadesk test user - to have a counterpart of Britta Simon in Nomadesk that is linked to the Azure
To configure Azure AD single sign-on with Nomadesk, perform the following steps:
1. In the Azure portal, on the Nomadesk application integration page, select Single sign-on.
dialog.

https://mynomadesk.com/logon/saml/<TENANTID>
https://secure.nomadesk.com/saml/<instancename>
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Nomadesk Client
6. On the Set up Nomadesk section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Nomadesk Single Sign-On
To configure single sign-on on Nomadesk side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to Nomadesk support team. They set this setting to have the SAML

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Nomadesk.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Nomadesk.
2. In the applications list, select Nomadesk.
Create Nomadesk test user
In this section, a user called Britta Simon is created in Nomadesk. Nomadesk supports just-in-time user
exist in Nomadesk, a new one is created after authentication.
NOTE
If you need to create a user manually, you need to contact the Nomadesk support team.
Test single sign-on

When you click the Nomadesk tile in the Access Panel, you should be automatically signed in to the Nomadesk for
Nomadic
In this tutorial, you learn how to integrate Nomadic with Azure Active Directory (Azure AD ). Integrating Nomadic
You can control in Azure AD who has access to Nomadic.
You can enable your users to be automatically signed-in to Nomadic (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Nomadic, you need the following items:
Nomadic single sign-on enabled subscription
Nomadic supports SP initiated SSO
Adding Nomadic from the gallery

To configure the integration of Nomadic into Azure AD, you need to add Nomadic from the gallery to your list of
managed SaaS apps.
To add Nomadic from the gallery, perform the following steps:
4. In the search box, type Nomadic, select Nomadic from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Nomadic based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Nomadic
To configure and test Azure AD single sign-on with Nomadic, you need to complete the following building blocks:
2. Configure Nomadic Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Nomadic test user - to have a counterpart of Britta Simon in Nomadic that is linked to the Azure AD
To configure Azure AD single sign-on with Nomadic, perform the following steps:
1. In the Azure portal, on the Nomadic application integration page, select Single sign-on.
dialog.

https://<company name>.nomadic.fm/signin
https://<company name>.nomadic.fm/auth/saml2/sp
https://<company name>.staging.nomadic.fm/auth/saml2/sp
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Nomadic Client
6. On the Set up Nomadic section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Nomadic Single Sign-On
To configure single sign-on on Nomadic side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to Nomadic support team. They set this setting to have the SAML

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Nomadic.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Nomadic.
2. In the applications list, select Nomadic.

Create Nomadic test user
In this section, you create a user called Britta Simon in Nomadic. Work with Nomadic support team to add the
users in the Nomadic platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Nomadic tile in the Access Panel, you should be automatically signed in to the Nomadic for
Novatus
In this tutorial, you learn how to integrate Novatus with Azure Active Directory (Azure AD ). Integrating Novatus
You can control in Azure AD who has access to Novatus.
You can enable your users to be automatically signed-in to Novatus (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Novatus, you need the following items:
Novatus single sign-on enabled subscription
Novatus supports SP initiated SSO
Novatus supports Just In Time user provisioning
Adding Novatus from the gallery

To configure the integration of Novatus into Azure AD, you need to add Novatus from the gallery to your list of
managed SaaS apps.
To add Novatus from the gallery, perform the following steps:
4. In the search box, type Novatus, select Novatus from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Novatus based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Novatus
To configure and test Azure AD single sign-on with Novatus, you need to complete the following building blocks:
2. Configure Novatus Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Novatus test user - to have a counterpart of Britta Simon in Novatus that is linked to the Azure AD
To configure Azure AD single sign-on with Novatus, perform the following steps:
1. In the Azure portal, on the Novatus application integration page, select Single sign-on.
dialog.

https://sso.novatuscontracts.com/<companyname>
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact Novatus Client support team to get the
6. On the Set up Novatus section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Novatus Single Sign-On
To configure single sign-on on Novatus side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to Novatus support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Novatus.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Novatus.
2. In the applications list, select Novatus.
Create Novatus test user
In this section, a user called Britta Simon is created in Novatus. Novatus supports just-in-time user provisioning,
which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Novatus,
NOTE
If you need to create an user manually, you need to contact the Novatus support team.
Test single sign-on

When you click the Novatus tile in the Access Panel, you should be automatically signed in to the Novatus for
integration with Nuclino
In this tutorial, you'll learn how to integrate Nuclino with Azure Active Directory (Azure AD ). When you integrate
Nuclino with Azure AD, you can:
Control in Azure AD who has access to Nuclino.
Enable your users to be automatically signed-in to Nuclino with their Azure AD accounts.
Prerequisites
Nuclino single sign-on (SSO ) enabled subscription.
Nuclino supports SP and IDP initiated SSO
Nuclino supports Just In Time user provisioning
Adding Nuclino from the gallery

To configure the integration of Nuclino into Azure AD, you need to add Nuclino from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Nuclino in the search box.
6. Select Nuclino from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Nuclino

Configure and test Azure AD SSO with Nuclino using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Nuclino.
To configure and test Azure AD SSO with Nuclino, complete the following building blocks:
2. Configure Nuclino SSO - to configure the single sign-on settings on application side.
a. Create Nuclino test user - to have a counterpart of B.Simon in Nuclino that is linked to the Azure AD

1. In the Azure portal, on the Nuclino application integration page, find the Manage section and select
single sign-on.
edit the settings.
https://api.nuclino.com/api/sso/<UNIQUE-ID>/metadata
https://api.nuclino.com/api/sso/<UNIQUE-ID>/acs
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL from the Authentication
section, which is explained later in this tutorial.
initiated mode:
https://app.nuclino.com/<UNIQUE-ID>/login
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact Nuclino
6. Nuclino application expects the SAML assertions in a specific format, which requires you to add custom
default attributes.
7. In addition to above, Nuclino application expects few more attributes to be passed back in SAML response
requirements.
9. On the Set up Nuclino section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Nuclino.
2. In the applications list, select Nuclino.
Configure Nuclino SSO

1. To automate the configuration within Nuclino, you need to install My Apps Secure Sign-in browser
2. After adding extension to the browser, click on Set up Nuclino will direct you to the Nuclino application.
From there, provide the admin credentials to sign into Nuclino. The browser extension will automatically
3. If you want to setup Nuclino manually, open a new web browser window and sign into your Nuclino
4. Click on the ICON.
5. Click on the Azure AD SSO and select Team settings from the dropdown.
6. Select Authentication from left navigation pane.
7. In the Authentication section, perform the following steps:

a. Select SAML -based single sign-on (SSO ).
b. Copy ACS URL (You need to copy and paste this to your SSO provider) value and paste it into the
Reply URL textbox of the Basic SAML Configuration section in the Azure portal.
c. Copy Entity ID (You need to copy and paste this to your SSO provider) value and paste it into the
Identifier textbox of the Basic SAML Configuration section in the Azure portal.
d. In the SSO URL textbox, paste the Login URL value which you have copied from the Azure portal.
e. In the Entity ID textbox, paste the Azure AD Identifier value which you have copied from the Azure
portal.
f. Open your downloaded Certificate(Base64) file in Notepad. Copy the content of it into your clipboard,
and then paste it to the Public certificate text box.
g. Click SAVE CHANGES.
Create Nuclino test user
In this section, a user called B.Simon is created in Nuclino. Nuclino supports just-in-time user provisioning, which
is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Nuclino, a new
NOTE
If you need to create a user manually, contact Nuclino support team.
Test SSO
When you click the Nuclino tile in the Access Panel, you should be automatically signed in to the Nuclino for which
Try Nuclino with Azure AD
Tutorial: Azure Active Directory integration with O.C.
Tanner - AppreciateHub
In this tutorial, you learn how to integrate O.C. Tanner - AppreciateHub with Azure Active Directory (Azure AD ).
Integrating O.C. Tanner - AppreciateHub with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to O.C. Tanner - AppreciateHub.
You can enable your users to be automatically signed-in to O.C. Tanner - AppreciateHub (Single Sign-On) with
you begin.
Prerequisites
To configure Azure AD integration with O.C. Tanner - AppreciateHub, you need the following items:
O.C. Tanner - AppreciateHub single sign-on enabled subscription
O.C. Tanner - AppreciateHub supports IDP initiated SSO
Adding O.C. Tanner - AppreciateHub from the gallery

To configure the integration of O.C. Tanner - AppreciateHub into Azure AD, you need to add O.C. Tanner -
AppreciateHub from the gallery to your list of managed SaaS apps.
To add O.C. Tanner - AppreciateHub from the gallery, perform the following steps:
4. In the search box, type O.C. Tanner - AppreciateHub, select O.C. Tanner - AppreciateHub from result

In this section, you configure and test Azure AD single sign-on with O.C. Tanner - AppreciateHub based on a test
user in O.C. Tanner - AppreciateHub needs to be established.
To configure and test Azure AD single sign-on with O.C. Tanner - AppreciateHub, you need to complete the
2. Configure O.C. Tanner - AppreciateHub Single Sign-On - to configure the Single Sign-On settings on
application side.
5. Create O.C. Tanner - AppreciateHub test user - to have a counterpart of Britta Simon in O.C. Tanner -
AppreciateHub that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with O.C. Tanner - AppreciateHub, perform the following steps:
1. In the Azure portal, on the O.C. Tanner - AppreciateHub application integration page, select Single sign-
on.
dialog.
following steps:
NOTE
You can download the Service Provider metadata file from here

NOTE
If the Identifier and Reply URL values do not get auto polulated, then please fill in the values manually according to
your requirement. Contact O.C. Tanner - AppreciateHub Client support team to get these values. You can also refer
to the patterns shown in the Basic SAML Configuration section in the Azure portal.
6. On the Set up O.C. Tanner - AppreciateHub section, copy the appropriate URL (s) as per your
requirement.
a. Login URL
c. Logout URL
Configure O.C. Tanner - AppreciateHub Single Sign-On
To configure single sign-on on O.C. Tanner - AppreciateHub side, you need to send the downloaded Federation
Metadata XML and appropriate copied URLs from Azure portal to O.C. Tanner - AppreciateHub support team.

b. In the User name field type user like BrittaSimon@contoso.com.
d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to O.C. Tanner -
AppreciateHub.
1. In the Azure portal, select Enterprise Applications, select All applications, then select O.C. Tanner -
AppreciateHub.
2. In the applications list, select O.C. Tanner - AppreciateHub.

Create O.C. Tanner - AppreciateHub test user
The objective of this section is to create a user called Britta Simon in O.C. Tanner - AppreciateHub.
To create a user called Britta Simon in O.C. Tanner - AppreciateHub, perform the following steps:
Ask your O.C. Tanner - AppreciateHub support team to create a user that has as nameID attribute the same value
as the user name of Britta Simon in Azure AD.
Test single sign-on
When you click the O.C. Tanner - AppreciateHub tile in the Access Panel, you should be automatically signed in to
the O.C. Tanner - AppreciateHub for which you set up SSO. For more information about the Access Panel, see
In this tutorial, you learn how to integrate OfficeSpace Software with Azure Active Directory (Azure AD ).
Integrating OfficeSpace Software with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to OfficeSpace Software.
You can enable your users to be automatically signed-in to OfficeSpace Software (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with OfficeSpace Software, you need the following items:
OfficeSpace Software single sign-on enabled subscription
OfficeSpace Software supports SP initiated SSO
OfficeSpace Software supports Just In Time user provisioning
Adding OfficeSpace Software from the gallery

To configure the integration of OfficeSpace Software into Azure AD, you need to add OfficeSpace Software from
To add OfficeSpace Software from the gallery, perform the following steps:
4. In the search box, type OfficeSpace Software, select OfficeSpace Software from result panel then click

In this section, you configure and test Azure AD single sign-on with OfficeSpace Software based on a test user
in OfficeSpace Software needs to be established.
To configure and test Azure AD single sign-on with OfficeSpace Software, you need to complete the following
building blocks:
2. Configure OfficeSpace Software Single Sign-On - to configure the Single Sign-On settings on application
side.
5. Create OfficeSpace Software test user - to have a counterpart of Britta Simon in OfficeSpace Software that
To configure Azure AD single sign-on with OfficeSpace Software, perform the following steps:
1. In the Azure portal, on the OfficeSpace Software application integration page, select Single sign-on.
dialog.

https://<company name>.officespacesoftware.com/users/sign_in/saml
<company name>.officespacesoftware.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact OfficeSpace
5. OfficeSpace Software application expects the SAML assertions in a specific format, which requires you to
OfficeSpace Software application expects nameidentifier to be mapped with user.mail, so you need to edit
the attribute mapping by clicking on Edit icon and change the attribute mapping.
6. In addition to above, OfficeSpace Software application expects few more attributes to be passed back in
email user.mail
name user.displayname
f. Click Ok
g. Click Save.
9. On the Set up OfficeSpace Software section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure OfficeSpace Software Single Sign-On
1. In a different web browser window, log into your OfficeSpace Software tenant as an administrator.
2. Go to Settings and click Connectors.
3. Click SAML Authentication.

a. In the Logout provider url textbox, paste the value of Logout URL which you have copied from Azure
portal.
b. In the Client idp target url textbox, paste the value of Login URL which you have copied from Azure
portal.
c. Paste the Thumbprint value which you have copied from Azure portal, into the Client IDP certificate
fingerprint textbox.
d. Click Save Settings.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to OfficeSpace Software.
1. In the Azure portal, select Enterprise Applications, select All applications, then select OfficeSpace
Software.
2. In the applications list, select OfficeSpace Software.
Create OfficeSpace Software test user
In this section, a user called Britta Simon is created in OfficeSpace Software. OfficeSpace Software supports just-
doesn't already exist in OfficeSpace Software, a new one is created after authentication.
NOTE
If you need to create an user manually, you need to Contact OfficeSpace Software support team.
Test single sign-on

When you click the OfficeSpace Software tile in the Access Panel, you should be automatically signed in to the
OfficeSpace Software for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
ON24 Virtual Environment SAML Connection
In this tutorial, you learn how to integrate ON24 Virtual Environment SAML Connection with Azure Active
Directory (Azure AD ). Integrating ON24 Virtual Environment SAML Connection with Azure AD provides you with
You can control in Azure AD who has access to ON24 Virtual Environment SAML Connection.
You can enable your users to be automatically signed-in to ON24 Virtual Environment SAML Connection
you begin.
Prerequisites
To configure Azure AD integration with ON24 Virtual Environment SAML Connection, you need the following
items:
ON24 Virtual Environment SAML Connection single sign-on enabled subscription
ON24 Virtual Environment SAML Connection supports SP and IDP initiated SSO
Adding ON24 Virtual Environment SAML Connection from the gallery

To configure the integration of ON24 Virtual Environment SAML Connection into Azure AD, you need to add
ON24 Virtual Environment SAML Connection from the gallery to your list of managed SaaS apps.
To add ON24 Virtual Environment SAML Connection from the gallery, perform the following steps:
4. In the search box, type ON24 Virtual Environment SAML Connection, select ON24 Virtual
Environment SAML Connection from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with ON24 Virtual Environment SAML Connection
and the related user in ON24 Virtual Environment SAML Connection needs to be established.
To configure and test Azure AD single sign-on with ON24 Virtual Environment SAML Connection, you need to
2. Configure ON24 Virtual Environment SAML Connection Single Sign-On - to configure the Single Sign-
5. Create ON24 Virtual Environment SAML Connection test user - to have a counterpart of Britta Simon in
ON24 Virtual Environment SAML Connection that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with ON24 Virtual Environment SAML Connection, perform the following
steps:
1. In the Azure portal, on the ON24 Virtual Environment SAML Connection application integration page,
dialog.
Production Environment URL
SAML-VSHOW.on24.com
SAML-Gateway.on24.com
SAP PROD SAML-EliteAudience.on24.com
QA Environment URL
SAMLQA-VSHOW.on24.com
SAMLQA-Gateway.on24.com
SAMLQA-EliteAudience.on24.com

Production Environment URL
https://federation.on24.com/sp/ACS.saml2
https://federation.on24.com/sp/eyJ2c2lkIjoiU0FNTC1WU2hvdy5vbjI0LmNvbSJ9/ACS.saml2
https://federation.on24.com/sp/eyJ2c2lkIjoiU0FNTC1HYXRld2F5Lm9uMjQuY29tIn0/ACS.saml2
https://federation.on24.com/sp/eyJ2c2lkIjoiU0FNTC1FbGl0ZUF1ZGllbmNlLm9uMjQuY29tIn0/ACS.saml2
QA Environment URL
https://qafederation.on24.com/sp/ACS.saml2
https://qafederation.on24.com/sp/eyJ2c2lkIjoiU0FNTFFBLVZzaG93Lm9uMjQuY29tIn0/ACS.saml2
https://qafederation.on24.com/sp/eyJ2c2lkIjoiU0FNTFFBLUdhdGV3YXkub24yNC5jb20ifQ/ACS.saml2
https://qafederation.on24.com/sp/eyJ2c2lkIjoiU0FNTFFBLUVsaXRlQXVkaWVuY2Uub24yNC5jb20ifQ/ACS.saml2

d. In the Relay State text box, type a URL: https://vshow.on24.com/vshow/ms_azure_saml_test?r=<ID>
5. If you wish to configure the application in SP initiated mode, perform the following step:
https://vshow.on24.com/vshow/<INSTANCENAME>
NOTE
These values are not real. Update these values with the actual Relay State and Sign-on URL. Contact ON24 Virtual
Environment SAML Connection Client support team to get these values. You can also refer to the patterns shown in
7. On the Set up ON24 Virtual Environment SAML Connection section, copy the appropriate URL (s) as
a. Login URL
c. Logout URL
Configure ON24 Virtual Environment SAML Connection Single Sign-On
To configure single sign-on on ON24 Virtual Environment SAML Connection side, you need to send the
downloaded Federation Metadata XML and appropriate copied URLs from Azure portal to ON24 Virtual
Environment SAML Connection support team. They set this setting to have the SAML SSO connection set

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to ON24 Virtual
Environment SAML Connection.
1. In the Azure portal, select Enterprise Applications, select All applications, then select ON24 Virtual
Environment SAML Connection.
2. In the applications list, select ON24 Virtual Environment SAML Connection.
Create ON24 Virtual Environment SAML Connection test user
In this section, you create a user called Britta Simon in ON24 Virtual Environment SAML Connection. Work
with ON24 Virtual Environment SAML Connection support team to add the users in the ON24 Virtual
Environment SAML Connection platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the ON24 Virtual Environment SAML Connection tile in the Access Panel, you should be
automatically signed in to the ON24 Virtual Environment SAML Connection for which you set up SSO. For more
integration with OneDesk
In this tutorial, you'll learn how to integrate OneDesk with Azure Active Directory (Azure AD ). When you integrate
OneDesk with Azure AD, you can:
Control in Azure AD who has access to OneDesk.
Enable your users to be automatically signed-in to OneDesk with their Azure AD accounts.
Prerequisites
OneDesk single sign-on (SSO ) enabled subscription.
OneDesk supports SP and IDP initiated SSO
OneDesk supports Just In Time user provisioning
Adding OneDesk from the gallery

To configure the integration of OneDesk into Azure AD, you need to add OneDesk from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type OneDesk in the search box.
6. Select OneDesk from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for OneDesk

Configure and test Azure AD SSO with OneDesk using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in OneDesk.
To configure and test Azure AD SSO with OneDesk, complete the following building blocks:
2. Configure OneDesk SSO - to configure the single sign-on settings on application side.
Create OneDesk test user - to have a counterpart of B.Simon in OneDesk that is linked to the Azure

1. In the Azure portal, on the OneDesk application integration page, find the Manage section and select
single sign-on.
edit the settings.
a. In the Identifier text box, type a URL using the following pattern: onedesk.com_<specific_tenant_string>
https://app.onedesk.com/sso/saml/SSO/alias/onedesk.com_<specific_tenant_string>
initiated mode:
https://app.onedesk.com/sso/saml/login/alias/onedesk.com_<specific_tenant_string>
NOTE
OneDesk Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
computer.
7. On the Set up OneDesk section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to OneDesk.
2. In the applications list, select OneDesk.
Configure OneDesk SSO

1. To automate the configuration within OneDesk, you need to install My Apps Secure Sign-in browser
2. After adding extension to the browser, click on Set up OneDesk will direct you to the OneDesk application.
From there, provide the admin credentials to sign into OneDesk. The browser extension will automatically
3. If you want to setup OneDesk manually, open a new web browser window and sign into your OneDesk
4. Click on the Integrations tab.
5. Click on the Single Sign On, select Upload Metadata File and click on the Choose File to upload the
metadata file, which you have downloaded from the Azure portal.
Create OneDesk test user

In this section, a user called B.Simon is created in OneDesk. OneDesk supports just-in-time user provisioning,
OneDesk, a new one is created after authentication.
Test SSO
When you click the OneDesk tile in the Access Panel, you should be automatically signed in to the OneDesk for
Try OneDesk with Azure AD
Oneteam
In this tutorial, you learn how to integrate Oneteam with Azure Active Directory (Azure AD ). Integrating Oneteam
You can control in Azure AD who has access to Oneteam.
You can enable your users to be automatically signed-in to Oneteam (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Oneteam, you need the following items:
Oneteam single sign-on enabled subscription
Oneteam supports SP and IDP initiated SSO
Oneteam supports Just In Time user provisioning
Adding Oneteam from the gallery

To configure the integration of Oneteam into Azure AD, you need to add Oneteam from the gallery to your list of
managed SaaS apps.
To add Oneteam from the gallery, perform the following steps:
4. In the search box, type Oneteam, select Oneteam from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Oneteam based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Oneteam
To configure and test Azure AD single sign-on with Oneteam, you need to complete the following building blocks:
2. Configure Oneteam Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Oneteam test user - to have a counterpart of Britta Simon in Oneteam that is linked to the Azure AD
To configure Azure AD single sign-on with Oneteam, perform the following steps:
1. In the Azure portal, on the Oneteam application integration page, select Single sign-on.
dialog.
https://api.one-team.io/teams/<team name>
https://api.one-team.io/teams/<team name>/auth/saml/callback
initiated mode:
In the Sign-on URL text box, type a URL using the following pattern: https://<team name>.one-team.io/
NOTE
Oneteam Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
7. On the Set up Oneteam section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Oneteam Single Sign-On
To configure single sign-on on Oneteam side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to Oneteam support team. They set this setting to have the SAML

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Oneteam.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Oneteam.
2. In the applications list, select Oneteam.

Create Oneteam test user
In this section, a user called Britta Simon is created in Oneteam. Oneteam supports just-in-time user provisioning,
Oneteam, a new one is created after authentication.
NOTE
If you need to create an user manually, you can raise the support ticket with Oneteam support team.
Test single sign-on
When you click the Oneteam tile in the Access Panel, you should be automatically signed in to the Oneteam for
OneTrust Privacy Management Software
In this tutorial, you learn how to integrate OneTrust Privacy Management Software with Azure Active Directory
(Azure AD ). Integrating OneTrust Privacy Management Software with Azure AD provides you with the following
benefits:
You can control in Azure AD who has access to OneTrust Privacy Management Software.
You can enable your users to be automatically signed-in to OneTrust Privacy Management Software (Single
you begin.
Prerequisites
To configure Azure AD integration with OneTrust Privacy Management Software, you need the following items:
OneTrust Privacy Management Software single sign-on enabled subscription
OneTrust Privacy Management Software supports SP and IDP initiated SSO
OneTrust Privacy Management Software supports Just In Time user provisioning
Adding OneTrust Privacy Management Software from the gallery

To configure the integration of OneTrust Privacy Management Software into Azure AD, you need to add OneTrust
Privacy Management Software from the gallery to your list of managed SaaS apps.
To add OneTrust Privacy Management Software from the gallery, perform the following steps:
4. In the search box, type OneTrust Privacy Management Software, select OneTrust Privacy
Management Software from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with OneTrust Privacy Management Software
and the related user in OneTrust Privacy Management Software needs to be established.
To configure and test Azure AD single sign-on with OneTrust Privacy Management Software, you need to complete
2. Configure OneTrust Privacy Management Software Single Sign-On - to configure the Single Sign-On
5. Create OneTrust Privacy Management Software test user - to have a counterpart of Britta Simon in
OneTrust Privacy Management Software that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with OneTrust Privacy Management Software, perform the following steps:
1. In the Azure portal, on the OneTrust Privacy Management Software application integration page, select
Single sign-on.
dialog.
a. In the Identifier text box, type a URL: https://www.onetrust.com/saml2
https://<subdomain>.onetrust.com/auth/consumerservice
initiated mode:
https://<subdomain>.onetrust.com/auth/login
NOTE
These values are not real. Update these values with the actual Reply URL and Sign-on URL. Contact OneTrust Privacy
Management Software Client support team to get these values. You can also refer to the patterns shown in the Basic
7. On the Set up OneTrust Privacy Management Software section, copy the appropriate URL (s) as per
your requirement.
a. Login URL
c. Logout URL
Configure OneTrust Privacy Management Software Single Sign-On
To configure single sign-on on OneTrust Privacy Management Software side, you need to send the
downloaded Federation Metadata XML and appropriate copied URLs from Azure portal to OneTrust Privacy
Management Software support team. They set this setting to have the SAML SSO connection set properly on both
sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to OneTrust Privacy
Management Software.
1. In the Azure portal, select Enterprise Applications, select All applications, then select OneTrust Privacy
Management Software.
2. In the applications list, select OneTrust Privacy Management Software.

Create OneTrust Privacy Management Software test user
In this section, a user called Britta Simon is created in OneTrust Privacy Management Software. OneTrust Privacy
Management Software supports just-in-time user provisioning, which is enabled by default. There is no action item
for you in this section. If a user doesn't already exist in OneTrust Privacy Management Software, a new one is
NOTE
If you need to create a user manually, Contact OneTrust Privacy Management Software support team.
Test single sign-on

When you click the OneTrust Privacy Management Software tile in the Access Panel, you should be automatically
signed in to the OneTrust Privacy Management Software for which you set up SSO. For more information about
integration with Onit
In this tutorial, you'll learn how to integrate Onit with Azure Active Directory (Azure AD ). When you integrate Onit
Control in Azure AD who has access to Onit.
Enable your users to be automatically signed-in to Onit with their Azure AD accounts.
Prerequisites
Onit single sign-on (SSO ) enabled subscription.
Onit supports SP initiated SSO
Adding Onit from the gallery

To configure the integration of Onit into Azure AD, you need to add Onit from the gallery to your list of managed
SaaS apps.
5. In the Add from the gallery section, type Onit in the search box.
6. Select Onit from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
Configure and test Azure AD single sign-on for Onit

Configure and test Azure AD SSO with Onit using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Onit.
To configure and test Azure AD SSO with Onit, complete the following building blocks:
2. Configure Onit SSO - to configure the single sign-on settings on application side.
a. Create Onit test user - to have a counterpart of B.Simon in Onit that is linked to the Azure AD

1. In the Azure portal, on the Onit application integration page, find the Manage section and select single
sign-on.
edit the settings.
a. In the Sign on URL text box, type a URL using the following pattern: https://<sub-domain>.onit.com
https://<sub-domain>.onit.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Onit Client support
Azure portal.
7. On the Set up Onit section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Onit.
2. In the applications list, select Onit.
Configure Onit SSO

1. In a different web browser window, log into your Onit company site as an administrator.
2. In the menu on the top, click Administration.
3. Click Edit Corporation.
4. Click the Security tab.
5. On the Security tab, perform the following steps:

a. As Authentication Strategy, select Single Sign On and Password.
b. In Idp Target URL textbox, paste the value of Login URL, which you have copied from Azure portal.
c. In Idp logout URL textbox, paste the value of Logout URL, which you have copied from Azure portal.
d. In Idp Cert Fingerprint (SHA1) textbox, paste the Thumbprint value of certificate, which you have
Create Onit test user
In order to enable Azure AD users to log into Onit, they must be provisioned into Onit. In the case of Onit,
1. Sign on to your Onit company site as an administrator.
2. Click Add User.
3. On the Add User dialog page, perform the following steps:

a. Type the Name and the Email Address of a valid Azure AD account you want to provision into the
related textboxes.
b. Click Create.
NOTE
becomes active.
Test SSO
When you click the Onit tile in the Access Panel, you should be automatically signed in to the Onit for which you
Try Onit with Azure AD
OnTrack
In this tutorial, you learn how to integrate OnTrack with Azure Active Directory (Azure AD ). Integrating OnTrack
You can control in Azure AD who has access to OnTrack.
You can enable your users to be automatically signed-in to OnTrack (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with OnTrack, you need the following items:
OnTrack single sign-on enabled subscription
OnTrack supports IDP initiated SSO
Adding OnTrack from the gallery

To configure the integration of OnTrack into Azure AD, you need to add OnTrack from the gallery to your list of
managed SaaS apps.
To add OnTrack from the gallery, perform the following steps:
4. In the search box, type OnTrack, select OnTrack from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with OnTrack based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in OnTrack
To configure and test Azure AD single sign-on with OnTrack, you need to complete the following building blocks:
2. Configure OnTrack Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create OnTrack test user - to have a counterpart of Britta Simon in OnTrack that is linked to the Azure AD
To configure Azure AD single sign-on with OnTrack, perform the following steps:
1. In the Azure portal, on the OnTrack application integration page, select Single sign-on.
dialog.
a. In the Identifier text box:
For the testing environment, type the URL: https://staging.insigniagroup.com/sso
For the production environment, type the URL: https://oeaccessories.com/sso
b. In the Reply URL text box:

For the testing environment, type the URL: https://indie.staging.insigniagroup.com/sso/autonation.aspx
For the production environment, type the URL: https://igaccessories.com/sso/autonation.aspx
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact OnTrack Client
5. OnTrack application expects the SAML assertions in a specific format, which requires you to add custom
6. In addition to above, OnTrack application expects few more attributes to be passed back in SAML response.
User-Role "42F432"
Hyperion-Code "12345"
NOTE
User-Role and Hyperion-Code attributes are mapped with Autonation User Role and Dealer Code respectively.
These values are example only, please use the correct code for your integration. You can contact Autonation support
for these values.
f. Click Ok
g. Click Save.
8. On the Set up OnTrack section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure OnTrack Single Sign-On
To configure single sign-on on OnTrack side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to OnTrack support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to OnTrack.
1. In the Azure portal, select Enterprise Applications, select All applications, then select OnTrack.
2. In the applications list, select OnTrack.

Create OnTrack test user
In this section, you create a user called Britta Simon in OnTrack. Work with OnTrack support team to add the users
in the OnTrack platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the OnTrack tile in the Access Panel, you should be automatically signed in to the OnTrack for
Tutorial: Azure Active Directory integration with Opal
In this tutorial, you learn how to integrate Opal with Azure Active Directory (Azure AD ). Integrating Opal with
You can control in Azure AD who has access to Opal.
You can enable your users to be automatically signed-in to Opal (Single Sign-On) with their Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Opal, you need the following items:
Opal single sign-on enabled subscription
Opal supports IDP initiated SSO
Adding Opal from the gallery

To configure the integration of Opal into Azure AD, you need to add Opal from the gallery to your list of managed
SaaS apps.
To add Opal from the gallery, perform the following steps:
4. In the search box, type Opal, select Opal from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Opal based on a test user called Britta Simon.
For single sign-on to work, a link relationship between an Azure AD user and the related user in Opal needs to be
established.
To configure and test Azure AD single sign-on with Opal, you need to complete the following building blocks:
2. Configure Opal Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Opal test user - to have a counterpart of Britta Simon in Opal that is linked to the Azure AD
To configure Azure AD single sign-on with Opal, perform the following steps:
1. In the Azure portal, on the Opal application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type a URL: Opal
https://<subdomain>.ouropal.com/auth/saml/callback
NOTE
The Reply URL value is not real. Update the value with the actual Reply URL. Contact Opal Client support team to get
5. Opal application expects the SAML assertions in a specific format, which requires you to add custom
6. In addition to above, Opal application expects few more attributes to be passed back in SAML response. In
f. Click Ok
g. Click Save.
8. On the Set up Opal section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Opal Single Sign-On
To configure single sign-on on Opal side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to Opal support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Opal.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Opal.
2. In the applications list, select Opal.

Create Opal test user
In this section, you create a user called Britta Simon in Opal. Work with Opal support team to add the users in the
Opal platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Opal tile in the Access Panel, you should be automatically signed in to the Opal for which you
integration with OpenAthens
In this tutorial, you'll learn how to integrate OpenAthens with Azure Active Directory (Azure AD ). When you
integrate OpenAthens with Azure AD, you can:
Control in Azure AD who has access to OpenAthens.
Enable your users to be automatically signed-in to OpenAthens with their Azure AD accounts.
Prerequisites
OpenAthens single sign-on (SSO ) enabled subscription.
OpenAthens supports IDP initiated SSO
OpenAthens supports Just In Time user provisioning
Adding OpenAthens from the gallery

To configure the integration of OpenAthens into Azure AD, you need to add OpenAthens from the gallery to your
5. In the Add from the gallery section, type OpenAthens in the search box.
6. Select OpenAthens from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for OpenAthens

Configure and test Azure AD SSO with OpenAthens using a test user called B.Simon. For SSO to work, you need
to establish a link relationship between an Azure AD user and the related user in OpenAthens.
To configure and test Azure AD SSO with OpenAthens, complete the following building blocks:
2. Configure OpenAthens SSO - to configure the single sign-on settings on application side.
Create OpenAthens test user - to have a counterpart of B.Simon in OpenAthens that is linked to the

1. In the Azure portal, on the OpenAthens application integration page, find the Manage section and select
single sign-on.
edit the settings.
4. On the Basic SAML Configuration section, upload the Service Provider metadata file, the steps for
which are mentioned later in this tutorial.
c. Once the metadata file is successfully uploaded, the Identifier value get auto populated in Basic SAML
Configuration section textbox:
computer.
6. On the Set up OpenAthens section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to OpenAthens.
2. In the applications list, select OpenAthens.
Configure OpenAthens SSO

1. In a different web browser window, sign in to your OpenAthens company site as an administrator.
2. Select Connections from the list under the Management tab.
3. Select SAML 1.1/2.0, and then select the Configure button.

4. To add the configuration, select the Browse button to upload the metadata .xml file that you downloaded
from the Azure portal, and then select Add.
5. Perform the following steps under the Details tab.

a. In Display name mapping, select Use attribute.
b. In the Display name attribute text box, enter the value
http://schema.microsoft.com/identity/claims/displayname .
c. In Unique user mapping, select Use attribute.

d. In the Unique user attribute text box, enter the value
e. In Status, select all the three check boxes.
f. In Create local accounts, select automatically.
g. Select Save changes.
h. From the </> Relying Party tab, copy the Metadata URL and open this in the browser to download the
SP metadata XML file. Upload this SP metadata file on the Basic SAML Configuration section in Azure
AD.
Create OpenAthens test user

In this section, a user called Britta Simon is created in OpenAthens. OpenAthens supports just-in-time user
exist in OpenAthens, a new one is created after authentication.
Test SSO
When you click the OpenAthens tile in the Access Panel, you should be automatically signed in to the OpenAthens
Try OpenAthens with Azure AD
OpsGenie
In this tutorial, you learn how to integrate OpsGenie with Azure Active Directory (Azure AD ). Integrating OpsGenie
You can control in Azure AD who has access to OpsGenie.
You can enable your users to be automatically signed-in to OpsGenie (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with OpsGenie, you need the following items:
OpsGenie single sign-on enabled subscription
OpsGenie supports SP initiated SSO
Adding OpsGenie from the gallery

To configure the integration of OpsGenie into Azure AD, you need to add OpsGenie from the gallery to your list of
managed SaaS apps.
To add OpsGenie from the gallery, perform the following steps:
4. In the search box, type OpsGenie, select OpsGenie from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with OpsGenie based on a test user called B.
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in OpsGenie
To configure and test Azure AD single sign-on with OpsGenie, you need to complete the following building blocks:
2. Configure OpsGenie Single Sign-On - to configure the Single Sign-On settings on application side.
3. Create an Azure AD test user - to test Azure AD single sign-on with B. Simon.
4. Assign the Azure AD test user - to enable B. Simon to use Azure AD single sign-on.
5. Create OpsGenie test user - to have a counterpart of B. Simon in OpsGenie that is linked to the Azure AD
To configure Azure AD single sign-on with OpsGenie, perform the following steps:
1. In the Azure portal, on the OpsGenie application integration page, select Single sign-on.
dialog.

In the Sign-on URL text box, type a URL: https://app.opsgenie.com/auth/login
6. On the Set up OpsGenie section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure OpsGenie Single Sign-On
1. Open another browser instance, and then log-in to OpsGenie as an administrator.
2. Click Settings, and then click the Single Sign On tab.
3. To enable SSO, select Enabled.
4. In the Provider section, click the Azure Active Directory tab.
5. On the Azure Active Directory dialog page, perform the following steps:
a. In the SAML 2.0 Endpoint textbox, paste Login URLvalue which you have copied from the Azure portal.
b. In the Metadata Url: textbox, paste App Federation Metadata Url value which you have copied from
the Azure portal.
c. Click Save Changes.
The objective of this section is to create a test user in the Azure portal called B. Simon.
a. In the Name field enter B. Simon.

b. In the User name field type **bsimon@yourcompanydomain.extension**
For example, BSimon@contoso.com
d. Click Create.
In this section, you enable B. Simon to use Azure single sign-on by granting access to OpsGenie.
1. In the Azure portal, select Enterprise Applications, select All applications, then select OpsGenie.
2. In the applications list, select OpsGenie.
5. In the Users and groups dialog select B. Simon in the Users list, then click the Select button at the bottom
of the screen.
Create OpsGenie test user
The objective of this section is to create a user called B. Simon in OpsGenie.
1. In a web browser window, log into your OpsGenie tenant as an administrator.
2. Navigate to Users list by clicking Users in left panel.
3. Click Add User.

a. In the Email textbox, type the email address of B. Simon addressed in Azure Active Directory.
b. In the Full Name textbox, type B. Simon.
c. Click Save.
NOTE
B. Simon gets an email with instructions for setting up their profile.
Test single sign-on

When you click the OpsGenie tile in the Access Panel, you should be automatically signed in to the OpsGenie for
Optimizely
In this tutorial, you learn how to integrate Optimizely with Azure Active Directory (Azure AD ). Integrating
Optimizely with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Optimizely.
You can enable your users to be automatically signed-in to Optimizely (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Optimizely, you need the following items:
Optimizely single sign-on enabled subscription
Optimizely supports SP initiated SSO
Adding Optimizely from the gallery

To configure the integration of Optimizely into Azure AD, you need to add Optimizely from the gallery to your list
To add Optimizely from the gallery, perform the following steps:
4. In the search box, type Optimizely, select Optimizely from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Optimizely based on a test user called Britta
Optimizely needs to be established.
To configure and test Azure AD single sign-on with Optimizely, you need to complete the following building blocks:
2. Configure Optimizely Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Optimizely test user - to have a counterpart of Britta Simon in Optimizely that is linked to the Azure
To configure Azure AD single sign-on with Optimizely, perform the following steps:
1. In the Azure portal, on the Optimizely application integration page, select Single sign-on.
dialog.

https://app.optimizely.net/<instance name>
urn:auth0:optimizely:contoso
NOTE
These values are not the real. You will update the value with the actual Sign-on URL and Identifier, which is explained
later in the tutorial. You can also refer to the patterns shown in the Basic SAML Configuration section in the Azure
portal.
5. Your Optimizely application expects the SAML assertions in a specific format, which requires you to add
6. In addition to above, Optimizely application expects few more attributes to be passed back in SAML
email user.mail
f. Click Ok
g. Click Save.
8. On the Set up Optimizely section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Optimizely Single Sign-On
1. To configure single sign-on on Optimizely side, contact your Optimizely Account Manager and provide the
downloaded Certificate (Base64) and appropriate copied URLs.
2. In response to your email, Optimizely provides you with the Sign On URL (SP -initiated SSO ) and the
Identifier (Service Provider Entity ID ) values.
a. Copy the SP -initiated SSO URL provided by Optimizely, and paste into the Sign On URL textbox in
b. Copy the Service Provider Entity ID provided by Optimizely, and paste into the Identifier textbox in
3. In a different browser window, sign-on to your Optimizely application.
4. Click you account name in the top right corner and then Account Settings.
5. In the Account tab, check the box Enable SSO under Single Sign On in the Overview section.
6. Click Save

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Optimizely.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Optimizely.
2. In the applications list, select Optimizely.

Create Optimizely test user
In this section, you create a user called Britta Simon in Optimizely.
1. On the home page, select Collaborators tab.
2. To add new collaborator to the project, click New Collaborator.
3. Fill in the email address and assign them a role. Click Invite.
4. They receive an email invite. Using the email address, they have to log in to Optimizely.
Test single sign-on
When you click the Optimizely tile in the Access Panel, you should be automatically signed in to the Optimizely for
Tutorial: Integrate Oracle Cloud Infrastructure
Console with Azure Active Directory
In this tutorial, you'll learn how to integrate Oracle Cloud Infrastructure Console with Azure Active Directory
(Azure AD ). When you integrate Oracle Cloud Infrastructure Console with Azure AD, you can:
Control in Azure AD who has access to Oracle Cloud Infrastructure Console.
Enable your users to be automatically signed-in to Oracle Cloud Infrastructure Console with their Azure AD
accounts.
Prerequisites
Oracle Cloud Infrastructure Console single sign-on (SSO ) enabled subscription.
In this tutorial, you configure and test Azure AD SSO in a test environment. Oracle Cloud Infrastructure Console
supports SP initiated SSO.
Adding Oracle Cloud Infrastructure Console from the gallery

To configure the integration of Oracle Cloud Infrastructure Console into Azure AD, you need to add Oracle Cloud
Infrastructure Console from the gallery to your list of managed SaaS apps.
5. In the Add from the gallery section, type Oracle Cloud Infrastructure Console in the search box.
6. Select Oracle Cloud Infrastructure Console from results panel and then add the app. Wait a few seconds

Configure and test Azure AD SSO with Oracle Cloud Infrastructure Console using a test user called B. Simon. For
SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Oracle
Cloud Infrastructure Console.
To configure and test Azure AD SSO with Oracle Cloud Infrastructure Console, complete the following building
blocks:
2. Configure Oracle Cloud Infrastructure Console to configure the SSO settings on application side.
5. Create Oracle Cloud Infrastructure Console test user to have a counterpart of B. Simon in Oracle Cloud
Infrastructure Console that is linked to the Azure AD representation of user.
1. In the Azure portal, on the Oracle Cloud Infrastructure Console application integration page, find the
Manage section and select Single sign-on.
NOTE
You will get the Service Provider metadata file from the Configure Oracle Cloud Infrastructure Console Single
Sign-On section of the tutorial.

c. Once the metadata file is successfully uploaded, the Identifier and Reply URL values get auto
populated in Basic SAML Configuration section textbox.
NOTE
If the Identifier and Reply URL values do not get auto polulated, then fill in the values manually according to
your requirement.
https://console.<REGIONNAME>.oraclecloud.com/
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact Oracle Cloud Infrastructure
Console Client support team to get the value. You can also refer to the patterns shown in the Basic SAML
computer.
6. Oracle Cloud Infrastructure Console application expects the SAML assertions in a specific format, which
7. In addition to above, Oracle Cloud Infrastructure Console application expects few more attributes to be
passed back in SAML response. In the User Attributes & Claims section on the Group Claims (Preview)
dialog, perform the following steps:
a. Click the pen next to Name identifier value.
b. Select Persistent as Choose name identifier format.
c. Click Save.
d. Click the pen next to Groups returned in claim.
e. Select Security groups from the radio list.
f. Select Source Attribute of Group ID.
g. Check Customize the name of the group claim.
h. In the Name text box, type groupName.
i. In the Namespace (optional) text box, type https://auth.oraclecloud.com/saml/claims .
j. Click Save.
8. On the Set up Oracle Cloud Infrastructure Console section, copy the appropriate URL (s) based on your
requirement.
Configure Oracle Cloud Infrastructure Console

1. In a different web browser window, sign in to Oracle Cloud Infrastructure Console as an Administrator.
2. Click on the left side of the menu and click on Identity then navigate to Federation.
3. Save the Service Provider metadata file by clicking the Download this document link and upload it
into the Basic SAML Configuration section of Azure portal and then click on Add Identity Provider.
4. On the Add Identity Provider pop-up, perform the following steps:

a. In the NAME text box, enter your name.
b. In the DESCRIPTION text box, enter your description.
c. Select MICROSOFT ACTIVE DIRECTORY FEDERATION SERVICE (ADFS ) OR SAML 2.0
COMPLIANT IDENTITY PROVIDER as TYPE.
d. Click Browse to upload the Federation Metadata XML, which you have downloaded from Azure
portal.
e. Click Continue and on the Edit Identity Provider section perform the following steps:
f. The IDENTITY PROVIDER GROUP should be selected as Custom Group. The GROUP ID should
be the GUID of the group from Azure Active Directory. The group needs to be mapped with
corresponding group in OCI GROUP field.
g. You can map multiple groups as per your setup in Azure portal and your organization need. Click on
+ Add mapping to add as many groups as you need.
h. Click Submit.
box.
d. Click Create.
In this section, you'll enable B. Simon to use Azure single sign-on by granting access to Oracle Cloud Infrastructure
Console.
2. In the applications list, select Oracle Cloud Infrastructure Console.
Create Oracle Cloud Infrastructure Console test user
Oracle Cloud Infrastructure Console supports just-in-time provisioning, which is by default. There is no action item
for you in this section. A new user does not get created during an attempt to access and also no need to create the
user.
Test SSO
When you select the Oracle Cloud Infrastructure Console tile in the Access Panel, you will be redirected to the
Oracle Cloud Infrastructure Console sign in page. Select the IDENTITY PROVIDER from the drop-down menu
and click Continue as shown below to sign in. For more information about the Access Panel, see Introduction to
the Access Panel.
integration with Oracle Fusion ERP
In this tutorial, you'll learn how to integrate Oracle Fusion ERP with Azure Active Directory (Azure AD ). When you
integrate Oracle Fusion ERP with Azure AD, you can:
Control in Azure AD who has access to Oracle Fusion ERP.
Enable your users to be automatically signed-in to Oracle Fusion ERP with their Azure AD accounts.
Prerequisites
Oracle Fusion ERP single sign-on (SSO ) enabled subscription.
Oracle Fusion ERP supports SP initiated SSO
Adding Oracle Fusion ERP from the gallery

To configure the integration of Oracle Fusion ERP into Azure AD, you need to add Oracle Fusion ERP from the
5. In the Add from the gallery section, type Oracle Fusion ERP in the search box.
6. Select Oracle Fusion ERP from results panel and then add the app. Wait a few seconds while the app is added
to your tenant.
Configure and test Azure AD SSO for Oracle Fusion ERP

Configure and test Azure AD SSO with Oracle Fusion ERP using a test user called B.Simon. For SSO to work, you
need to establish a link relationship between an Azure AD user and the related user in Oracle Fusion ERP.
To configure and test Azure AD SSO with Oracle Fusion ERP, complete the following building blocks:
2. Configure Oracle Fusion ERP SSO - to configure the Single Sign-On settings on application side.
a. Create Oracle Fusion ERP test user - to have a counterpart of B.Simon in Oracle Fusion ERP that is

1. In the Azure portal, on the Oracle Fusion ERP application integration page, find the Manage section and
https://<SUBDOMAIN>.fa.em2.oraclecloud.com/fscmUI/faces/AtkHomePageWelcome
https://<SUBDOMAIN>.login.em2.oraclecloud.com:443/oam/fed
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Oracle Fusion ERP
computer.
6. On the Set up Oracle Fusion ERP section, copy the appropriate URL (s) based on your requirement.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Oracle Fusion ERP.
2. In the applications list, select Oracle Fusion ERP.
Configure Oracle Fusion ERP SSO

To configure single sign-on on Oracle Fusion ERP side, you need to send the downloaded Federation Metadata
XML and appropriate copied URLs from Azure portal to Oracle Fusion ERP support team. They set this setting to
Create Oracle Fusion ERP test user
In this section, you create a user called Britta Simon in Oracle Fusion ERP. Work with Oracle Fusion ERP support
team to add the users in the Oracle Fusion ERP platform. Users must be created and activated before you use
single sign-on.
Test SSO
When you click the Oracle Fusion ERP tile in the Access Panel, you should be automatically signed in to the Oracle
Fusion ERP for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Try Oracle Fusion ERP with Azure AD
OrgChart Now
In this tutorial, you learn how to integrate OrgChart Now with Azure Active Directory (Azure AD ). Integrating
OrgChart Now with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to OrgChart Now.
You can enable your users to be automatically signed-in to OrgChart Now (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with OrgChart Now, you need the following items:
OrgChart Now single sign-on enabled subscription
OrgChart Now supports SP and IDP initiated SSO
Adding OrgChart Now from the gallery

To configure the integration of OrgChart Now into Azure AD, you need to add OrgChart Now from the gallery to
To add OrgChart Now from the gallery, perform the following steps:
4. In the search box, type OrgChart Now, select OrgChart Now from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with OrgChart Now based on a test user called
OrgChart Now needs to be established.
To configure and test Azure AD single sign-on with OrgChart Now, you need to complete the following building
blocks:
2. Configure OrgChart Now Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create OrgChart Now test user - to have a counterpart of Britta Simon in OrgChart Now that is linked to the
To configure Azure AD single sign-on with OrgChart Now, perform the following steps:
1. In the Azure portal, on the OrgChart Now application integration page, select Single sign-on.
dialog.
In the Identifier text box, type a URL: https://sso2.orgchartnow.com
initiated mode:
https://sso2.orgchartnow.com/Shibboleth.sso/Login?entityID=
<YourEntityID>&target=https://sso2.orgchartnow.com
NOTE
<YourEntityID> is the Azure AD Identifier copied from the Set up OrgChart Now section, described later in
tutorial.
7. On the Set up OrgChart Now section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure OrgChart Now Single Sign-On
To configure single sign-on on OrgChart Now side, you need to send the downloaded Federation Metadata
XML and appropriate copied URLs from Azure portal to OrgChart Now support team. They set this setting to

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to OrgChart Now.
1. In the Azure portal, select Enterprise Applications, select All applications, then select OrgChart Now.
2. In the applications list, select OrgChart Now.

Create OrgChart Now test user
To enable Azure AD users to log in to OrgChart Now, they must be provisioned into OrgChart Now.
1. OrgChart Now supports just-in-time provisioning, which is by default enabled. A new user is created during
an attempt to access OrgChart Now if it doesn't exist yet. The just-in-time user provisioning feature will only
create a read-only user when an SSO request comes from a recognized IDP and the email in the SAML
assertion is not found in the user list. For this auto provisioning feature you need to create an access group
titled General in OrgChart Now. Please follow the below steps to create an access group:
a. Go to the Manage Groups option after clicking the gear in the top right corner of the UI.
b. Select the Add icon and name the group General then click OK.
c. Select the folder(s) you wish the general or read-only users to be able to access:
d. Lock the folders so that only Admin users can modify them. Then press OK.
2. To create Admin users and read/write users, you must manually create a user in order to get access to
their privilege level via SSO. To provision a user account, perform the following steps:
a. Log in to OrgChart Now as a Security Administrator.
b. Click on Settings on the top right corner and then navigate to Manage Users.
c. Click on Add and perform the following steps:
In the User ID textbox, enter the User ID like brittasimon@contoso.com.

In Email Address text box, enter the email of user like brittasimon@contoso.com.
Click Add.
Test single sign-on
When you click the OrgChart Now tile in the Access Panel, you should be automatically signed in to the OrgChart
Now for which you set up SSO. For more information about the Access Panel, see Introduction to the Access Panel.
Origami
In this tutorial, you learn how to integrate Origami with Azure Active Directory (Azure AD ). Integrating Origami
You can control in Azure AD who has access to Origami.
You can enable your users to be automatically signed-in to Origami (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Origami, you need the following items:
Origami single sign-on enabled subscription
Origami supports SP initiated SSO
Adding Origami from the gallery

To configure the integration of Origami into Azure AD, you need to add Origami from the gallery to your list of
managed SaaS apps.
To add Origami from the gallery, perform the following steps:
4. In the search box, type Origami, select Origami from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Origami based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Origami
To configure and test Azure AD single sign-on with Origami, you need to complete the following building blocks:
2. Configure Origami Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Origami test user - to have a counterpart of Britta Simon in Origami that is linked to the Azure AD
To configure Azure AD single sign-on with Origami, perform the following steps:
1. In the Azure portal, on the Origami application integration page, select Single sign-on.
dialog.

https://live.origamirisk.com/origami/account/login?account=<companyname>
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact Origami Client support team to get the
6. On the Set up Origami section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Origami Single Sign-On
1. Log in to the Origami account with Admin rights.
3. On the Single Sign On Setup dialog page, perform the following steps:
a. Select Enable Single Sign On.

b. In the Identity Provider's Sign-in Page URL textbox, paste the value of Login URL, which you have
c. In the Identity Provider's Sign-out Page URL textbox, paste the value of Logout URL, which you have
d. Click Browse to upload the certificate you have downloaded from the Azure portal.
e. Click Save Changes.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Origami.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Origami.
2. In the applications list, select Origami.

Create Origami test user
In this section, you create a user called Britta Simon in Origami.
1. Log in to the Origami account with Admin rights.
3. On the Users and Security dialog, click Users.
5. On the Add New User dialog, perform the following steps:
a. In the User Name textbox, enter the email of user like brittasimon@contoso.com.
b. In the Password textbox, type a password.
c. In the Confirm Password textbox, type the password again.
d. In the First Name textbox, enter the first name of user like Britta.
e. In the Last Name textbox, enter the last name of user like Simon.
f. Click Save.
6. Assign User Roles and Client Access to the user.
Test single sign-on

When you click the Origami tile in the Access Panel, you should be automatically signed in to the Origami for
Tutorial: Integrate Otsuka Shokai with Azure Active
Directory
In this tutorial, you'll learn how to integrate Otsuka Shokai with Azure Active Directory (Azure AD ). When you
integrate Otsuka Shokai with Azure AD, you can:
Control in Azure AD who has access to Otsuka Shokai.
Enable your users to be automatically signed-in to Otsuka Shokai with their Azure AD accounts.
Prerequisites
Otsuka Shokai single sign-on (SSO ) enabled subscription.
In this tutorial, you configure and test Azure AD SSO in a test environment. Otsuka Shokai supports IDP initiated
SSO.
Adding Otsuka Shokai from the gallery

To configure the integration of Otsuka Shokai into Azure AD, you need to add Otsuka Shokai from the gallery to
5. In the Add from the gallery section, type Otsuka Shokai in the search box.
6. Select Otsuka Shokai from results panel and then add the app. Wait a few seconds while the app is added to
your tenant.
7. Click on Properties tab, copy the Application ID and save it on your computer for subsequent use.

Configure and test Azure AD SSO with Otsuka Shokai using a test user called B. Simon. For SSO to work, you
need to establish a link relationship between an Azure AD user and the related user in Otsuka Shokai.
To configure and test Azure AD SSO with Otsuka Shokai, complete the following building blocks:
2. Configure Otsuka Shokai to configure the SSO settings on application side.
5. Create Otsuka Shokai test user to have a counterpart of B. Simon in Otsuka Shokai that is linked to the Azure
1. In the Azure portal, on the Otsuka Shokai application integration page, find the Manage section and select
Single sign-on.
4. On the Set up Single Sign-On with SAML page, the application is pre-configured and the necessary
URLs are already pre-populated with Azure. The user needs to save the configuration by clicking the Save
button.
5. Otsuka Shokai application expects the SAML assertions in a specific format, which requires you to add
the list of default attributes, where as nameidentifier is mapped with user.userprincipalname. Otsuka
Shokai application expects nameidentifier to be mapped with user.objectid, so you need to edit the
6. In addition to above, Otsuka Shokai application expects few more attributes to be passed back in SAML
Appid <Application ID>
NOTE
<Application ID> is the value which you have copied from the Properties tab of Azure portal.
f. Click Ok
g. Click Save.
Configure Otsuka Shokai
1. When you connect to Customer's My Page from SSO app, the wizard of SSO setting starts.
2. If Otsuka ID is not registered, proceed to Otsuka-ID new registration. If you have registered Otsuka-ID,
proceed to the linkage setting.
3. Proceed to the end and when the top screen is displayed after logging in to Customer's My Page, the SSO
settings are complete.
4. The next time you connect to Customer's My Page from the SSO app, after the guidance screen opens, the
top screen is displayed after logging in to Customer's My Page.
box.
d. Click Create.
In this section, you'll enable B. Simon to use Azure single sign-on by granting access to Otsuka Shokai.
2. In the applications list, select Otsuka Shokai.
Create Otsuka Shokai test user
New registration of SaaS account will be performed at the first access to Otsuka Shokai. In addition, we will also
associate Azure AD account and SaaS account at the time of new creation.
Test SSO
When you select the Otsuka Shokai tile in the Access Panel, you should be automatically signed in to the Otsuka
Shokai for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Tutorial: Integrate OutSystems Azure AD with Azure
Active Directory
In this tutorial, you'll learn how to integrate OutSystems Azure AD with Azure Active Directory (Azure AD ). When
you integrate OutSystems Azure AD with Azure AD, you can:
Control in Azure AD who has access to OutSystems Azure AD.
Enable your users to be automatically signed-in to OutSystems Azure AD with their Azure AD accounts.
Prerequisites
OutSystems Azure AD single sign-on (SSO ) enabled subscription.
In this tutorial, you configure and test Azure AD SSO in a test environment. OutSystems Azure AD supports SP
and IDP initiated SSO and supports Just In Time user provisioning.
Adding OutSystems Azure AD from the gallery

To configure the integration of OutSystems Azure AD into Azure AD, you need to add OutSystems Azure AD from
5. In the Add from the gallery section, type OutSystems Azure AD in the search box.
6. Select OutSystems Azure AD from results panel and then add the app. Wait a few seconds while the app is

Configure and test Azure AD SSO with OutSystems Azure AD using a test user called B. Simon. For SSO to work,
you need to establish a link relationship between an Azure AD user and the related user in OutSystems Azure AD.
To configure and test Azure AD SSO with OutSystems Azure AD, complete the following building blocks:
2. Configure OutSystems Azure AD to configure the SSO settings on application side.
5. Create OutSystems Azure AD test user to have a counterpart of B. Simon in OutSystems Azure AD that is
1. In the Azure portal, on the OutSystems Azure AD application integration page, find the Manage section
a. In the Identifier text box, type a URL using the following pattern: http://<YOURBASEURL>/IdP
b. In the Reply URL text box, type a URL using the following pattern: https://<YOURBASEURL>/IdP/SSO.aspx
initiated mode:
In the Sign-on URL text box, type a URL using the following pattern: https://<YOURBASEURL>
NOTE
OutSystems Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
computer.
7. On the Set up OutSystems Azure AD section, copy the appropriate URL (s) based on your requirement.
Configure OutSystems Azure AD

To configure single sign-on on OutSystems side, you need to download the IdP forge component, configure it as
mentioned in the instructions. After installing the component and do the necessary code changes, configure Azure
AD by downloading Federation Metadata XML from Azure portal and upload on OutSystems IdP component,
according to the following instructions.
box.
d. Click Create.
In this section, you'll enable B. Simon to use Azure single sign-on by granting access to OutSystems Azure AD.
2. In the applications list, select OutSystems Azure AD.
Create OutSystems Azure AD test user
In this section, a user called B.Simon is created in OutSystems. OutSystems supports just-in-time user
exist in OutSystems, a new one is created after authentication.
Test SSO
When you select the OutSystems Azure AD tile in the Access Panel, you should be automatically signed in to the
OutSystems Azure AD for which you set up SSO. For more information about the Access Panel, see Introduction
Tutorial: Azure Active Directory integration with OU
Campus
In this tutorial, you learn how to integrate OU Campus with Azure Active Directory (Azure AD ). Integrating OU
Campus with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to OU Campus.
You can enable your users to be automatically signed-in to OU Campus (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with OU Campus, you need the following items:
OU Campus single sign-on enabled subscription
OU Campus supports SP initiated SSO
Adding OU Campus from the gallery

To configure the integration of OU Campus into Azure AD, you need to add OU Campus from the gallery to your
To add OU Campus from the gallery, perform the following steps:
4. In the search box, type OU Campus, select OU Campus from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with OU Campus based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in OU
Campus needs to be established.
To configure and test Azure AD single sign-on with OU Campus, you need to complete the following building
blocks:
2. Configure OU Campus Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create OU Campus test user - to have a counterpart of Britta Simon in OU Campus that is linked to the
To configure Azure AD single sign-on with OU Campus, perform the following steps:
1. In the Azure portal, on the OU Campus application integration page, select Single sign-on.
dialog.

https://a.cms.omniupdate.com/<Instance Name>
NOTE
The value is not real. Update the value with the actual Sign on URL. Contact OU Campus Client support team to get
6. On the Set up OU Campus section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure OU Campus Single Sign-On
To configure single sign-on on OU Campus side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to OU Campus support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to OU Campus.
1. In the Azure portal, select Enterprise Applications, select All applications, then select OU Campus.
2. In the applications list, select OU Campus.
Create OU Campus test user
In this section, you create a user called Britta Simon in OU Campus. Work with OU Campus support team to add
the users in the OU Campus platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the OU Campus tile in the Access Panel, you should be automatically signed in to the OU Campus
Overdrive
In this tutorial, you learn how to integrate Overdrive with Azure Active Directory (Azure AD ). Integrating Overdrive
You can control in Azure AD who has access to Overdrive.
You can enable your users to be automatically signed-in to Overdrive (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Overdrive, you need the following items:
Overdrive single sign-on enabled subscription
Overdrive supports SP initiated SSO
Overdrive supports Just In Time user provisioning
Adding Overdrive from the gallery

To configure the integration of Overdrive into Azure AD, you need to add Overdrive from the gallery to your list of
managed SaaS apps.
To add Overdrive from the gallery, perform the following steps:
4. In the search box, type Overdrive, select Overdrive from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Overdrive based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Overdrive
To configure and test Azure AD single sign-on with Overdrive, you need to complete the following building blocks:
2. Configure Overdrive Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Overdrive test user - to have a counterpart of Britta Simon in Overdrive that is linked to the Azure AD
To configure Azure AD single sign-on with Overdrive, perform the following steps:
1. In the Azure portal, on the Overdrive application integration page, select Single sign-on.
dialog.

http://<subdomain>.libraryreserve.com
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact Overdrive Client support team to get
6. On the Set up Overdrive section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Overdrive Single Sign-On
To configure single sign-on on Overdrive side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to Overdrive support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Overdrive.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Overdrive.
2. In the applications list, select Overdrive.
Create Overdrive test user
In this section, a user called Britta Simon is created in Overdrive. Overdrive supports just-in-time user
exist in Overdrive, a new one is created after authentication.
NOTE
You can use any other OverDrive user account creation tools or APIs provided by OverDrive to provision Azure AD user
accounts.
Test single sign-on

When you click the Overdrive tile in the Access Panel, you should be automatically signed in to the Overdrive for
Pacific Timesheet
In this tutorial, you learn how to integrate Pacific Timesheet with Azure Active Directory (Azure AD ). Integrating
Pacific Timesheet with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Pacific Timesheet.
You can enable your users to be automatically signed-in to Pacific Timesheet (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Pacific Timesheet, you need the following items:
Pacific Timesheet single sign-on enabled subscription
Pacific Timesheet supports IDP initiated SSO
Adding Pacific Timesheet from the gallery

To configure the integration of Pacific Timesheet into Azure AD, you need to add Pacific Timesheet from the gallery
To add Pacific Timesheet from the gallery, perform the following steps:
4. In the search box, type Pacific Timesheet, select Pacific Timesheet from result panel then click Add

In this section, you configure and test Azure AD single sign-on with Pacific Timesheet based on a test user called
Pacific Timesheet needs to be established.
To configure and test Azure AD single sign-on with Pacific Timesheet, you need to complete the following building
blocks:
2. Configure Pacific Timesheet Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Pacific Timesheet test user - to have a counterpart of Britta Simon in Pacific Timesheet that is linked
To configure Azure AD single sign-on with Pacific Timesheet, perform the following steps:
1. In the Azure portal, on the Pacific Timesheet application integration page, select Single sign-on.
dialog.
https://<InstanceID>.pacifictimesheet.com/timesheet/home.do
https://<InstanceID>.pacifictimesheet.com/timesheet/home.do
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact Pacific Timesheet
6. On the Set up Pacific Timesheet section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Pacific Timesheet Single Sign-On
To configure single sign-on on Pacific Timesheet side, you need to send the downloaded Certificate (Base64)
and appropriate copied URLs from Azure portal to Pacific Timesheet support team. They set this setting to have

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Pacific Timesheet.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Pacific
Timesheet.
2. In the applications list, select Pacific Timesheet.
Create Pacific Timesheet test user
In this section, you create a user called Britta Simon in Pacific Timesheet. Work with Pacific Timesheet support
team to add the users in the Pacific Timesheet platform. Users must be created and activated before you use single
sign-on.
Test single sign-on
When you click the Pacific Timesheet tile in the Access Panel, you should be automatically signed in to the Pacific
Timesheet for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
PageDNA
In this tutorial, you learn how to integrate PageDNA with Azure Active Directory (Azure AD ).
Integrating PageDNA with Azure AD provides you with the following benefits:
In Azure AD, you can control who has access to PageDNA.
You can enable your users to be automatically signed in to PageDNA (single sign-on) with their Azure AD
accounts.
For details about software as a service (SaaS ) app integration with Azure AD, see What is application access and
single sign-on with Azure Active Directory?.
Prerequisites
To configure Azure AD integration with PageDNA, you need the following items:
An Azure AD subscription. If you don't have an Azure subscription, create a free account before you begin.
A PageDNA subscription with single sign-on enabled.
In this tutorial, you configure and test Azure AD single sign-on in a test environment and integrate PageDNA with
Azure AD.
PageDNA supports the following features:
SP -initiated single sign-on (SSO ).
Just-in-time user provisioning.
Add PageDNA from the Azure Marketplace

To configure the integration of PageDNA into Azure AD, you need to add PageDNA from the Azure Marketplace to
your list of managed SaaS apps:
2. In the left pane, select Azure Active Directory.

4. To add a new application, select + New application at the top of the pane.
5. In the search box, enter PageDNA. In the search results, select PageDNA, and then select Add to add the
application.

In this section, you configure and test Azure AD single sign-on with PageDNA based on a test user named Britta
Simon. For single sign-on to work, you must establish a link between an Azure AD user and the related user in
PageDNA.
To configure and test Azure AD single sign-on with PageDNA, you need to complete the following building blocks:
2. Configure PageDNA single sign-on to configure the single sign-on settings on the application side.
5. Create a PageDNA test user so that there's a user named Britta Simon in PageDNA who's linked to the Azure
AD user named Britta Simon.
6. Test single sign-on to verify whether the configuration works.
To configure Azure AD single sign-on with PageDNA, take the following steps:
1. In the Azure portal, on the PageDNA application integration page, select Single sign-on.
2. In the Select a single sign-on method pane, select SAML/WS -Fed mode to enable single sign-on.
3. On the Set up Single Sign-On with SAML pane, select Edit (the pencil icon) to open the Basic SAML
Configuration pane.
4. In the Basic SAML Configuration pane, take the following steps:

a. In the Sign on URL box, enter a URL by using one of the following patterns:
https://stores.pagedna.com/<your site>
https://<your domain>
https://<your domain>/<your site>
https://www.nationsprint.com/<your site>
b. In the Identifier (Entity ID ) box, enter a URL by using one of the following patterns:
https://stores.pagedna.com/<your site>/saml2ep.cgi
https://www.nationsprint.com/<your site>/saml2ep.cgi
NOTE
These values aren't real. Update these values with the actual sign-on URL and identifier. To get these values, contact
the PageDNA support team. You can also refer to the patterns shown in the Basic SAML Configuration pane in the
Azure portal.
Download to download Certificate (Raw) from the given options and save it on your computer.
6. In the Set up PageDNA section, copy the URL or URLs that you need:
Login URL
Azure AD Identifier
Logout URL
Configure PageDNA single sign-on

To configure single sign-on on the PageDNA side, send the downloaded Certificate (Raw ) and the appropriate
copied URLs from the Azure portal to the PageDNA support team. The PageDNA team will make sure the SAML
SSO connection is set properly on both sides.
In this section, you create a test user in the Azure portal named Britta Simon.
2. At the top of the screen, select + New user.
3. In the User pane, do the following steps:

b. In the User name box, enter BrittaSimon@<yourcompanydomain>.<extension>. For example,
c. Select the Show password check box, and then write down the value that's displayed in the
Password box.
d. Select Create.
In this section, you enable the user Britta Simon to use Azure single sign-on by granting the user access to
PageDNA.
1. In the Azure portal, select Enterprise applications > All applications > PageDNA.
2. In the applications list, select PageDNA.

3. In the left pane, under MANAGE, select Users and groups.
4. Select + Add user, and then select Users and groups in the Add Assignment pane.
5. In the Users and groups pane, select Britta Simon in the Users list, and then choose Select at the bottom
of the pane.
6. If you're expecting a role value in the SAML assertion, then in the Select Role pane, select the appropriate
role for the user from the list. At the bottom of the pane, choose Select.
Create a PageDNA test user
A user named Britta Simon is now created in PageDNA. You don't have to do anything to create this user.
PageDNA supports just-in-time user provisioning, which is enabled by default. If a user named Britta Simon
doesn't already exist in PageDNA, a new one is created after authentication.
Test single sign-on
When you select PageDNA in the My Apps portal, you should be automatically signed in to the PageDNA
subscription for which you set up single sign-on. For more information about the My Apps portal, see Access and
use apps on the My Apps portal.
List of tutorials for integrating SaaS applications with Azure Active Directory
PagerDuty
In this tutorial, you learn how to integrate PagerDuty with Azure Active Directory (Azure AD ). Integrating
PagerDuty with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to PagerDuty.
You can enable your users to be automatically signed-in to PagerDuty (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with PagerDuty, you need the following items:
PagerDuty single sign-on enabled subscription
PagerDuty supports SP initiated SSO
Adding PagerDuty from the gallery

To configure the integration of PagerDuty into Azure AD, you need to add PagerDuty from the gallery to your list
To add PagerDuty from the gallery, perform the following steps:
4. In the search box, type PagerDuty, select PagerDuty from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with PagerDuty based on a test user called Britta
PagerDuty needs to be established.
To configure and test Azure AD single sign-on with PagerDuty, you need to complete the following building blocks:
2. Configure PagerDuty Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create PagerDuty test user - to have a counterpart of Britta Simon in PagerDuty that is linked to the Azure
To configure Azure AD single sign-on with PagerDuty, perform the following steps:
1. In the Azure portal, on the PagerDuty application integration page, select Single sign-on.
dialog.

https://<tenant-name>.pagerduty.com
https://<tenant-name>.pagerduty.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact PagerDuty Client
6. On the Set up PagerDuty section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure PagerDuty Single Sign-On
1. In a different web browser window, log into your Pagerduty company site as an administrator.
3. Click Single Sign-on.
4. On the Enable Single Sign-on (SSO ) page, perform the following steps:
a. Open your base-64 encoded certificate downloaded from Azure portal in notepad, copy the content of it
into your clipboard, and then paste it to the X.509 Certificate textbox
b. In the Login URL textbox, paste Login URL which you have copied from Azure portal.
c. In the Logout URL textbox, paste Logout URL which you have copied from Azure portal.
d. Select Allow username/password login.
e. Select Require EXACT authentication context comparison checkbox.
f. Click Save Changes.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to PagerDuty.
1. In the Azure portal, select Enterprise Applications, select All applications, then select PagerDuty.
2. In the applications list, select PagerDuty.
Create PagerDuty test user
To enable Azure AD users to log in to PagerDuty, they must be provisioned into PagerDuty.
In the case of PagerDuty, provisioning is a manual task.
NOTE
You can use any other Pagerduty user account creation tools or APIs provided by Pagerduty to provision Azure Active

1. Log in to your Pagerduty tenant.
2. In the menu on the top, click Users.
3. Click Add Users.
4. On the Invite your team dialog, perform the following steps:
a. Type the First and Last Name of user like Britta Simon.
b. Enter Email address of user like brittasimon@contoso.com.
c. Click Add, and then click Send Invites.
NOTE
All added users will receive an invite to create a PagerDuty account.
Test single sign-on

When you click the PagerDuty tile in the Access Panel, you should be automatically signed in to the PagerDuty for
Tutorial: Azure Active Directory integration with Palo
Alto Networks - Aperture
In this tutorial, you learn how to integrate Palo Alto Networks - Aperture with Azure Active Directory (Azure AD ).
Integrating Palo Alto Networks - Aperture with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Palo Alto Networks - Aperture.
You can enable your users to be automatically signed-in to Palo Alto Networks - Aperture (Single Sign-On) with
you begin.
Prerequisites
To configure Azure AD integration with Palo Alto Networks - Aperture, you need the following items:
Palo Alto Networks - Aperture single sign-on enabled subscription
Palo Alto Networks - Aperture supports SP and IDP initiated SSO
Adding Palo Alto Networks - Aperture from the gallery

To configure the integration of Palo Alto Networks - Aperture into Azure AD, you need to add Palo Alto Networks -
Aperture from the gallery to your list of managed SaaS apps.
To add Palo Alto Networks - Aperture from the gallery, perform the following steps:
4. In the search box, type Palo Alto Networks - Aperture, select Palo Alto Networks - Aperture from

In this section, you configure and test Azure AD single sign-on with Palo Alto Networks - Aperture based on a test
user in Palo Alto Networks - Aperture needs to be established.
To configure and test Azure AD single sign-on with Palo Alto Networks - Aperture, you need to complete the
2. Configure Palo Alto Networks - Aperture Single Sign-On - to configure the Single Sign-On settings on
application side.
5. Create Palo Alto Networks - Aperture test user - to have a counterpart of Britta Simon in Palo Alto
Networks - Aperture that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with Palo Alto Networks - Aperture, perform the following steps:
1. In the Azure portal, on the Palo Alto Networks - Aperture application integration page, select Single
sign-on.
dialog.
https://<subdomain>.aperture.paloaltonetworks.com/d/users/saml/metadata
https://<subdomain>.aperture.paloaltonetworks.com/d/users/saml/auth
initiated mode:
https://<subdomain>.aperture.paloaltonetworks.com/d/users/saml/sign_in
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact Palo
Alto Networks - Aperture Client support team to get these values. You can also refer to the patterns shown in the
7. On the Set up Palo Alto Networks - Aperture section, copy the appropriate URL (s) as per your
requirement.
a. Login URL
c. Logout URL
Configure Palo Alto Networks - Aperture Single Sign-On
1. In a different web browser window, login to Palo Alto Networks - Aperture as an Administrator.
2. On the top menu bar, click SETTINGS.
3. Navigate to APPLICATION section click Authentication form the left side of menu.
4. On the Authentication page perform the following steps:

a. Check the Enable Single Sign-On(Supported SSP Providers are Okta, One login) from Single
Sign-On field.
b. In the Identity Provider ID textbox, paste the value of Azure AD Identifier, which you have copied
from Azure portal.
c. Click Choose File to upload the downloaded Certificate from Azure AD in the Identity Provider
Certificate field.
d. In the Identity Provider SSO URL textbox, paste the value of Login URL, which you have copied from
Azure portal.
e. Review the IdP information from Aperture Info section and download the certificate from Aperture Key
field.
f. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Palo Alto Networks -
Aperture.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Palo Alto
Networks - Aperture.
2. In the applications list, select Palo Alto Networks - Aperture.
Create Palo Alto Networks - Aperture test user
In this section, you create a user called Britta Simon in Palo Alto Networks - Aperture. Work with Palo Alto
Networks - Aperture Client support team to add the users in the Palo Alto Networks - Aperture platform. Users
Test single sign-on
When you click the Palo Alto Networks - Aperture tile in the Access Panel, you should be automatically signed in to
the Palo Alto Networks - Aperture for which you set up SSO. For more information about the Access Panel, see
Tutorial: Azure Active Directory integration with Palo
Alto Networks Captive Portal
In this tutorial, you learn how to integrate Palo Alto Networks Captive Portal with Azure Active Directory (Azure
AD ).
You get the following benefits when you integrate Palo Alto Networks Captive Portal with Azure AD:
In Azure AD, you can control who has access to Palo Alto Networks Captive Portal.
You can automatically sign in users in Palo Alto Networks Captive Portal (single sign-on) by using user Azure
AD accounts.
You can manage your accounts in one, central location, the Azure portal.
To learn more about software as a service (SaaS ) app integration with Azure AD, see Single sign-on to applications
in Azure Active Directory.
If you don't have an Azure subscription, create a free account.
Prerequisites
To integrate Azure AD with Palo Alto Networks Captive Portal, you need the following items:
An Azure Active Directory subscription. If you don't have Azure AD, you can get a one-month trial.
A Palo Alto Networks Captive Portal single sign-on (SSO )-enabled subscription.
Palo Alto Networks Captive Portal supports these scenarios:
Add Palo Alto Networks Captive Portal from the gallery

To get started, in the gallery, add Palo Alto Networks Captive Portal to your list of managed SaaS apps:
1. In the Azure portal, in the left menu, select Azure Active Directory.

3. Select New application.
4. In the search box, enter Palo Alto Networks Captive Portal. In the search results, select Palo Alto
Networks - Captive Portal, and then select Add.

You configure and test Azure AD single sign-on with Palo Alto Networks Captive Portal based on a test user
named Britta Simon. For single sign-on to work, you must establish a relationship between an Azure AD user and
the same user in Palo Alto Networks Captive Portal.
To configure and test Azure AD single sign-on with Palo Alto Networks Captive Portal, complete the following
tasks:
1. Configure Azure AD single sign-on: Enable the user to use this feature.
2. Configure Palo Alto Networks Captive Portal single sign-on: Configure the single sign-on settings in the
application.
3. Create an Azure AD test user: Test Azure AD single sign-on with the user Britta Simon.
4. Assign the Azure AD test user: Set up Britta Simon to use Azure AD single sign-on.
5. Create a Palo Alto Networks Captive Portal test user: Create a counterpart user Britta Simon in Palo Alto
Networks Captive Portal that's linked to the Azure AD user.
6. Test single sign-on: Verify that the configuration works.
First, enable Azure AD single sign-on in the Azure portal:
1. In the Azure portal, on the Palo Alto Networks - Captive Portal application integration page, select
Single sign-on.
2. In the Select a single sign-on method pane, select SAML.
3. In the Set up Single Sign-On with SAML pane, select the pencil Edit icon.
4. In the Basic SAML Configuration pane, complete the following steps:

a. For Identifier, enter a URL that has the pattern https://<customer_firewall_host_name>/SAML20/SP .
b. For Reply URL, enter a URL that has the pattern
https://<customer_firewall_host_name>/SAML20/SP/ACS .
NOTE
Update the placeholder values in this step with the actual identifier and reply URLs. To get the actual values,
contact Palo Alto Networks Captive Portal Client support team.
5. In the SAML Signing Certificate section, next to Federation Metadata XML, select Download. Save the
downloaded file on your computer.
Configure Palo Alto Networks Captive Portal single sign-on

Next, set up single-sign on in Palo Alto Networks Captive Portal:
1. In a different browser window, sign in to the Palo Alto Networks website as an administrator.
2. Select the Device tab.
3. In the menu, select SAML Identity Provider, and then select Import.
4. In the SAML Identity Provider Server Profile Import dialog box, complete the following steps:
a. For Profile Name, enter a name, like AzureAD -CaptivePortal.

b. Next to Identity Provider Metadata, select Browse. Select the metadata.xml file that you
downloaded in the Azure portal.
c. Select OK.
Next, create a test user named Britta Simon in the Azure portal:
2. Select New user.
a. For Name, enter BrittaSimon.

b. For User name, enter BrittaSimon@<your_company_domain>. For example,
c. For Password, enter a password. We recommend that you keep a record of the password you enter.
You can select the Show Password check box to display the password.
d. Select Create.
Next, grant access to Palo Alto Networks Captive Portal so Britta Simon can use Azure single sign-on:
1. In the Azure portal, select Enterprise applications > All applications.
2. In the applications list, enter Palo Alto Networks - Captive Portal, and then select the application.
5. In the Users and groups pane, in the Users list, select Britta Simon. Select Select.
6. To add a role value to the SAML assertion, in the Select role pane, select the relevant role for the user.
Select Select.
7. In the Add assignment pane, select Assign.
Create a Palo Alto Networks Captive Portal test user
Next, create a user named Britta Simon in Palo Alto Networks Captive Portal. Palo Alto Networks Captive Portal
supports just-in-time user provisioning, which is enabled by default. You don't need to complete any tasks in this
section. If a user doesn't already exist in Palo Alto Networks Captive Portal, a new one is created after
authentication.
NOTE
If you want to create a user manually, contact the Palo Alto Networks Captive Portal Client support team.
Test single sign-on

Palo Alto Networks Captive Portal is installed behind the firewall on a Windows VM. To test single sign-on in Palo
Alto Networks Captive Portal, sign in to the Windows VM by using Remote Desktop Protocol (RDP ). In the RDP
session, open a browser and go to any website. The SSO URL opens and you're prompted to authenticate. When
authentication is finished, you can access websites.
To learn more, see these articles:
Tutorials about integrating SaaS apps with Azure Active Directory
Conditional Access in Azure Active Directory
integration with Palo Alto Networks - GlobalProtect
In this tutorial, you'll learn how to integrate Palo Alto Networks - GlobalProtect with Azure Active Directory (Azure
AD ). When you integrate Palo Alto Networks - GlobalProtect with Azure AD, you can:
Control in Azure AD who has access to Palo Alto Networks - GlobalProtect.
Enable your users to be automatically signed-in to Palo Alto Networks - GlobalProtect with their Azure AD
accounts.
Prerequisites
Palo Alto Networks - GlobalProtect single sign-on (SSO ) enabled subscription.
Palo Alto Networks - GlobalProtect supports SP initiated SSO
Palo Alto Networks - GlobalProtect supports Just In Time user provisioning
Adding Palo Alto Networks - GlobalProtect from the gallery

To configure the integration of Palo Alto Networks - GlobalProtect into Azure AD, you need to add Palo Alto
Networks - GlobalProtect from the gallery to your list of managed SaaS apps.
5. In the Add from the gallery section, type Palo Alto Networks - GlobalProtect in the search box.
6. Select Palo Alto Networks - GlobalProtect from results panel and then add the app. Wait a few seconds
Configure and test Azure AD single sign-on for Palo Alto Networks -
GlobalProtect
Configure and test Azure AD SSO with Palo Alto Networks - GlobalProtect using a test user called B.Simon. For
SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Palo Alto
Networks - GlobalProtect.
To configure and test Azure AD SSO with Palo Alto Networks - GlobalProtect, complete the following building
blocks:
2. Configure Palo Alto Networks - GlobalProtect SSO - to configure the single sign-on settings on application
side.
a. Create Palo Alto Networks - GlobalProtect test user - to have a counterpart of B.Simon in Palo Alto
Networks - GlobalProtect that is linked to the Azure AD representation of user.

1. In the Azure portal, on the Palo Alto Networks - GlobalProtect application integration page, find the
edit the settings.
a. In the Sign on URL text box, type a URL using the following pattern: https://<Customer Firewall URL>
https://<Customer Firewall URL>/SAML20/SP
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Palo Alto Networks
- GlobalProtect Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
computer.
6. On the Set up Palo Alto Networks - GlobalProtect section, copy the appropriate URL (s) based on your
requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Palo Alto Networks -
GlobalProtect.
2. In the applications list, select Palo Alto Networks - GlobalProtect.
Configure Palo Alto Networks - GlobalProtect SSO

1. Open the Palo Alto Networks Firewall Admin UI as an administrator in another browser window.
2. Click on Device.
3. Select SAML Identity Provider from the left navigation bar and click "Import" to import the metadata file.
4. Perform following actions on the Import window
a. In the Profile Name textbox, provide a name e.g Azure AD GlobalProtect.

b. In Identity Provider Metadata, click Browse and select the metadata.xml file which you have
downloaded from Azure portal
c. Click OK
Create Palo Alto Networks - GlobalProtect test user
In this section, a user called B.Simon is created in Palo Alto Networks - GlobalProtect. Palo Alto Networks -
GlobalProtect supports just-in-time user provisioning, which is enabled by default. There is no action item for you
in this section. If a user doesn't already exist in Palo Alto Networks - GlobalProtect, a new one is created after
authentication.
Test SSO
When you click the Palo Alto Networks - GlobalProtect tile in the Access Panel, you should be automatically signed
in to the Palo Alto Networks - GlobalProtect for which you set up SSO. For more information about the Access
Try Palo Alto Networks - GlobalProtect with Azure AD
integration with PandaDoc
In this tutorial, you'll learn how to integrate PandaDoc with Azure Active Directory (Azure AD ). When you integrate
PandaDoc with Azure AD, you can:
Control in Azure AD who has access to PandaDoc.
Enable your users to be automatically signed-in to PandaDoc with their Azure AD accounts.
Prerequisites
PandaDoc single sign-on (SSO ) enabled subscription.
PandaDoc supports SP and IDP initiated SSO
PandaDoc supports Just In Time user provisioning
NOTE
Adding PandaDoc from the gallery

To configure the integration of PandaDoc into Azure AD, you need to add PandaDoc from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type PandaDoc in the search box.
6. Select PandaDoc from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for PandaDoc

Configure and test Azure AD SSO with PandaDoc using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in PandaDoc.
To configure and test Azure AD SSO with PandaDoc, complete the following building blocks:
2. Configure PandaDoc SSO - to configure the single sign-on settings on application side.
a. Create PandaDoc test user - to have a counterpart of B.Simon in PandaDoc that is linked to the Azure

1. In the Azure portal, on the PandaDoc application integration page, find the Manage section and select
single sign-on.
edit the settings.
the Save button.
initiated mode:
In the Sign-on URL text box, type a URL: https://app.pandadoc.com/sso-login/
6. PandaDoc application expects the SAML assertions in a specific format, which requires you to add custom
default attributes
7. In addition to above, PandaDoc application expects few more attributes to be passed back in SAML
your requirement.
NAME NAMESPACE
9. On the Set up PandaDoc section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to PandaDoc.
2. In the applications list, select PandaDoc.
Configure PandaDoc SSO

To configure single sign-on on PandaDoc side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to PandaDoc support team. They set this setting to have the SAML
Create PandaDoc test user
In this section, a user called B.Simon is created in PandaDoc. PandaDoc supports just-in-time user provisioning,
PandaDoc, a new one is created after authentication.
Test SSO
When you click the PandaDoc tile in the Access Panel, you should be automatically signed in to the PandaDoc for
Try PandaDoc with Azure AD
Panopto
In this tutorial, you learn how to integrate Panopto with Azure Active Directory (Azure AD ). Integrating Panopto
You can control in Azure AD who has access to Panopto.
You can enable your users to be automatically signed-in to Panopto (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Panopto, you need the following items:
Panopto single sign-on enabled subscription
Panopto supports SP initiated SSO
Panopto supports Just In Time user provisioning
Adding Panopto from the gallery

To configure the integration of Panopto into Azure AD, you need to add Panopto from the gallery to your list of
managed SaaS apps.
To add Panopto from the gallery, perform the following steps:
4. In the search box, type Panopto, select Panopto from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Panopto based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Panopto
To configure and test Azure AD single sign-on with Panopto, you need to complete the following building blocks:
2. Configure Panopto Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Panopto test user - to have a counterpart of Britta Simon in Panopto that is linked to the Azure AD
To configure Azure AD single sign-on with Panopto, perform the following steps:
1. In the Azure portal, on the Panopto application integration page, select Single sign-on.
dialog.

In the Sign-on URL text box, type a URL using the following pattern: https://<tenant-name>.panopto.com
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact Panopto Client support team to get the
6. On the Set up Panopto section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Panopto Single Sign-On
1. In a different web browser window, log in to your Panopto company site as an administrator.
2. In the toolbar on the left, click System, and then click Identity Providers.
3. Click Add Provider.
4. In the SAML provider section, perform the following steps:

a. From the Provider Type list, select SAML20.
b. In the Instance Name textbox, type a name for the instance.
c. In the Friendly Description textbox, type a friendly description.
d. In Bounce Page Url textbox, paste the value of Login URL, which you have copied from Azure portal.
e. In the Issuer textbox, paste the value of Azure AD Identifier, which you have copied from Azure portal.
f. Open your base-64 encoded certificate, which you have downloaded from Azure portal, copy the content
of it in to your clipboard, and then paste it to the Public Key textbox.
5. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Panopto.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Panopto.
2. In the applications list, select Panopto.

Create Panopto test user
In this section, a user called Britta Simon is created in Panopto. Panopto supports just-in-time user provisioning,
which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Panopto,
NOTE
You can use any other Panopto user account creation tools or APIs provided by Panopto to provision Azure AD user
accounts.
Test single sign-on
When you click the Panopto tile in the Access Panel, you should be automatically signed in to the Panopto for
Panorama9
In this tutorial, you learn how to integrate Panorama9 with Azure Active Directory (Azure AD ). Integrating
Panorama9 with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Panorama9.
You can enable your users to be automatically signed-in to Panorama9 (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Panorama9, you need the following items:
Panorama9 single sign-on enabled subscription
Panorama9 supports SP initiated SSO
Adding Panorama9 from the gallery

To configure the integration of Panorama9 into Azure AD, you need to add Panorama9 from the gallery to your list
To add Panorama9 from the gallery, perform the following steps:
4. In the search box, type Panorama9, select Panorama9 from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Panorama9 based on a test user called Britta
Panorama9 needs to be established.
To configure and test Azure AD single sign-on with Panorama9, you need to complete the following building
blocks:
2. Configure Panorama9 Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Panorama9 test user - to have a counterpart of Britta Simon in Panorama9 that is linked to the Azure
To configure Azure AD single sign-on with Panorama9, perform the following steps:
1. In the Azure portal, on the Panorama9 application integration page, select Single sign-on.
dialog.

a. In the Sign on URL text box, type a URL: https://dashboard.panorama9.com/saml/access/3262
https://www.panorama9.com/saml20/<tenant-name>
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Panorama9 Client
7. On the Set up Panorama9 section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Panorama9 Single Sign-On
1. In a different web browser window, sign in to your Panorama9 company site as an administrator.
2. In the toolbar on the top, click Manage, and then click Extensions.
3. On the Extensions dialog, click Single Sign-On.
4. In the Settings section, perform the following steps:
a. In Identity provider URL textbox, paste the value of Login URL, which you have copied from Azure
portal.
b. In Certificate fingerprint textbox, paste the Thumbprint value of certificate, which you have copied
from Azure portal.
5. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Panorama9.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Panorama9.
2. In the applications list, select Panorama9.
Create Panorama9 test user
In order to enable Azure AD users to sign in to Panorama9, they must be provisioned into Panorama9.
In the case of Panorama9, provisioning is a manual task.
1. Sign in to your Panorama9 company site as an administrator.
2. In the menu on the top, click Manage, and then click Users.
3. In the Users section, Click + to add new user.
4. Go to the User data section, type the email address of a valid Azure Active Directory user you want to
provision into the Email textbox.
5. Come to the Users section, Click Save.
NOTE
becomes active.
Test single sign-on

When you click the Panorama9 tile in the Access Panel, you should be automatically signed in to the Panorama9
Pantheon
In this tutorial, you learn how to integrate Pantheon with Azure Active Directory (Azure AD ). Integrating Pantheon
You can control in Azure AD who has access to Pantheon.
You can enable your users to be automatically signed-in to Pantheon (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Pantheon, you need the following items:
Pantheon single sign-on enabled subscription
Pantheon supports IDP initiated SSO
Adding Pantheon from the gallery

To configure the integration of Pantheon into Azure AD, you need to add Pantheon from the gallery to your list of
managed SaaS apps.
To add Pantheon from the gallery, perform the following steps:
4. In the search box, type Pantheon, select Pantheon from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Pantheon based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Pantheon
To configure and test Azure AD single sign-on with Pantheon, you need to complete the following building blocks:
2. Configure Pantheon Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Pantheon test user - to have a counterpart of Britta Simon in Pantheon that is linked to the Azure AD
To configure Azure AD single sign-on with Pantheon, perform the following steps:
1. In the Azure portal, on the Pantheon application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type a URL using the following pattern: urn:auth0:pantheon:<orgname>-SSO
https://pantheon.auth0.com/login/callback?connection=<orgname>-SSO
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact Pantheon Client
5. Pantheon application expects the SAML assertions in a specific format, which requires you to add custom
default attributes, where as nameidentifier is mapped with user.userprincipalname. Pantheon application
7. On the Set up Pantheon section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Pantheon Single Sign-On
To configure single sign-on on Pantheon side, you need to send the downloaded Certificate and appropriate
copied URLs to Pantheon support team.
NOTE
You also need to provide the Email Domain(s) information and Date Time when you want to enable this connection. You can
find more details about it from here


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Pantheon.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Pantheon.
2. In the applications list, select Pantheon.

Create Pantheon test user
In this section, you create a user called Britta Simon in Pantheon. Please follow the below steps to add the user in
Pantheon.
NOTE
For SSO to work user needs to be created first in Pantheon.
1. Login to Pantheon with admin credentials.

2. Navigate to Organization dashboard page.
3. Click People.
4. Click Add user.
5. Enter the user's email address.
6. Choose the user's role.
7. Click Add user.
Test single sign-on
When you click the Pantheon tile in the Access Panel, you should be automatically signed in to the Pantheon for
PatentSQUARE
In this tutorial, you learn how to integrate PatentSQUARE with Azure Active Directory (Azure AD ). Integrating
PatentSQUARE with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to PatentSQUARE.
You can enable your users to be automatically signed-in to PatentSQUARE (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with PatentSQUARE, you need the following items:
PatentSQUARE single sign-on enabled subscription
PatentSQUARE supports SP initiated SSO
Adding PatentSQUARE from the gallery

To configure the integration of PatentSQUARE into Azure AD, you need to add PatentSQUARE from the gallery to
To add PatentSQUARE from the gallery, perform the following steps:
4. In the search box, type PatentSQUARE, select PatentSQUARE from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with PatentSQUARE based on a test user called
PatentSQUARE needs to be established.
To configure and test Azure AD single sign-on with PatentSQUARE, you need to complete the following building
blocks:
2. Configure PatentSQUARE Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create PatentSQUARE test user - to have a counterpart of Britta Simon in PatentSQUARE that is linked to
To configure Azure AD single sign-on with PatentSQUARE, perform the following steps:
1. In the Azure portal, on the PatentSQUARE application integration page, select Single sign-on.
dialog.

https://<companysubdomain>.pat-dss.com:443/patlics/secure/aad
https://<companysubdomain>.pat-dss.com:443/patlics
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact PatentSQUARE
6. On the Set up PatentSQUARE section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure PatentSQUARE Single Sign-On
To configure single sign-on on PatentSQUARE side, you need to send the downloaded Federation Metadata
XML and appropriate copied URLs from Azure portal to PatentSQUARE support team. They set this setting to

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to PatentSQUARE.
1. In the Azure portal, select Enterprise Applications, select All applications, then select PatentSQUARE.
2. In the applications list, select PatentSQUARE.
Create PatentSQUARE test user
In this section, you create a user called Britta Simon in PatentSQUARE. Work with PatentSQUARE support team to
add the users in the PatentSQUARE platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the PatentSQUARE tile in the Access Panel, you should be automatically signed in to the
PatentSQUARE for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Pavaso Digital Close
In this tutorial, you learn how to integrate Pavaso Digital Close with Azure Active Directory (Azure AD ). Integrating
Pavaso Digital Close with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Pavaso Digital Close.
You can enable your users to be automatically signed-in to Pavaso Digital Close (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Pavaso Digital Close, you need the following items:
Pavaso Digital Close single sign-on enabled subscription
Pavaso Digital Close supports SP and IDP initiated SSO
Adding Pavaso Digital Close from the gallery

To configure the integration of Pavaso Digital Close into Azure AD, you need to add Pavaso Digital Close from the
To add Pavaso Digital Close from the gallery, perform the following steps:
4. In the search box, type Pavaso Digital Close, select Pavaso Digital Close from result panel then click

building blocks:
2. Configure Pavaso Digital Close Single Sign-On - to configure the Single Sign-On settings on application
side.
5. Create Pavaso Digital Close test user - to have a counterpart of Britta Simon in Pavaso Digital Close that is
1. In the Azure portal, on the Pavaso Digital Close application integration page, select Single sign-on.
dialog.
https://<SUBDOMAIN>.pavaso.com/AuthServices
https://<SUBDOMAIN>.pavaso.com/AuthServices/Acs
initiated mode:
In the Sign-on URL text box, type a URL using the following pattern: https://<SUBDOMAIN>.pavaso.com .
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact Pavaso
Digital Close Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
7. On the Set up Pavaso Digital Close section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Pavaso Digital Close single sign-on
To configure single sign-on on Pavaso Digital Close side, you need to send the downloaded Federation
Metadata XML and appropriate copied URLs from Azure portal to Pavaso Digital Close support team. They set

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Pavaso Digital Close.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Pavaso Digital
Close.
2. In the applications list, select Pavaso Digital Close.

Create Pavaso Digital Close test user
In this section, you create a user called Britta Simon in Pavaso Digital Close. Work with Pavaso Digital Close
support team to add the users in the Pavaso Digital Close platform. Users must be created and activated before
Test single sign-on
When you click the Pavaso Digital Close tile in the Access Panel, you should be automatically signed in to the
Pavaso Digital Close for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
integration with Paylocity
In this tutorial, you'll learn how to integrate Paylocity with Azure Active Directory (Azure AD ). When you integrate
Paylocity with Azure AD, you can:
Control in Azure AD who has access to Paylocity.
Enable your users to be automatically signed-in to Paylocity with their Azure AD accounts.
Prerequisites
Paylocity single sign-on (SSO ) enabled subscription.
Paylocity supports SP and IDP initiated SSO
Adding Paylocity from the gallery

To configure the integration of Paylocity into Azure AD, you need to add Paylocity from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Paylocity in the search box.
6. Select Paylocity from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Paylocity

Configure and test Azure AD SSO with Paylocity using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Paylocity.
To configure and test Azure AD SSO with Paylocity, complete the following building blocks:
2. Configure Paylocity SSO - to configure the single sign-on settings on application side.
Create Paylocity test user - to have a counterpart of B.Simon in Paylocity that is linked to the Azure AD

1. In the Azure portal, on the Paylocity application integration page, find the Manage section and select
single sign-on.
edit the settings.
initiated mode:
In the Sign-on URL text box, type a URL: https://access.paylocity.com/
6. Click Save.
7. Paylocity application expects the SAML assertions in a specific format, which requires you to add custom
default attributes.
8. In addition to above, Paylocity application expects few more attributes to be passed back in SAML response
which are shown below. These attributes are also pre populated, but you have to update these attributes
with the real values.
PartnerID <"PartnerID">
PaylocityUser <"PaylocityUser">
PaylocityEntity <"PaylocityEntity">
computer.
10. On the Set up Paylocity section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Paylocity.
2. In the applications list, select Paylocity.
Configure Paylocity SSO

To configure single sign-on on Paylocity side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to Paylocity support team. They set this setting to have the SAML SSO
Create Paylocity test user
In this section, you create a user called B.Simon in Paylocity. Work with Paylocity support team to add the users in
the Paylocity platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the Paylocity tile in the Access Panel, you should be automatically signed in to the Paylocity for
Try Paylocity with Azure AD
Peakon
In this tutorial, you learn how to integrate Peakon with Azure Active Directory (Azure AD ). Integrating Peakon with
You can control in Azure AD who has access to Peakon.
You can enable your users to be automatically signed-in to Peakon (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Peakon, you need the following items:
Peakon single sign-on enabled subscription
Peakon supports SP and IDP initiated SSO
Adding Peakon from the gallery

To configure the integration of Peakon into Azure AD, you need to add Peakon from the gallery to your list of
managed SaaS apps.
To add Peakon from the gallery, perform the following steps:
4. In the search box, type Peakon, select Peakon from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Peakon based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Peakon
To configure and test Azure AD single sign-on with Peakon, you need to complete the following building blocks:
2. Configure Peakon Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Peakon test user - to have a counterpart of Britta Simon in Peakon that is linked to the Azure AD
To configure Azure AD single sign-on with Peakon, perform the following steps:
1. In the Azure portal, on the Peakon application integration page, select Single sign-on.
dialog.
https://app.peakon.com/saml/<companyid>/metadata
https://app.peakon.com/saml/<companyid>/assert
initiated mode:
In the Sign-on URL text box, type a URL: https://app.peakon.com/login
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL which is explained later in the
tutorial. You can also refer to the patterns shown in the Basic SAML Configuration section in the Azure portal.
on your computer.
7. On the Set up Peakon section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Peakon Single Sign-On
1. In a different web browser window, sign in to Peakon as an Administrator.
2. In the menu bar on the left side of the page, click Configuration, then navigate to Integrations.
3. On Integrations page, click on Single Sign-On.
4. Under Single Sign-On section, click on Enable.

5. On the Single sign-on for employees using SAML section, perform the following steps:
a. In the SSO Login URL textbox, paste the value of Login URL, which you have copied from the Azure
portal.
b. In the SSO Logout URL textbox, paste the value of Logout URL, which you have copied from the Azure
portal.
c. Click Choose file to upload the certificate that you have downloaded from the Azure portal, into the
Certificate box.
d. Click the icon to copy the Entity ID and paste in Identifier textbox in Basic SAML Configuration
section on Azure portal.
e. Click the icon to copy the Reply URL (ACS ) and paste in Reply URL textbox in Basic SAML
f. Click Save

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Peakon.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Peakon.
2. In the applications list, select Peakon.
Create Peakon test user
For enabling Azure AD users to sign in to Peakon, they must be provisioned into Peakon.
In the case of Peakon, provisioning is a manual task.
1. Sign in to your Peakon company site as an administrator.
2. In the menu bar on the left side of the page, click Configuration, then navigate to Employees.
3. On the top right side of the page, click Add employee.
4. On the New employee dialog page, perform the following steps:

a. In the Name textbox, type first name as Britta and last name as simon.
b. In the Email textbox, type the email address like Brittasimon@contoso.com.
c. Click Create employee.
Test single sign-on
When you click the Peakon tile in the Access Panel, you should be automatically signed in to the Peakon for which
Tutorial: Azure Active Directory integration with Pega
Systems
In this tutorial, you'll learn how to integrate Pega Systems with Azure Active Directory (Azure AD ).
This integration provides these benefits:
You can use Azure AD to control who has access to Pega Systems.
You can enable your users to be automatically signed-in to Pega Systems (single sign-on) with their Azure AD
accounts.
Directory.
If you don't have an Azure subscription, create a free account before you start.
Prerequisites
To configure Azure AD integration with Pega Systems, you need to have:
An Azure AD subscription. If you don't have an Azure AD environment, you can sign up for a one-month trial.
A Pega Systems subscription that has single sign-on enabled.
Pega Systems supports SP -initiated and IdP -initiated SSO.
Add Pega Systems from the gallery

To set up the integration of Pega Systems into Azure AD, you need to add Pega Systems from the gallery to your
2. Go to Enterprise applications > All applications.

4. In the search box, enter Pega Systems. Select Pega Systems in the search results, and then select Add.

In this section, you'll configure and test Azure AD single sign-on with Pega Systems by using a test user named
Britta Simon. To enable single sign-on, you need to establish a relationship between an Azure AD user and the
corresponding user in Pega Systems.
To configure and test Azure AD single sign-on with Pega Systems, you need to complete these steps:
2. Configure Pega Systems single sign-on on the application side.
5. Create a Pega Systems test user that's linked to the Azure AD representation of the user.
To configure Azure AD single sign-on with Pega Systems, take these steps:
1. In the Azure portal, on the Pega Systems application integration page, select Single sign-on:
4. In the Basic SAML Configuration dialog box, if you want to configure the application in IdP -initiated
mode, complete the following steps.
a. In the Identifier box, enter a URL in this pattern:
https://<customername>.pegacloud.io:443/prweb/sp/<instanceID>
b. In the Reply URL box, enter a URL in this pattern:

https://<customername>.pegacloud.io:443/prweb/PRRestService/WebSSO/SAML/AssertionConsumerService
5. If you want to configure the application in SP -initiated mode, select Set additional URLs and complete the
following steps.
a. In the Sign on URL box, enter the sign on URL value.

b. In the Relay State box, enter a URL in this pattern: https://<customername>.pegacloud.io/prweb/sso
NOTE
The values provided here are placeholders. You need to use the actual identifier, reply URL, sign on URL, and relay
state URL. You can get the identifier and reply URL values from a Pega application, as explained later in this tutorial.
To get the relay state value, contact the Pega Systems support team. You can also refer to the patterns shown in the
6. The Pega Systems application needs the SAML assertions to be in a specific format. To get them in the
correct format, you need to add custom attribute mappings to your SAML token attributes configuration.
The following screenshot shows the default attributes. Select the Edit icon to open the User Attributes
dialog box:
7. In addition to the attributes shown in the previous screenshot, the Pega Systems application requires a few
more attributes to be passed back in the SAML response. In the User claims section of the User Attributes
dialog box, complete the following steps to add these SAML token attributes:
uid
cn
mail
accessgroup
organization
orgdivision
orgunit
workgroup
Phone
NOTE
These values are specific to your organization. Provide the appropriate values.
a. Select Add new claim to open the Manage user claims dialog box:
a. In the Name box, enter the attribute name shown for that row.
b. Leave the Namespace box empty.
c. For the Source, select Attribute.
d. In the Source attribute list, select the attribute value shown for that row.
e. Select Ok.
f. Select Save.
Download link next to Federation Metadata XML, per your requirements, and save the certificate on
your computer:
9. In the Set up Pega Systems section, copy the appropriate URLs, based on your requirements.
a. Login URL.
c. Logout URL.
Configure Pega Systems single sign-on
1. To configure single sign-on on the Pega Systems side, sign in to the Pega Portal with an admin account in
another browser window.
2. Select Create > SysAdmin > Authentication Service:
3. Complete the following steps on the Create Authentication Service screen.
a. In the Type list, select SAML 2.0.

b. In the Name box, enter any name (for example, Azure AD SSO ).
c. In the Short description box, enter a description.
d. Select Create and open.
4. In the Identity Provider (IdP ) information section, select Import IdP metadata and browse to the
metadata file that you downloaded from the Azure portal. Click Submit to load the metadata:
The import will populate the IdP data as shown here:
5. Complete the following steps in the Service Provider (SP ) settings section.
a. Copy the Entity Identification value and paste it into the Identifier box in the Basic SAML
b. Copy the Assertion Consumer Service (ACS ) location value and paste it into the Reply URL box
c. Select Disable request signing.
6. Select Save.
3. In the User dialog box, complete the following steps.

b. In the User name box, enter brittasimon@<yourcompanydomain>.<extension>. (For example,
c. Select Show password, and then write down the value that's in the Password box.
d. Select Create.
In this section, you'll enable Britta Simon to use Azure single sign-on by granting her access to Pega Systems.
1. In the Azure portal, select Enterprise applications, select All applications, and then select Pega Systems.
2. In the list of applications, select Pega Systems.

for the user from the list. Click the Select button at the bottom of the screen.
Create a Pega Systems test user
Next, you need to create a user named Britta Simon in Pega Systems. Work with the Pega Systems support team to
create users.
Test single sign-on
When you select the Pega Systems tile in the Access Panel, you should be automatically signed in to the Pega
Systems instance for which you set up SSO. For more information, see Access and use apps on the My Apps
portal.
integration with People
In this tutorial, you'll learn how to integrate People with Azure Active Directory (Azure AD ). When you integrate
People with Azure AD, you can:
Control in Azure AD who has access to People.
Enable your users to be automatically signed-in to People with their Azure AD accounts.
Prerequisites
People single sign-on (SSO ) enabled subscription.
People supports SP initiated SSO
People Mobile application can now be configured with Azure AD for enabling SSO. In this tutorial, you
configure and test Azure AD SSO in a test environment.
NOTE
Adding People from the gallery

To configure the integration of People into Azure AD, you need to add People from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type People in the search box.
6. Select People from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for People

Configure and test Azure AD SSO with People using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in People.
To configure and test Azure AD SSO with People, complete the following building blocks:
2. Configure People SSO - to configure the Single Sign-On settings on application side.
a. Create People test user - to have a counterpart of B.Simon in People that is linked to the Azure AD

1. In the Azure portal, on the People application integration page, find the Manage section and select Single
sign-on.
https://<company name>.peoplehr.net
b. In the Identifier box, type a URL: https://www.peoplehr.com
https://<company name>.peoplehr.net/Pages/Saml/ConsumeAzureAD.aspx
NOTE
These values are not real. Update these values with the actual Sign-On URL and Reply URL. Contact People Client
computer.
6. On the Set up People section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to People.
2. In the applications list, select People.
Configure People SSO

1. To automate the configuration within People, you need to install My Apps Secure Sign-in browser
2. After adding extension to the browser, click on Setup People will direct you to the People application. From
there, provide the admin credentials to sign into People. The browser extension will automatically configure
3. If you want to setup People manually, open a new web browser window and sign into your People company
4. In the menu on the left side, click Settings.
5. Click Company.
6. On the Upload 'Single Sign On' SAML meta-data file, click Browse to upload the downloaded
metadata file.
Create People test user
In this section, you create a user called B.Simon in People. Work with People Client support team to add the users
in the People platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the People tile in the Access Panel, you should be automatically signed in to the People for which
Test SSO for People (Mobile)

1. Open People Mobile application. On the sign in page, enter the Email ID and then click on Single Sign
On.
2. Enter organization UserID and click Next.
3. Finally after successful sign in, the application homepage will be displayed shown below:
Try People with Azure AD
Peoplecart
In this tutorial, you learn how to integrate Peoplecart with Azure Active Directory (Azure AD ). Integrating
Peoplecart with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Peoplecart.
You can enable your users to be automatically signed-in to Peoplecart (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Peoplecart, you need the following items:
Peoplecart single sign-on enabled subscription
Peoplecart supports SP initiated SSO
Adding Peoplecart from the gallery

To configure the integration of Peoplecart into Azure AD, you need to add Peoplecart from the gallery to your list
To add Peoplecart from the gallery, perform the following steps:
4. In the search box, type Peoplecart, select Peoplecart from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Peoplecart based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Peoplecart
To configure and test Azure AD single sign-on with Peoplecart, you need to complete the following building blocks:
2. Configure Peoplecart Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Peoplecart test user - to have a counterpart of Britta Simon in Peoplecart that is linked to the Azure
To configure Azure AD single sign-on with Peoplecart, perform the following steps:
1. In the Azure portal, on the Peoplecart application integration page, select Single sign-on.
dialog.

https://<tenantname>.peoplecart.com/SignIn.aspx
https://<tenantname>.peoplecart.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Peoplecart Client
6. On the Set up Peoplecart section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Peoplecart Single Sign-On
To configure single sign-on on Peoplecart side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to Peoplecart support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Peoplecart.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Peoplecart.
2. In the applications list, select Peoplecart.
Create Peoplecart test user
In this section, you create a user called Britta Simon in Peoplecart. Work with Peoplecart support team to add the
users in the Peoplecart platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Peoplecart tile in the Access Panel, you should be automatically signed in to the Peoplecart for
Perception United States (Non-UltiPro)
In this tutorial, you learn how to integrate Perception United States (Non-UltiPro) with Azure Active Directory
(Azure AD ). Integrating Perception United States (Non-UltiPro) with Azure AD provides you with the following
benefits:
You can control in Azure AD who has access to Perception United States (Non-UltiPro).
You can enable your users to be automatically signed-in to Perception United States (Non-UltiPro) (Single Sign-
you begin.
Prerequisites
To configure Azure AD integration with Perception United States (Non-UltiPro), you need the following items:
Perception United States (Non-UltiPro) single sign-on enabled subscription
Perception United States (Non-UltiPro) supports IDP initiated SSO
Adding Perception United States (Non-UltiPro) from the gallery

To configure the integration of Perception United States (Non-UltiPro) into Azure AD, you need to add Perception
United States (Non-UltiPro) from the gallery to your list of managed SaaS apps.
To add Perception United States (Non-UltiPro) from the gallery, perform the following steps:
4. In the search box, type Perception United States (Non-UltiPro), select Perception United States
(Non-UltiPro) from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Perception United States (Non-UltiPro) based
the related user in Perception United States (Non-UltiPro) needs to be established.
To configure and test Azure AD single sign-on with Perception United States (Non-UltiPro), you need to complete
2. Configure Perception United States (Non-UltiPro) Single Sign-On - to configure the Single Sign-On
5. Create Perception United States (Non-UltiPro) test user - to have a counterpart of Britta Simon in
Perception United States (Non-UltiPro) that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with Perception United States (Non-UltiPro), perform the following steps:
1. In the Azure portal, on the Perception United States (Non-UltiPro) application integration page, select
Single sign-on.
dialog.
a. In the Identifier text box, type a URL: https://perception.kanjoya.com/sp
https://perception.kanjoya.com/sso?idp=<entity_id>
c. The Perception United States (Non-UltiPro) application requires the Azure AD Identifier value as
<entity_id>, which you will get from the Set up Perception United States (Non-UltiPro) section, to be
uri encoded. To get the uri encoded value, use the following link: http://www.url-encode-decode.com/.
d. After getting the uri encoded value combine it with the Reply URL as mentioned below -
https://perception.kanjoya.com/sso?idp=<URI encooded entity_id>
e. Paste the above value in the Reply URL textbox.

6. On the Set up Perception United States (Non-UltiPro) section, copy the appropriate URL (s) as per your
requirement.
a. Login URL
c. Logout URL
Configure Perception United States (Non-UltiPro ) Single Sign-On
1. In another browser window, sign on to your Perception United States (Non-UltiPro) company site as an
administrator.
2. In the main toolbar, click Account Settings.
3. On the Account Settings page, perform the following steps:
a. In the Company Name textbox, type the name of the Company.

b. In the Account Name textbox, type the name of the Account.
c. In Default Reply-To Email text box, type the valid Email.
d. Select SSO Identity Provider as SAML 2.0.
4. On the SSO Configuration page, perform the following steps:
a. Select SAML NameID Type as EMAIL.
b. In the SSO Configuration Name textbox, type the name of your Configuration.
c. In Identity Provider Name textbox, paste the value of Azure AD Identifier, which you have copied
from Azure portal.
d. In SAML Domain textbox, enter the domain like @contoso.com.
e. Click on Upload Again to upload the Metadata XML file.
f. Click Update.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Perception United States
(Non-UltiPro).
1. In the Azure portal, select Enterprise Applications, select All applications, then select Perception
United States (Non-UltiPro).
2. In the applications list, select Perception United States (Non-UltiPro).

Create Perception United States (Non-UltiPro ) test user
In this section, you create a user called Britta Simon in Perception United States (Non-UltiPro). Work with
Perception United States (Non-UltiPro) support team to add the users in the Perception United States (Non-
UltiPro) platform.
Test single sign-on
When you click the Perception United States (Non-UltiPro) tile in the Access Panel, you should be automatically
signed in to the Perception United States (Non-UltiPro) for which you set up SSO. For more information about the
Tutorial: Integrate Perceptyx with Azure Active
Directory
In this tutorial, you'll learn how to integrate Perceptyx with Azure Active Directory (Azure AD ). When you integrate
Perceptyx with Azure AD, you can:
Control in Azure AD who has access to Perceptyx.
Enable your users to be automatically signed-in to Perceptyx with their Azure AD accounts.
Prerequisites
Perceptyx single sign-on (SSO ) enabled subscription.
In this tutorial, you configure and test Azure AD SSO in a test environment. Perceptyx supports IDP initiated SSO.
Adding Perceptyx from the gallery

To configure the integration of Perceptyx into Azure AD, you need to add Perceptyx from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Perceptyx in the search box.
6. Select Perceptyx from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.

Configure and test Azure AD SSO with Perceptyx using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Perceptyx.
To configure and test Azure AD SSO with Perceptyx, complete the following building blocks:
2. Configure Perceptyx SSO - to configure the Single Sign-On settings on application side.
5. Create Perceptyx test user - to have a counterpart of B.Simon in Perceptyx that is linked to the Azure AD
1. In the Azure portal, on the Perceptyx application integration page, find the Manage section and select
Single sign-on.
https://<SubDomain>.perceptyx.com/<SurveyId>/index.cgi/saml-login?o=B
https://<SubDomain>.perceptyx.com/<SurveyId>/index.cgi/saml-login?o=P
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact Perceptyx Client
Configure Perceptyx SSO

To configure single sign-on on Perceptyx side, you need to send the App Federation Metadata Url to Perceptyx
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Perceptyx.
2. In the applications list, select Perceptyx.
Create Perceptyx test user
In this section, you create a user called B.Simon in Perceptyx. Work with Perceptyx support team to add the users in
the Perceptyx platform. Users must be created and activated before you use single sign-on.
Test SSO
When you select the Perceptyx tile in the Access Panel, you should be automatically signed in to the Perceptyx for
Percolate
In this tutorial, you'll learn how to integrate Percolate with Azure Active Directory (Azure AD ).
You can use Azure AD to control who has access to Percolate.
You can enable your users to be automatically signed in to Percolate (single sign-on) with their Azure AD
accounts.
Directory.
Prerequisites
To configure Azure AD integration with Percolate, you need to have:
A Percolate subscription that has single sign-on enabled.
Percolate supports SP -initiated and IdP -initiated SSO.
Add Percolate from the gallery

To configure the integration of Percolate into Azure AD, you need to add Percolate from the gallery to your list of
managed SaaS apps.

4. In the search box, enter Percolate. Select Percolate in the search results and then select Add.

In this section, you'll configure and test Azure AD single sign-on with Percolate by using a test user named Britta
corresponding user in Percolate.
To configure and test Azure AD single sign-on with Percolate, you need to complete these steps:
2. Configure Percolate single sign-on on the application side.
5. Create a Percolate test user that's linked to the Azure AD representation of the user.
To configure Azure AD single sign-on with Percolate, take these steps:
1. In the Azure portal, on the Percolate application integration page, select Single sign-on:
4. In the Basic SAML Configuration dialog box, you don't need to take any action to configure the
application in IdP -initiated mode. The app is already integrated with Azure.
5. If you want to configure the application in SP -initiated mode, select Set additional URLs and, in the Sign
on URL box, enter https://percolate.com/app/login:
Copy icon to copy the App Federation Metadata Url. Save this URL.
7. In the Set up Percolate section, copy the appropriate URLs, based on your requirements.
a. Login URL.
c. Logout URL.
Configure Percolate single sign-on
1. In a new web browser window, sign in to Percolate as an admin.
2. On the left side of the home page, select Settings:
3. In the left pane, select SSO under Organization:
a. In the Login URL box, paste the Login URL value that you copied from the Azure portal.
b. In the Entity ID box, paste the Azure AD Identifier value that you copied from the Azure portal.
c. In Notepad, open the base-64 encoded certificate that you downloaded from the Azure portal. Copy
its content and paste it into the x509 certificates box.
d. In the Email attribute box, enter emailaddress.
e. The Identity provider metadata URL box is an optional field. If you copied an App Federation
Metadata Url from the Azure portal, you can paste it into this box.
f. In the Should AuthNRequests be signed? list, select No.
g. In the Enable SSO auto-provisioning list, select No.
h. Select Save.

d. Select Create.
In this section, you'll enable Britta Simon to use Azure AD single sign-on by granting her access to Percolate.
1. In the Azure portal, select Enterprise applications, select All applications, and then select Percolate.
2. In the list of applications, select Percolate.
Create a Percolate test user
To enable Azure AD users to sign in to Percolate, you need to add them to Percolate. You need to add them
manually.
1. Sign in to Percolate as an admin.
2. In the left pane, select Users under Organization. Select New users:
3. On the Create users page, take the following steps.
a. In the Email box, enter the email address of the user. For example, brittasimon@contoso.com.
b. In the Full name box, enter the name of the user. For example, Brittasimon.
c. Select Create users.
Test single sign-on
When you select the Percolate tile in the Access Panel, you should be automatically signed in to the Percolate
instance for which you set up SSO. For more information, see Access and use apps on the My Apps portal.
PerformanceCentre
In this tutorial, you learn how to integrate PerformanceCentre with Azure Active Directory (Azure AD ). Integrating
PerformanceCentre with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to PerformanceCentre.
You can enable your users to be automatically signed-in to PerformanceCentre (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with PerformanceCentre, you need the following items:
PerformanceCentre single sign-on enabled subscription
PerformanceCentre supports SP initiated SSO
Adding PerformanceCentre from the gallery

To configure the integration of PerformanceCentre into Azure AD, you need to add PerformanceCentre from the
To add PerformanceCentre from the gallery, perform the following steps:
4. In the search box, type PerformanceCentre, select PerformanceCentre from result panel then click Add

In this section, you configure and test Azure AD single sign-on with PerformanceCentre based on a test user called
PerformanceCentre needs to be established.
To configure and test Azure AD single sign-on with PerformanceCentre, you need to complete the following
building blocks:
2. Configure PerformanceCentre Single Sign-On - to configure the Single Sign-On settings on application
side.
5. Create PerformanceCentre test user - to have a counterpart of Britta Simon in PerformanceCentre that is
To configure Azure AD single sign-on with PerformanceCentre, perform the following steps:
1. In the Azure portal, on the PerformanceCentre application integration page, select Single sign-on.
dialog.

http://<companyname>.performancecentre.com/saml/SSO
http://<companyname>.performancecentre.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact PerformanceCentre
6. On the Set up PerformanceCentre section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure PerformanceCentre Single Sign-On
1. Sign-on to your PerformanceCentre company site as administrator.
2. In the tab on the left side, click Configure.
3. In the tab on the left side, click Miscellaneous, and then click Single Sign On.
4. As Protocol, select SAML.
5. Open your downloaded metadata file in notepad, copy the content, paste it into the Identity Provider
Metadata textbox, and then click Save.
6. Verify that the values for the Entity Base URL and Entity ID URL are correct.


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to PerformanceCentre.
PerformanceCentre.
2. In the applications list, select PerformanceCentre.

Create PerformanceCentre test user
The objective of this section is to create a user called Britta Simon in PerformanceCentre.
To create a user called Britta Simon in PerformanceCentre, perform the following steps:
1. Sign on to your PerformanceCentre company site as administrator.
2. In the menu on the left, click Interrelate, and then click Create Participant.
3. On the Interrelate - Create Participant dialog, perform the following steps:
a. Type the required attributes for Britta Simon into related textboxes.
IMPORTANT
Britta's User Name attribute in PerformanceCentre must be the same as the User Name in Azure AD.
b. Select Client Administrator as Choose Role.

c. Click Save.
Test single sign-on
When you click the PerformanceCentre tile in the Access Panel, you should be automatically signed in to the
PerformanceCentre for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
Periscope Data
In this tutorial, you learn how to integrate Periscope Data with Azure Active Directory (Azure AD ). Integrating
Periscope Data with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Periscope Data.
You can enable your users to be automatically signed-in to Periscope Data (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Periscope Data, you need the following items:
Periscope Data single sign-on enabled subscription
Periscope Data supports SP initiated SSO
Adding Periscope Data from the gallery

To configure the integration of Periscope Data into Azure AD, you need to add Periscope Data from the gallery to
To add Periscope Data from the gallery, perform the following steps:
4. In the search box, type Periscope Data, select Periscope Data from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with Periscope Data based on a test user called
Periscope Data needs to be established.
To configure and test Azure AD single sign-on with Periscope Data, you need to complete the following building
blocks:
2. Configure Periscope Data Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Periscope Data test user - to have a counterpart of Britta Simon in Periscope Data that is linked to the
To configure Azure AD single sign-on with Periscope Data, perform the following steps:
1. In the Azure portal, on the Periscope Data application integration page, select Single sign-on.
dialog.

a. In the Sign on URL text box, type any of the URLs:
https://app.periscopedata.com/
https://app.periscopedata.com/app/<SITENAME>
https://app.periscopedata.com/<SITENAME>/sso
NOTE
The Sign on URL value is not real. Update the values with the actual Sign on URL. Contact Periscope Data Client
support team to get this value and the Identifier value you will get from the Configure Periscope Data Single
Sign-On section which is explained later in the tutorial. You can also refer to the patterns shown in the Basic SAML
Configure Periscope Data Single Sign-On

1. In a different web browser window, sign in to Periscope Data as an Administrator.
2. Open the gear menu in the bottom left and open the Billing > Security menu and perform the following
steps. Only admins have access to these settings.
a. Copy the App Federation Metadata URL from step #5 SAML Signing Certificate and open it in a
browser. This will open up an XML document.
b. In the Single Sign-On textbox, select Azure Active Directory.
c. Find the tag SingleSignOnService and paste the Location value in the SSO URL textbox.
d. Find the tag SingleLogoutService and paste the Location value in the SLO URL textbox.
e. Copy the Identifier value for your instance and paste it in Identifier (Entity ID ) textbox of Basic SAML
f. Find the first tag of the XML file, copy the value of entityID and paste it in the Issuer textbox.
g. Find the tag IDPSSODescriptor with SAML protocol. Within that section, find the tag KeyDescriptor
with use=signing. copy the value of X509Certificate and paste it in the Certificate textbox.
h. Sites with multiple spaces can choose the default space from the Default Space drop down. This will be
the space new users get added to when they log in to Periscope Data for the first time and are provisioned
through the Active Directory Single Sign On.
i. Finally, click Save and confirm the SSO settings change by typing Logout.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Periscope Data.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Periscope Data.
2. In the applications list, select Periscope Data.

Create Periscope Data test user
To enable Azure AD users to log in to Periscope Data, they must be provisioned into Periscope Data. In Periscope
Data, provisioning is a manual task.
1. Log in to Periscope Data as an Administrator.
2. Click on the Settings icon on the left bottom of the menu and navigate to Permissions.
3. Click on the ADD USER and perform the following steps:
a. In First Name text box, enter the first name of user like Britta.
c. In Email text box, enter the email of user like brittasimon@contoso.com.
d. Click ADD.
Test single sign-on
When you click the Periscope Data tile in the Access Panel, you should be automatically signed in to the Periscope
Data for which you set up SSO. For more information about the Access Panel, see Introduction to the Access Panel.
Phraseanet
In this tutorial, you learn how to integrate Phraseanet with Azure Active Directory (Azure AD ). Integrating
Phraseanet with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Phraseanet.
You can enable your users to be automatically signed-in to Phraseanet (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Phraseanet, you need the following items:
Phraseanet single sign-on enabled subscription
Phraseanet supports SP initiated SSO
Adding Phraseanet from the gallery

To configure the integration of Phraseanet into Azure AD, you need to add Phraseanet from the gallery to your list
To add Phraseanet from the gallery, perform the following steps:
4. In the search box, type Phraseanet, select Phraseanet from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Phraseanet based on a test user called Britta
Phraseanet needs to be established.
To configure and test Azure AD single sign-on with Phraseanet, you need to complete the following building
blocks:
2. Configure Phraseanet Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Phraseanet test user - to have a counterpart of Britta Simon in Phraseanet that is linked to the Azure
To configure Azure AD single sign-on with Phraseanet, perform the following steps:
1. In the Azure portal, on the Phraseanet application integration page, select Single sign-on.
dialog.

In the Sign-on URL text box, type a URL using the following pattern: https://<SUBDOMAIN>.alchemyasp.com
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact Phraseanet Client support team to get
6. On the Set up Phraseanet section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Phraseanet Single Sign-On
To configure single sign-on on Phraseanet side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to Phraseanet support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Phraseanet.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Phraseanet.
2. In the applications list, select Phraseanet.
Create Phraseanet test user
In this section, you create a user called Britta Simon in Phraseanet. Work with Phraseanet support team to add the
users in the Phraseanet platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Phraseanet tile in the Access Panel, you should be automatically signed in to the Phraseanet for
Picturepark
In this tutorial, you learn how to integrate Picturepark with Azure Active Directory (Azure AD ). Integrating
Picturepark with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Picturepark.
You can enable your users to be automatically signed-in to Picturepark (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Picturepark, you need the following items:
Picturepark single sign-on enabled subscription
Picturepark supports SP initiated SSO
Adding Picturepark from the gallery

To configure the integration of Picturepark into Azure AD, you need to add Picturepark from the gallery to your list
To add Picturepark from the gallery, perform the following steps:
4. In the search box, type Picturepark, select Picturepark from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Picturepark based on a test user called Britta
Picturepark needs to be established.
To configure and test Azure AD single sign-on with Picturepark, you need to complete the following building
blocks:
2. Configure Picturepark Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Picturepark test user - to have a counterpart of Britta Simon in Picturepark that is linked to the Azure
To configure Azure AD single sign-on with Picturepark, perform the following steps:
1. In the Azure portal, on the Picturepark application integration page, select Single sign-on.
dialog.

https://<companyname>.picturepark.com
https://<companyname>.current-picturepark.com
https://<companyname>.picturepark.com
https://<companyname>.next-picturepark.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Picturepark Client
7. On the Set up Picturepark section, copy the appropriate URL (s) as per your requirement. For Login URL,
use the value with the following pattern: https://login.microsoftonline.com/_my_directory_id_/wsfed
NOTE
my_directory_id is the tenant id of Azure AD subscription.
a. Azure AD Identifier
b. Logout URL
Configure Picturepark Single Sign-On
1. In a different web browser window, sign into your Picturepark company site as an administrator.
2. In the toolbar on the top, click Administrative tools, and then click Management Console.
3. Click Authentication, and then click Identity providers.

4. In the Identity provider configuration section, perform the following steps:
a. Click Add.
b. Type a name for your configuration.
c. Select Set as default.
d. In Issuer URI textbox, paste the value of Login URL which you have copied from Azure portal.
e. In Trusted Issuer Thumb Print textbox, paste the value of Thumbprint which you have copied from
SAML Signing Certificate section.
5. Click JoinDefaultUsersGroup.
6. To set the Emailaddress attribute in the Claim textbox, type
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress and click Save.


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Picturepark.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Picturepark.
2. In the applications list, select Picturepark.
Create Picturepark test user
In order to enable Azure AD users to sign into Picturepark, they must be provisioned into Picturepark. In the case
of Picturepark, provisioning is a manual task.
1. Sign in to your Picturepark tenant.
2. In the toolbar on the top, click Administrative tools, and then click Users.
3. In the Users overview tab, click New.
4. On the Create User dialog, perform the following steps of a valid Azure Active Directory User you want to
provision:
a. In the Email Address textbox, type the email address of the user BrittaSimon@contoso.com .
b. In the Password and Confirm Password textboxes, type the password of BrittaSimon.
c. In the First Name textbox, type the First Name of the user Britta.
d. In the Last Name textbox, type the Last Name of the user Simon.
e. In the Company textbox, type the Company name of the user.
f. In the Country textbox, select the Country/Region of the user.
g. In the ZIP textbox, type the ZIP code of the city.
h. In the City textbox, type the City name of the user.
i. Select a Language.
j. Click Create.
NOTE
You can use any other Picturepark user account creation tools or APIs provided by Picturepark to provision Azure AD user
accounts.
Test single sign-on

When you click the Picturepark tile in the Access Panel, you should be automatically signed in to the Picturepark
Pingboard
In this tutorial, you learn how to integrate Pingboard with Azure Active Directory (Azure AD ). Integrating
Pingboard with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Pingboard.
You can enable your users to be automatically signed-in to Pingboard (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Pingboard, you need the following items:
Pingboard single sign-on enabled subscription
Pingboard supports SP and IDP initiated SSO
Pingboard supports Automated user provisioning
Adding Pingboard from the gallery

To configure the integration of Pingboard into Azure AD, you need to add Pingboard from the gallery to your list
To add Pingboard from the gallery, perform the following steps:
4. In the search box, type Pingboard, select Pingboard from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Pingboard based on a test user called Britta
Pingboard needs to be established.
To configure and test Azure AD single sign-on with Pingboard, you need to complete the following building blocks:
2. Configure Pingboard Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Pingboard test user - to have a counterpart of Britta Simon in Pingboard that is linked to the Azure
To configure Azure AD single sign-on with Pingboard, perform the following steps:
1. In the Azure portal, on the Pingboard application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type a URL: http://app.pingboard.com/sp
https://<entity-id>.pingboard.com/auth/saml/consume
initiated mode:
https://<sub-domain>.pingboard.com/sign_in
NOTE
These values are not real. Update these values with the actual Reply URL and Sign-on URL. Contact Pingboard Client
7. On the Set up Pingboard section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Pingboard Single Sign-On
1. To configure SSO on Pingboard side, open a new browser window and sign in to your Pingboard Account.
You must be a Pingboard admin to set up single sign on.
2. From the top menu,, select Apps > Integrations
3. On the Integrations page, find the "Azure Active Directory" tile, and click it.
4. In the modal that follows click "Configure"

5. On the following page, you notice that "Azure SSO Integration is enabled". Open the downloaded Metadata
XML file in a notepad and paste the content in IDP Metadata.
6. The file is validated, and if everything is correct, single sign-on will now be enabled.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Pingboard.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Pingboard.
2. In the applications list, select Pingboard.

Create Pingboard test user
The objective of this section is to create a user called Britta Simon in Pingboard. Pingboard supports automatic
user provisioning, which is by default enabled. You can find more details here on how to configure automatic user
provisioning.
1. Sign in to your Pingboard company site as an administrator.
2. Click “Add Employee” button on Directory page.
3. On the “Add Employee” dialog page, perform the following steps:
a. In the Full Name textbox, type the full name of user like Britta Simon.
b. In the Email textbox, type the email address of user like **brittasimon@contoso.com**.
c. In the Job Title textbox, type the job title of Britta Simon.
d. In the Location dropdown, select the location of Britta Simon.
e. Click Add.
4. A confirmation screen comes up to confirm the addition of user.
NOTE
becomes active.
Test single sign-on

When you click the Pingboard tile in the Access Panel, you should be automatically signed in to the Pingboard for
PlanGrid
In this tutorial, you learn how to integrate PlanGrid with Azure Active Directory (Azure AD ). Integrating PlanGrid
You can control in Azure AD who has access to PlanGrid.
You can enable your users to be automatically signed-in to PlanGrid (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with PlanGrid, you need the following items:
PlanGrid single sign-on enabled subscription
PlanGrid supports SP and IDP initiated SSO
Adding PlanGrid from the gallery

To configure the integration of PlanGrid into Azure AD, you need to add PlanGrid from the gallery to your list of
managed SaaS apps.
To add PlanGrid from the gallery, perform the following steps:
4. In the search box, type PlanGrid, select PlanGrid from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with PlanGrid based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in PlanGrid
To configure and test Azure AD single sign-on with PlanGrid, you need to complete the following building blocks:
2. Configure PlanGrid Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create PlanGrid test user - to have a counterpart of Britta Simon in PlanGrid that is linked to the Azure AD
To configure Azure AD single sign-on with PlanGrid, perform the following steps:
1. In the Azure portal, on the PlanGrid application integration page, select Single sign-on.
dialog.
In the Identifier text box, type a URL: https://io.plangrid.com/sessions/saml/metadata
initiated mode:
In the Sign-on URL text box, type a URL: https://app.plangrid.com/login
7. On the Set up PlanGrid section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure PlanGrid Single Sign-On
To configure single sign-on on PlanGrid side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to PlanGrid support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to PlanGrid.
1. In the Azure portal, select Enterprise Applications, select All applications, then select PlanGrid.
2. In the applications list, select PlanGrid.
Create PlanGrid test user
In this section, you create a user called Britta Simon in PlanGrid. Work with PlanGrid support team to add the
users in the PlanGrid platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the PlanGrid tile in the Access Panel, you should be automatically signed in to the PlanGrid for
PlanMyLeave
In this tutorial, you learn how to integrate PlanMyLeave with Azure Active Directory (Azure AD ). Integrating
PlanMyLeave with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to PlanMyLeave.
You can enable your users to be automatically signed-in to PlanMyLeave (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with PlanMyLeave, you need the following items:
PlanMyLeave single sign-on enabled subscription
PlanMyLeave supports SP initiated SSO
PlanMyLeave supports Just In Time user provisioning
Adding PlanMyLeave from the gallery

To configure the integration of PlanMyLeave into Azure AD, you need to add PlanMyLeave from the gallery to
To add PlanMyLeave from the gallery, perform the following steps:
4. In the search box, type PlanMyLeave, select PlanMyLeave from result panel then click Add button to add
the application.

In this section, you configure and test Azure AD single sign-on with PlanMyLeave based on a test user called
PlanMyLeave needs to be established.
To configure and test Azure AD single sign-on with PlanMyLeave, you need to complete the following building
blocks:
2. Configure PlanMyLeave Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create PlanMyLeave test user - to have a counterpart of Britta Simon in PlanMyLeave that is linked to the
To configure Azure AD single sign-on with PlanMyLeave, perform the following steps:
1. In the Azure portal, on the PlanMyLeave application integration page, select Single sign-on.
dialog.

https://<company-name>.planmyleave.com/Login.aspx
https://<company-name>.planmyleave.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact PlanMyLeave Client
6. On the Set up PlanMyLeave section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure PlanMyLeave Single Sign-On
1. In a different web browser window, log into your PlanMyLeave tenant as an administrator.
2. Go to System Setup. Then on the Security Management section click Company SAML settings .
3. On the SAML Settings section, click editor icon.
4. On the Update SAML Settings section, perform the following steps:
a. In the Login URL textbox, paste Login URL which you have copied from Azure portal.
b. Open your downloaded metadata, copy X509Certificate value and then paste it to the Certificate
textbox.
c. Set "Is Enable" to "Yes".
d. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to PlanMyLeave.
1. In the Azure portal, select Enterprise Applications, select All applications, then select PlanMyLeave.
2. In the applications list, select PlanMyLeave.
Create PlanMyLeave test user
In this section, a user called Britta Simon is created in PlanMyLeave. PlanMyLeave supports just-in-time user
exist in PlanMyLeave, a new one is created after authentication.
NOTE
If you need to create a user manually, you need to contact PlanMyLeave support team.
Test single sign-on

When you click the PlanMyLeave tile in the Access Panel, you should be automatically signed in to the
PlanMyLeave for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
integration with Pluralsight
In this tutorial, you'll learn how to integrate Pluralsight with Azure Active Directory (Azure AD ). When you
integrate Pluralsight with Azure AD, you can:
Control in Azure AD who has access to Pluralsight.
Enable your users to be automatically signed-in to Pluralsight with their Azure AD accounts.
Prerequisites
Pluralsight single sign-on (SSO ) enabled subscription.
Pluralsight supports SP initiated SSO
Pluralsight supports just-in-time user provisioning
NOTE
Adding Pluralsight from the gallery

To configure the integration of Pluralsight into Azure AD, you need to add Pluralsight from the gallery to your list
5. In the Add from the gallery section, type Pluralsight in the search box.
6. Select Pluralsight from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Pluralsight

Configure and test Azure AD SSO with Pluralsight using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Pluralsight.
To configure and test Azure AD SSO with Pluralsight, complete the following building blocks:
2. Configure Pluralsight SSO - to configure the single sign-on settings on application side.
a. Create Pluralsight test user - to have a counterpart of B.Simon in Pluralsight that is linked to the Azure

1. In the Azure portal, on the Pluralsight application integration page, find the Manage section and select
single sign-on.
edit the settings.
https://<instancename>.pluralsight.com/sso/<companyname>
b. In the Identifier box, type a URL using the following pattern: www.pluralsight.com
https://<instancename>.pluralsight.com/sp/ACS.saml2
NOTE
These values are not real. Update these values with the actual Sign-On URL and Reply URL. Contact Pluralsight Client
computer.
6. On the Set up Pluralsight section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Pluralsight.
2. In the applications list, select Pluralsight.
Configure Pluralsight SSO

To configure single sign-on on Pluralsight side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to Pluralsight support team. They set this setting to have the
Create Pluralsight test user
In this section, a user called Britta Simon is created in Pluralsight. Pluralsight supports just-in-time user
exist in Pluralsight, a new one is created after authentication.
Test SSO
When you click the Pluralsight tile in the Access Panel, you should be automatically signed in to the Pluralsight for
Try Pluralsight with Azure AD
PolicyStat
In this tutorial, you learn how to integrate PolicyStat with Azure Active Directory (Azure AD ). Integrating PolicyStat
You can control in Azure AD who has access to PolicyStat.
You can enable your users to be automatically signed-in to PolicyStat (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with PolicyStat, you need the following items:
PolicyStat single sign-on enabled subscription
PolicyStat supports SP initiated SSO
PolicyStat supports Just In Time user provisioning
Adding PolicyStat from the gallery

To configure the integration of PolicyStat into Azure AD, you need to add PolicyStat from the gallery to your list of
managed SaaS apps.
To add PolicyStat from the gallery, perform the following steps:
4. In the search box, type PolicyStat, select PolicyStat from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with PolicyStat based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in PolicyStat
To configure and test Azure AD single sign-on with PolicyStat, you need to complete the following building blocks:
2. Configure PolicyStat Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create PolicyStat test user - to have a counterpart of Britta Simon in PolicyStat that is linked to the Azure AD
To configure Azure AD single sign-on with PolicyStat, perform the following steps:
1. In the Azure portal, on the PolicyStat application integration page, select Single sign-on.
dialog.

https://<companyname>.policystat.com
https://<companyname>.policystat.com/saml2/metadata/
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact PolicyStat Client
6. Your PolicyStat application expects the SAML assertions in a specific format, which requires you to add
7. In addition to above, PolicyStat application expects few more attributes to be passed back in SAML
uid ExtractMailPrefix([mail])
d. Select Source as Transformation.
e. From the Transformation list, type the attribute value shown for that row.
f. From the Parameter 1 list, type the attribute value shown for that row.
g. Click Save.
8. On the Set up PolicyStat section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure PolicyStat Single Sign-On
1. In a different web browser window, log into your PolicyStat company site as an administrator.
2. Click the Admin tab, and then click Single Sign-On Configuration in left navigation pane.
3. In the Setup section, select Enable Single Sign-on Integration.
4. Click Configure Attributes, and then, in the Configure Attributes section, perform the following steps:
a. In the Username Attribute textbox, type uid.
b. In the First Name Attribute textbox, type firstname of user Britta.
c. In the Last Name Attribute textbox, type lastname of user Simon.
d. In the Email Attribute textbox, type emailaddress of user BrittaSimon@contoso.com .
e. Click Save Changes.
5. Click Your IDP Metadata, and then, in the Your IDP Metadata section, perform the following steps:
a. Open your downloaded metadata file, copy the content, and then paste it into the Your Identity Provider
Metadata textbox.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to PolicyStat.
1. In the Azure portal, select Enterprise Applications, select All applications, then select PolicyStat.
2. In the applications list, select PolicyStat.
Create PolicyStat test user
In this section, a user called Britta Simon is created in PolicyStat. PolicyStat supports just-in-time user provisioning,
PolicyStat, a new one is created after authentication.
NOTE
You can use any other PolicyStat user account creation tools or APIs provided by PolicyStat to provision Azure AD user
accounts.
Test single sign-on

When you click the PolicyStat tile in the Access Panel, you should be automatically signed in to the PolicyStat for
PostBeyond
In this tutorial, you learn how to integrate PostBeyond with Azure Active Directory (Azure AD ). Integrating
PostBeyond with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to PostBeyond.
You can enable your users to be automatically signed-in to PostBeyond (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with PostBeyond, you need the following items:
PostBeyond single sign-on enabled subscription
PostBeyond supports SP initiated SSO
Adding PostBeyond from the gallery

To configure the integration of PostBeyond into Azure AD, you need to add PostBeyond from the gallery to your
To add PostBeyond from the gallery, perform the following steps:
4. In the search box, type PostBeyond, select PostBeyond from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with PostBeyond based on a test user called Britta
PostBeyond needs to be established.
To configure and test Azure AD single sign-on with PostBeyond, you need to complete the following building
blocks:
2. Configure PostBeyond Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create PostBeyond test user - to have a counterpart of Britta Simon in PostBeyond that is linked to the Azure
To configure Azure AD single sign-on with PostBeyond, perform the following steps:
1. In the Azure portal, on the PostBeyond application integration page, select Single sign-on.
dialog.

a. In the Sign on URL text box, type a URL using the following pattern: https://<subdomain>.postbeyond.com
https://<subdomain>.postbeyond.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact PostBeyond Client
6. On the Set up PostBeyond section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure PostBeyond Single Sign-On
To configure single sign-on on PostBeyond side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to PostBeyond support team. They set this setting to have the SAML

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to PostBeyond.
1. In the Azure portal, select Enterprise Applications, select All applications, then select PostBeyond.
2. In the applications list, select PostBeyond.
Create PostBeyond test user
In this section, you create a user called Britta Simon in PostBeyond. Work with PostBeyond support team to add
the users in the PostBeyond platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the PostBeyond tile in the Access Panel, you should be automatically signed in to the PostBeyond
Powerschool Performance Matters
In this tutorial, you learn how to integrate Powerschool Performance Matters with Azure Active Directory (Azure
AD ). Integrating Powerschool Performance Matters with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Powerschool Performance Matters.
You can enable your users to be automatically signed-in to Powerschool Performance Matters (Single Sign-On)
you begin.
Prerequisites
To configure Azure AD integration with Powerschool Performance Matters, you need the following items:
Powerschool Performance Matters single sign-on enabled subscription
Powerschool Performance Matters supports SP initiated SSO
Adding Powerschool Performance Matters from the gallery

To configure the integration of Powerschool Performance Matters into Azure AD, you need to add Powerschool
Performance Matters from the gallery to your list of managed SaaS apps.
To add Powerschool Performance Matters from the gallery, perform the following steps:
4. In the search box, type Powerschool Performance Matters, select Powerschool Performance Matters

In this section, you configure and test Azure AD single sign-on with Powerschool Performance Matters based on a
related user in Powerschool Performance Matters needs to be established.
To configure and test Azure AD single sign-on with Powerschool Performance Matters, you need to complete the
2. Configure Powerschool Performance Matters Single Sign-On - to configure the Single Sign-On settings
5. Create Powerschool Performance Matters test user - to have a counterpart of Britta Simon in Powerschool
Performance Matters that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with Powerschool Performance Matters, perform the following steps:
1. In the Azure portal, on the Powerschool Performance Matters application integration page, select Single
sign-on.
dialog.

https://ola.performancematters.com/ola/?clientcode=<Client Code>
https://unify.performancematters.com/?idp=<IDP>
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact Powerschool Performance Matters Client
the Azure portal.
6. On the Set up Powerschool Performance Matters section, copy the appropriate URL (s) as per your
requirement.
a. Login URL
c. Logout URL
Configure Powerschool Performance Matters Single Sign-On
To configure single sign-on on Powerschool Performance Matters side, you need to send the downloaded
Federation Metadata XML and appropriate copied URLs from Azure portal to Powerschool Performance
Matters support team. They set this setting to have the SAML SSO connection set properly on both sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Powerschool
Performance Matters.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Powerschool
Performance Matters.
2. In the applications list, select Powerschool Performance Matters.

Create Powerschool Performance Matters test user
In this section, you create a user called Britta Simon in Powerschool Performance Matters. Work with Powerschool
Performance Matters support team to add the users in the Powerschool Performance Matters platform. Users must
be created and activated before you use single sign-on.
Test single sign-on
When you click the Powerschool Performance Matters tile in the Access Panel, you should be automatically signed
in to the Powerschool Performance Matters for which you set up SSO. For more information about the Access
Predictix Assortment Planning
In this tutorial, you'll learn how to integrate Predictix Assortment Planning with Azure Active Directory (Azure AD ).
You can use Azure AD to control who has access to Predictix Assortment Planning.
You can enable your users to be automatically signed in to Predictix Assortment Planning (single sign-on) with
Directory.
Prerequisites
To configure Azure AD integration with Predictix Assortment Planning, you need to have:
A Predictix Assortment Planning subscription that has single sign-on enabled.
Predictix Assortment Planning supports SP -initiated SSO.
Add Predictix Assortment Planning from the gallery

To set up the integration of Predictix Assortment Planning into Azure AD, you need to add Predictix Assortment
Planning from the gallery to your list of managed SaaS apps.

4. In the search box, enter Predictix Assortment Planning. Select Predictix Assortment Planning in the
search results and then select Add.

In this section, you'll configure and test Azure AD single sign-on with Predictix Assortment Planning by using a test
user named Britta Simon. To enable single sign-on, you need to establish a relationship between an Azure AD user
and the corresponding user in Predictix Assortment Planning.
To configure and test Azure AD single sign-on with Predictix Assortment Planning, you need to complete these
steps:
2. Configure Predictix Assortment Planning single sign-on on the application side.
5. Create a Predictix Assortment Planning test user that's linked to the Azure AD representation of the user.
To configure Azure AD single sign-on with Predictix Assortment Planning, take these steps:
1. In the Azure portal, on the Predictix Assortment Planning application integration page, select Single
sign-on:
4. In the Basic SAML Configuration dialog box, complete the following steps.
https://<sub-domain>.ap.predictix.com/sso/request
https://<sub-domain>.dev.ap.predictix.com/
https://<sub-domain>.ap.predictix.com
https://<sub-domain>.dev.ap.predictix.com
NOTE
These values are placeholders. You need to use the actual sign-on URL and identifier. Contact the Predictix
Assortment Planning support team to get the values. You can also refer to the patterns shown in the Basic SAML
Configuration dialog box in the Azure portal.
computer:
6. In the Set up Predictix Assortment Planning section, copy the appropriate URLs, based on your
requirements:
a. Login URL.
c. Logout URL.
Configure Predictix Assortment Planning single sign-on
To configure single sign-on on the Predictix Assortment Planning side, you need to send the certificate that you
downloaded and the URLs that you copied from the Azure portal to the Predictix Assortment Planning support
team. This team ensures the SAML SSO connection is set properly on both sides.

c. Select Show password, and then write down the value that's in the Password box.
d. Select Create.
In this section, you'll enable Britta Simon to use Azure AD single sign-on by granting her access to Predictix
Assortment Planning.
1. In the Azure portal, select Enterprise applications, select All applications, and then select Predictix
Assortment Planning.
2. In the list of applications, select Predictix Assortment Planning.

Create a Predictix Assortment Planning test user
Next, you need to create a user named Britta Simon in Predictix Assortment Planning. Work with the Predictix
Assortment Planning support team to add users. Users need to be created and activated before you use single
sign-on.
NOTE
The Azure AD account holder receives an email and selects a link to confirm the account before it becomes active.
Test single sign-on
When you select the Predictix Assortment Planning tile in the Access Panel, you should be automatically signed in
to the Predictix Assortment Planning instance for which you set up SSO. For more information, see Access and use
apps on the My Apps portal.
Predictix Ordering
In this tutorial, you'll learn how to integrate Predictix Ordering with Azure Active Directory (Azure AD ). This
integration provides these benefits:
You can use Azure AD to control who has access to Predictix Ordering.
You can enable your users to be automatically signed in to Predictix Ordering (single sign-on) with their Azure
AD accounts.
Directory.
Prerequisites
To configure Azure AD integration with Predictix Ordering, you need to have:
A Predictix Ordering subscription that has single sign-on enabled.
Predictix Ordering supports SP -initiated SSO.
Add Predictix Ordering from the gallery

To set up the integration of Predictix Ordering into Azure AD, you need to add Predictix Ordering from the gallery

4. In the search box, enter Predictix Ordering. Select Predictix Ordering in the search results and then
select Add.

In this section, you'll configure and test Azure AD single sign-on with Predictix Ordering by using a test user
named Britta Simon. To enable single sign-on, you need to establish a relationship between an Azure AD user and
the corresponding user in Predictix Ordering.
To configure and test Azure AD single sign-on with Predictix Ordering, you need to complete these steps:
2. Configure Predictix Ordering single sign-on on the application side.
5. Create a Predictix Ordering test user that's linked to the Azure AD representation of the user.
To configure Azure AD single sign-on with Predictix Ordering, take these steps:
1. In the Azure portal, on the Predictix Ordering application integration page, select Single sign-on:
https://<companyname-pricing>.ordering.predictix.com/sso/request
https://<companyname-pricing>.dev.ordering.predictix.com
https://<companyname-pricing>.ordering.predictix.com
NOTE
These values are placeholders. You need to use the actual sign-on URL and identifier. Contact the Predictix Ordering
support team to get the values. You can also refer to the patterns shown in the Basic SAML Configuration dialog
box in the Azure portal.
computer:
6. In the Set up Predictix Ordering section, copy the appropriate URLs, based on your requirements:
a. Login URL.
c. Logout URL.
Configure Predictix Ordering single sign-on
To configure single sign-on on the Predictix Ordering side, you need to send the certificate that you downloaded
and the URLs that you copied from the Azure portal to the Predictix Ordering support team. This team ensures the
SAML SSO connection is set properly on both sides.

d. Select Create.
In this section, you'll enable Britta Simon to use Azure AD single sign-on by granting her access to Predictix
Ordering.
Ordering:
2. In the list of applications, select Predictix Ordering.

Create a Predictix Ordering test user
Next, you need to create a user named Britta Simon in Predictix Ordering. Work with the Predictix Ordering
support team to add users. Users need to be created and activated before you use single sign-on.
Test single sign-on
When you select the Predictix Ordering tile in the Access Panel, you should be automatically signed in to the
Predictix Ordering instance for which you set up SSO. For more information, see Access and use apps on the My
Apps portal.
Predictix Price Reporting
In this tutorial, you'll learn how to integrate Predictix Price Reporting with Azure Active Directory (Azure AD ).
You can use Azure AD to control who has access to Predictix Price Reporting.
You can enable your users to be automatically signed in to Predictix Price Reporting (single sign-on) with their
Azure AD accounts.
Directory.
Prerequisites
To configure Azure AD integration with Predictix Price Reporting, you need:
An Azure AD subscription. If you don't have an Azure AD environment, you can sign up for a one-month trial
subscription.
A Predictix Price Reporting subscription that has single sign-on enabled.
Predictix Price Reporting supports SP -initiated SSO.
Adding Predictix Price Reporting from the gallery

To set up the integration of Predictix Price Reporting into Azure AD, you need to add Predictix Price Reporting

4. In the search box, enter Predictix Price Reporting. Select Predictix Price Reporting in the search results
and then select Add.

In this section, you'll configure and test Azure AD single sign-on with Predictix Price Reporting by using a test user
named Britta Simon. To enable single sign-on, you need to establish a relationship between an Azure AD user and
the corresponding user in Predictix Price Reporting.
To configure and test Azure AD single sign-on with Predictix Price Reporting, you need to complete these steps:
2. Configure Predictix Price Reporting single sign-on on the application side.
5. Create a Predictix Price Reporting test user that's linked to the Azure AD representation of the user.
To configure Azure AD single sign-on with Predictix Price Reporting, take these steps:
1. In the Azure portal, on the Predictix Price Reporting application integration page, select Single sign-on:
https://<companyname-pricing>.predictix.com/sso/request
https://<companyname-pricing>.predictix.com
https://<companyname-pricing>.dev.predictix.com
NOTE
These values are placeholders. You need to use the actual sign-on URL and identifier. Contact the Predictix Price
Reporting support team to get the values. You can also refer to the patterns shown in the Basic SAML
computer:
6. In the Set up Predictix Price Reporting section, copy the appropriate URLs, based on your requirements.
a. Login URL.
c. Logout URL.
Configure Predictix Price Reporting single sign-on
To configure single sign-on on the Predictix Price Reporting side, you need to send the certificate that you
downloaded and the URLs that you copied from the Azure portal to the Predictix Price Reporting support team.
This team ensures the SAML SSO connection is set properly on both sides.

d. Select Create.
In this section, you'll enable Britta Simon to use Azure AD single sign-on by granting her access to Predictix Price
Reporting.
Price Reporting.
2. In the list of applications, select Predictix Price Reporting.

Create a Predictix Price Reporting test user
Next, you need to create a user named Britta Simon in Predictix Price Reporting. Work with the Predictix Price
Reporting support team to add users. Users need to be created and activated before you use single sign-on.
Test single sign-on
When you select the Predictix Price Reporting tile in the Access Panel, you should be automatically signed in to the
Predictix Price Reporting instance for which you set up SSO. For more information, see Access and use apps on the
My Apps portal.
Printix
In this tutorial, you learn how to integrate Printix with Azure Active Directory (Azure AD ).
Integrating Printix with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Printix
You can enable your users to automatically get signed-on to Printix (Single Sign-On) with their Azure AD
accounts
You can manage your accounts in one central location - the Azure portal
Prerequisites
To configure Azure AD integration with Printix, you need the following items:
A Printix single sign-on enabled subscription
NOTE
If you don't have an Azure AD trial environment, you can get a one-month trial here.
In this tutorial, you test Azure AD single sign-on in a test environment. The scenario outlined in this tutorial
consists of two main building blocks:
1. Adding Printix from the gallery
2. Configuring and testing Azure AD single sign-on
Adding Printix from the gallery

To configure the integration of Printix into Azure AD, you need to add Printix from the gallery to your list of
managed SaaS apps.
To add Printix from the gallery, perform the following steps:
2. Navigate to Enterprise applications. Then go to All applications.
4. In the search box, type Printix.
5. In the results panel, select Printix, and then click Add button to add the application.
Configuring and testing Azure AD single sign-on

In this section, you configure and test Azure AD single sign-on with Printix based on a test user called "Britta
Simon".
For single sign-on to work, Azure AD needs to know what the counterpart user in Printix is to a user in Azure AD.
In other words, a link relationship between an Azure AD user and the related user in Printix needs to be
established.
In Printix, assign the value of the user name in Azure AD as the value of the Username to establish the link
relationship.
To configure and test Azure AD single sign-on with Printix, you need to complete the following building blocks:
1. Configuring Azure AD Single Sign-On - to enable your users to use this feature.
2. Creating an Azure AD test user - to test Azure AD single sign-on with Britta Simon.
3. Creating a Printix test user - to have a counterpart of Britta Simon in Printix that is linked to the Azure AD
4. Assigning the Azure AD test user - to enable Britta Simon to use Azure AD single sign-on.
5. Testing Single Sign-On - to verify whether the configuration works.
Configuring Azure AD single sign-on
In this section, you enable Azure AD single sign-on in the Azure portal and configure single sign-on in your Printix
application.
To configure Azure AD single sign-on with Printix, perform the following steps:
1. In the Azure portal, on the Printix application integration page, click Single sign-on.
2. On the Single sign-on dialog, select Mode as SAML -based Sign-on to enable single sign-on.
3. On the Printix Domain and URLs section, perform the following steps:
In the Sign-on URL textbox, type a URL using the following pattern: https://<subdomain>.printix.net
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact Printix Client support team to get the
value.
4. On the SAML Signing Certificate section, click Metadata XML and then save the metadata file on your
computer.
6. Sign-on to your Printix tenant as an administrator.

7. In the menu on the top, click the icon at the upper right corner and select "Authentication".
8. On the Setup tab, select Enable Azure/Office 365 authentication

9. On the Azure tab, input federation metadata URL to the textbox of "Federation metadata document".
Attach the metadata xml file which you downloaded from Azure AD to Printix support team. Then they
upload the xml file and provide a federation metadata URL.
10. Click the "Test" button and click "OK" button if the test was successful.
Azure active directory page will show after clicking the test button. "The test was successful" here means
after entering the credentials of your Azure test account it will pop up a message "Settings tested OK".Then
click the OK button.
11. Click the Save button on "Authentication" page.
TIP
You can now read a concise version of these instructions inside the Azure portal, while you are setting up the app! After
adding this app from the Active Directory > Enterprise Applications section, simply click the Single Sign-On tab and
access the embedded documentation through the Configuration section at the bottom. You can read more about the
embedded documentation feature here: Azure AD embedded documentation
Creating an Azure AD test user

To create a test user in Azure AD, perform the following steps:
1. In the Azure portal, on the left navigation pane, click Azure Active Directory icon.
2. To display the list of users, go to Users and groups and click All users.
3. To open the User dialog, click Add on the top of the dialog.
4. On the User dialog page, perform the following steps:

a. In the Name textbox, type BrittaSimon.
b. In the User name textbox, type the email address of BrittaSimon.
c. Select Show Password and write down the value of the Password.
d. Click Create.
Creating a Printix test user
The objective of this section is to create a user called Britta Simon in Printix. Printix supports just-in-time
There is no action item for you in this section. A new user is created during an attempt to access Printix if it doesn't
exist yet.
NOTE
If you need to create a user manually, you need to contact the Printix support team.
Assigning the Azure AD test user

In this section, you enable Britta Simon to use Azure single sign-on by granting access to Printix.
To assign Britta Simon to Printix, perform the following steps:

1. In the Azure portal, open the applications view, and then navigate to the directory view and go to
Enterprise applications then click All applications.
2. In the applications list, select Printix.
4. Click Add button. Then select Users and groups on Add Assignment dialog.
5. On Users and groups dialog, select Britta Simon in the Users list.
6. Click Select button on Users and groups dialog.
7. Click Assign button on Add Assignment dialog.
Testing single sign-on
When you click the Printix tile in the Access Panel, you should get automatically signed-on to your Printix
application.
integration with Prisma Cloud
In this tutorial, you'll learn how to integrate Prisma Cloud with Azure Active Directory (Azure AD ). When you
integrate Prisma Cloud with Azure AD, you can:
Control in Azure AD who has access to Prisma Cloud.
Enable your users to be automatically signed-in to Prisma Cloud with their Azure AD accounts.
Prerequisites
Prisma Cloud single sign-on (SSO ) enabled subscription.
Prisma Cloud supports IDP initiated SSO
Prisma Cloud supports Just In Time user provisioning
Adding Prisma Cloud from the gallery

To configure the integration of Prisma Cloud into Azure AD, you need to add Prisma Cloud from the gallery to
5. In the Add from the gallery section, type Prisma Cloud in the search box.
6. Select Prisma Cloud from results panel and then add the app. Wait a few seconds while the app is added to
your tenant.
Configure and test Azure AD single sign-on for Prisma Cloud

Configure and test Azure AD SSO with Prisma Cloud using a test user called B.Simon. For SSO to work, you
need to establish a link relationship between an Azure AD user and the related user in Prisma Cloud.
To configure and test Azure AD SSO with Prisma Cloud, complete the following building blocks:
2. Configure Prisma Cloud SSO - to configure the single sign-on settings on application side.
a. Create Prisma Cloud test user - to have a counterpart of B.Simon in Prisma Cloud that is linked to the

1. In the Azure portal, on the Prisma Cloud application integration page, find the Manage section and select
single sign-on.
edit the settings.
https://app2.prismacloud.io/customer/<CUSTOMERID>
b. The Reply URL values are fixed and already pre-populated in Azure portal. You need to select the
appropriate URL according to your requirement.
NOTE
The Identifier value is not real. Update the value with the actual Identifier. Contact Prisma Cloud Client support team
portal.
6. On the Set up Prisma Cloud section, copy the appropriate URL (s) based on your requirement.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Prisma Cloud.
2. In the applications list, select Prisma Cloud.
Configure Prisma Cloud SSO

To configure single sign-on on Prisma Cloud side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to Prisma Cloud support team. They set this setting to have the SAML
Create Prisma Cloud test user
In this section, a user called B.Simon is created in Prisma Cloud. Prisma Cloud supports just-in-time provisioning,
which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Prisma
Cloud, a new one is created when you attempt to access Prisma Cloud.
Test SSO
When you click the Prisma Cloud tile in the Access Panel, you should be automatically signed in to the Prisma
Cloud for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Try Prisma Cloud with Azure AD
Procore SSO
In this tutorial, you learn how to integrate Procore SSO with Azure Active Directory (Azure AD ). Integrating
Procore SSO with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Procore SSO.
You can enable your users to be automatically signed-in to Procore SSO (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Procore SSO, you need the following items:
Procore SSO single sign-on enabled subscription
Procore SSO supports IDP initiated SSO
Adding Procore SSO from the gallery

To configure the integration of Procore SSO into Azure AD, you need to add Procore SSO from the gallery to your
To add Procore SSO from the gallery, perform the following steps:
4. In the search box, type Procore SSO, select Procore SSO from result panel then click Add button to add
the application.

In this section, you configure and test Azure AD single sign-on with Procore SSO based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Procore
SSO needs to be established.
To configure and test Azure AD single sign-on with Procore SSO, you need to complete the following building
blocks:
2. Configure Procore SSO Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Procore SSO test user - to have a counterpart of Britta Simon in Procore SSO that is linked to the
To configure Azure AD single sign-on with Procore SSO, perform the following steps:
1. In the Azure portal, on the Procore SSO application integration page, select Single sign-on.
dialog.
6. On the Set up Procore SSO section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Procore SSO Single Sign-On
1. To configure single sign-on on Procore SSO side, sign in to your procore company site as an administrator.
2. From the toolbox drop down, click on Admin to open the SSO settings page.
3. Paste the values in the boxes as described below -
a. In the Single Sign On Issuer URL text box, paste the value of Azure AD Identifier which you have
b. In the SAML Sign On Target URL box, paste the value of Login URL which you have copied from the
Azure portal.
c. Now open the Federation Metadata XML downloaded above from the Azure portal and copy the
certificate in the tag named X509Certificate. Paste the copied value into the Single Sign On x509
Certificate box.
4. Click on Save Changes.
5. After these settings, you needs to send the domain name (e.g contoso.com ) through which you are
logging into Procore to the Procore Support team and they will activate federated SSO for that domain.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Procore SSO.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Procore SSO.
2. In the applications list, select Procore SSO.
Create Procore SSO test user
Please follow the below steps to create a Procore test user on Procore SSO side.
1. Sign in to your procore company site as an administrator.
2. From the toolbox drop down, click on Directory to open the company directory page.
3. Click on Add a Person option to open the form and enter perform following options -
a. In the First Name textbox, type user's first name like Britta.
b. In the Last name textbox, type user's last name like Simon.
c. In the Email Address textbox, type user's email address like BrittaSimon@contoso.com.
d. Select Permission Template as Apply Permission Template Later.
e. Click Create.
4. Check and update the details for the newly added contact.
5. Click on Save and Send Invitation (if an invite through mail is required) or Save (Save directly) to
complete the user registration.
Test single sign-on

When you click the Procore SSO tile in the Access Panel, you should be automatically signed in to the Procore
Tutorial: Integrate productboard with Azure Active
Directory
In this tutorial, you'll learn how to integrate productboard with Azure Active Directory (Azure AD ). When you
integrate productboard with Azure AD, you can:
Control in Azure AD who has access to productboard.
Enable your users to be automatically signed-in to productboard with their Azure AD accounts.
Prerequisites
productboard single sign-on (SSO ) enabled subscription.
productboard supports SP and IDP initiated SSO
productboard supports Just In Time user provisioning
Adding productboard from the gallery

To configure the integration of productboard into Azure AD, you need to add productboard from the gallery to
5. In the Add from the gallery section, type productboard in the search box.
6. Select productboard from results panel and then add the app. Wait a few seconds while the app is added to
your tenant.

Configure and test Azure AD SSO with productboard using a test user called B.Simon. For SSO to work, you
need to establish a link relationship between an Azure AD user and the related user in productboard.
To configure and test Azure AD SSO with productboard, complete the following building blocks:
2. Configure productboard SSO - to configure the Single Sign-On settings on application side.
5. Create productboard test user - to have a counterpart of Britta Simon in productboard that is linked to the
1. In the Azure portal, on the productboard application integration page, find the Manage section and select
Single sign-on.
4. In the Basic SAML Configuration section, if you want to configure the application in IDP initiated mode,
https://<projectname>.productboard.com/users/auth/saml/callback
5. Click Set additional URLs and perform the following step if you want to configure the application in SP
initiated mode:
https://<projectname>.productboard.com/
NOTE
These values are not real. Update these values with the actual Reply URL and Sign-On URL. Contact productboard
Configure productboard SSO

To configure single sign-on on the productboard side, you need to send the App Federation Metadata Url to
the productboard support team. They set this setting to have the SAML SSO connection set properly on both
sides.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to productboard.
2. In the applications list, select productboard.
Create productboard test user
In this section, a user called B.Simon is created in productboard. productboard supports just-in-time user
exist in productboard, a new one is created after authentication.
Test SSO
When you click the productboard tile in the Access Panel, you should be automatically signed in to the
productboard for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Tutorial: Integrate Projectplace with Azure Active
Directory
In this tutorial, you'll learn how to integrate Projectplace with Azure Active Directory (Azure AD ). When you
integrate Projectplace with Azure AD, you can:
Control in Azure AD who has access to Projectplace.
Enable your users to be automatically signed-in to Projectplace with their Azure AD accounts.
Users can be provisioned in Projectplace automatically.
Prerequisites
Projectplace single sign-on (SSO ) enabled subscription.
In this tutorial, you configure and test Azure AD SSO in a test environment. Projectplace supports SP and IDP
Adding Projectplace from the gallery

To configure the integration of Projectplace into Azure AD, you need to add Projectplace from the gallery to your
5. In the Add from the gallery section, type Projectplace in the search box.
6. Select Projectplace from results panel and then add the app. Wait a few seconds while the app is added to
your tenant.

Configure and test Azure AD SSO with Projectplace using a test user called B. Simon. For SSO to work, you need
to establish a link relationship between an Azure AD user and the related user in Projectplace.
To configure and test Azure AD SSO with Projectplace, complete the following building blocks:
2. Configure Projectplace to configure the SSO settings on application side.
5. Create Projectplace test user to have a counterpart of B. Simon in Projectplace that is linked to the Azure AD
1. In the Azure portal, on the Projectplace application integration page, find the Manage section and select
Single sign-on.
the application is pre-configured and the necessary URLs are already pre-populated with Azure. The user
needs to save the configuration by clicking the Save button.
initiated mode:
In the Sign-on URL text box, type a URL: https://service.projectplace.com
icon to copy the App Federation Metadata Url, as per your requirement and save it in Notepad.
7. On the Set up Projectplace section, copy the appropriate URL (s) based on your requirement.
Configure Projectplace
To configure single sign-on on the Projectplace side, you need to send the copied App Federation Metadata
Url from the Azure portal to the Projectplace support team. This team ensures the SAML SSO connection is set
NOTE
The single sign-on configuration has to be performed by the Projectplace support team. You'll get a notification as soon as
the configuration is complete.

box.
d. Click Create.
In this section, you'll enable B. Simon to use Azure single sign-on by granting access to Projectplace.
2. In the applications list, select Projectplace.
Create Projectplace test user
NOTE
You can skip this step if you have provisioning enabled in Projectplace. You can ask the Projectplace support team to enable
provisoning, once done users will be created in Projectplace during the first login.
To enable Azure AD users to sign in to Projectplace, you need to add them to Projectplace. You need to add them
manually.
1. Sign in to your Projectplace company site as an admin.
2. Go to People, and then select Members:
3. Select Add Member:
4. In the Add Member section, take the following steps.

a. In the New Members box, enter the email address of a valid Azure AD account that you want to add.
b. Select Send.
An email containing a link to confirm the account before it becomes active is sent to the Azure AD account
holder.
NOTE
You can also use any other user-account creation tool or API provided by Projectplace to add Azure AD user accounts.
Test SSO
When you select the Projectplace tile in the Access Panel, you should be automatically signed in to the Projectplace
Promapp
In this tutorial, you'll learn how to integrate Promapp with Azure Active Directory (Azure AD ). This integration
You can use Azure AD to control who has access to Promapp.
You can enable your users to be automatically signed in to Promapp (single sign-on) with their Azure AD
accounts.
Directory.
Prerequisites
To configure Azure AD integration with Promapp, you need to have:
A Promapp subscription that has single sign-on enabled.
Promapp supports SP -initiated and IdP -initiated SSO.
Promapp supports just-in-time user provisioning.
Add Promapp from the gallery

To set up the integration of Promapp into Azure AD, you need to add Promapp from the gallery to your list of
managed SaaS apps.

4. In the search box, enter Promapp. Select Promapp in the search results and then select Add.

In this section, you'll configure and test Azure AD single sign-on with Promapp by using a test user named Britta
corresponding user in Promapp.
To configure and test Azure AD single sign-on with Promapp, you need to complete these steps:
2. Configure Promapp single sign-on on the application side.
To configure Azure AD single sign-on with Promapp, take these steps:
1. In the Azure portal, on the Promapp application integration page, select Single sign-on:
mode, complete the following steps.
https://go.promapp.com/TENANTNAME/
https://au.promapp.com/TENANTNAME/
https://us.promapp.com/TENANTNAME/
https://eu.promapp.com/TENANTNAME/
https://ca.promapp.com/TENANTNAME/
NOTE
Azure AD integration with Promapp is currently configured only for service-initiated authentication. (That is,
going to a Promapp URL initiates the authentication process.) But the Reply URL field is a required field.

https://<DOMAINNAME>.promapp.com/TENANTNAME/saml/authenticate.aspx
5. If you want to configure the application in SP -initiated mode, select Set additional URLs. In the Sign on
URL box, enter a URL in this pattern:
https://<DOMAINNAME>.promapp.com/TENANTNAME/saml/authenticate
NOTE
These values are placeholders. You need to use the actual identifier, reply URL, and sign-on URL. Contact the
Promapp support team to get the values. You can also refer to the patterns shown in the Basic SAML
computer:
7. In the Set up Promapp section, copy the appropriate URLs, based on your requirements:
a. Login URL.
c. Logout URL.
Configure Promapp single sign-on
1. Sign in to your Promapp company site as an admin.
2. In the menu at the top of the window, select Admin:
3. Select Configure:
4. In the Security dialog box, take the following steps.
a. Paste the Login URL that you copied from the Azure portal into the SSO -Login URL box.
b. In the SSO - Single Sign-on Mode list, select Optional. Select Save.
NOTE
Optional mode is for testing only. After you're happy with the configuration, select Required in the SSO -
Single Sign-on Mode list to force all users to authenticate with Azure AD.
c. In Notepad, open the certificate that you downloaded in the previous section. Copy the contents of
the certificate without the first line (-----BEGIN CERTIFICATE -----) or the last line (-----END
CERTIFICATE -----). Paste the certificate content into the SSO -x.509 Certificate box, and then select
Save.

d. Select Create.
In this section, you'll enable Britta Simon to use Azure single sign-on by granting her access to Promapp.
1. In the Azure portal, select Enterprise applications, select All applications, and then select Promapp.
2. In the list of applications, select Promapp.
Promapp supports just-in-time user provisioning. This feature is enabled by default. If a user doesn't already exist
in Promapp, a new one is created after authentication.
Test single sign-on
When you select the Promapp tile in the Access Panel, you should be automatically signed in to the Promapp
My Apps portal.
ProMaster (by Inlogik)
In this tutorial, you learn how to integrate ProMaster (by Inlogik) with Azure Active Directory (Azure AD ).
Integrating ProMaster (by Inlogik) with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to ProMaster (by Inlogik).
You can enable your users to be automatically signed-in to ProMaster (by Inlogik) (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with ProMaster (by Inlogik), you need the following items:
ProMaster (by Inlogik) single sign-on enabled subscription
ProMaster (by Inlogik) supports SP and IDP initiated SSO
Adding ProMaster (by Inlogik) from the gallery

To configure the integration of ProMaster (by Inlogik) into Azure AD, you need to add ProMaster (by Inlogik) from
To add ProMaster (by Inlogik) from the gallery, perform the following steps:
4. In the search box, type ProMaster (by Inlogik), select ProMaster (by Inlogik) from result panel then click

In this section, you configure and test Azure AD single sign-on with ProMaster (by Inlogik) based on a test user
in ProMaster (by Inlogik) needs to be established.
To configure and test Azure AD single sign-on with ProMaster (by Inlogik), you need to complete the following
building blocks:
2. Configure ProMaster (by Inlogik) Single Sign-On - to configure the Single Sign-On settings on application
side.
5. Create ProMaster (by Inlogik) test user - to have a counterpart of Britta Simon in ProMaster (by Inlogik)
To configure Azure AD single sign-on with ProMaster (by Inlogik), perform the following steps:
1. In the Azure portal, on the ProMaster (by Inlogik) application integration page, select Single sign-on.
dialog.
https://secure.inlogik.com/<COMPANYNAME>
https://<CUSTOMDOMAIN>/SAMLBASE
https://secure.inlogik.com/<COMPANYNAME>/saml/acs
https://<CUSTOMDOMAIN>/SAMLBASE/saml/acs
initiated mode:
https://secure.inlogik.com/<COMPANYNAME>/saml/acs
https://<CUSTOMDOMAIN>/SAMLBASE/saml/acs
NOTE
ProMaster (by Inlogik) Client support team to get these values. You can also refer to the patterns shown in the Basic
Configure ProMaster (by Inlogik) Single Sign-On

To configure single sign-on on ProMaster (by Inlogik) side, you need to send the App Federation Metadata
Url to ProMaster (by Inlogik) support team. They set this setting to have the SAML SSO connection set properly
on both sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to ProMaster (by Inlogik).
1. In the Azure portal, select Enterprise Applications, select All applications, then select ProMaster (by
Inlogik).
2. In the applications list, select ProMaster (by Inlogik).

Create ProMaster (by Inlogik) test user
In this section, you create a user called Britta Simon in ProMaster (by Inlogik). Work with ProMaster (by Inlogik)
support team to add the users in the ProMaster (by Inlogik) platform. Users must be created and activated before
Test single sign-on
When you click the ProMaster (by Inlogik) tile in the Access Panel, you should be automatically signed in to the
ProMaster (by Inlogik) for which you set up SSO. For more information about the Access Panel, see Introduction
Tutorial: Integrate ProNovos Ops Manager with
In this tutorial, you'll learn how to integrate ProNovos Ops Manager with Azure Active Directory (Azure AD ).
When you integrate ProNovos Ops Manager with Azure AD, you can:
Control in Azure AD who has access to ProNovos Ops Manager.
Enable your users to be automatically signed-in to ProNovos Ops Manager with their Azure AD accounts.
Prerequisites
ProNovos Ops Manager single sign-on (SSO ) enabled subscription.
ProNovos Ops Manager supports SP and IDP initiated SSO
Adding ProNovos Ops Manager from the gallery

To configure the integration of ProNovos Ops Manager into Azure AD, you need to add ProNovos Ops Manager
5. In the Add from the gallery section, type ProNovos Ops Manager in the search box.
6. Select ProNovos Ops Manager from results panel and then add the app. Wait a few seconds while the app is

Configure and test Azure AD SSO with ProNovos Ops Manager using a test user called B.Simon. For SSO to
work, you need to establish a link relationship between an Azure AD user and the related user in ProNovos Ops
Manager.
To configure and test Azure AD SSO with ProNovos Ops Manager, complete the following building blocks:
2. Configure ProNovos Ops Manager SSO - to configure the Single Sign-On settings on application side.
5. Create ProNovos Ops Manager test user - to have a counterpart of B.Simon in ProNovos Ops Manager that
1. In the Azure portal, on the ProNovos Ops Manager application integration page, find the Manage section
the Save button.
initiated mode:
In the Sign-on URL text box, type a URL: https://gly.smartsubz.com/saml2/acs
7. On the Set up ProNovos Ops Manager section, copy the appropriate URL (s) based on your requirement.
Configure ProNovos Ops Manager SSO
To configure single sign-on on ProNovos Ops Manager side, you need to send the downloaded Certificate
(Raw) and appropriate copied URLs from Azure portal to ProNovos Ops Manager support team. They set this
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to ProNovos Ops Manager.
2. In the applications list, select ProNovos Ops Manager.
Create ProNovos Ops Manager test user
In this section, you create a user called B.Simon in ProNovos Ops Manager. Work with ProNovos Ops Manager
support team to add the users in the ProNovos Ops Manager platform. Users must be created and activated
Test SSO
When you click the ProNovos Ops Manager tile in the Access Panel, you should be automatically signed in to the
ProNovos Ops Manager for which you set up SSO. For more information about the Access Panel, see Introduction
Proofpoint on Demand
In this tutorial, you learn how to integrate Proofpoint on Demand with Azure Active Directory (Azure AD ).
Integrating Proofpoint on Demand with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Proofpoint on Demand.
You can enable your users to be automatically signed-in to Proofpoint on Demand (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Proofpoint on Demand, you need the following items:
Proofpoint on Demand single sign-on enabled subscription
Proofpoint on Demand supports SP initiated SSO
Adding Proofpoint on Demand from the gallery

To configure the integration of Proofpoint on Demand into Azure AD, you need to add Proofpoint on Demand
To add Proofpoint on Demand from the gallery, perform the following steps:
4. In the search box, type Proofpoint on Demand, select Proofpoint on Demand from result panel then

In this section, you configure and test Azure AD single sign-on with Proofpoint on Demand based on a test user
in Proofpoint on Demand needs to be established.
To configure and test Azure AD single sign-on with Proofpoint on Demand, you need to complete the following
building blocks:
2. Configure Proofpoint on Demand Single Sign-On - to configure the Single Sign-On settings on
application side.
5. Create Proofpoint on Demand test user - to have a counterpart of Britta Simon in Proofpoint on Demand
To configure Azure AD single sign-on with Proofpoint on Demand, perform the following steps:
1. In the Azure portal, on the Proofpoint on Demand application integration page, select Single sign-on.
dialog.

https://<hostname>.pphosted.com/ppssamlsp_hostname
b. In the Identifier box, type a URL using the following pattern: https://<hostname>.pphosted.com/ppssamlsp
https://<hostname>.pphosted.com:portnumber/v1/samlauth/samlconsumer
NOTE
Proofpoint on Demand Client support team to get these values. You can also refer to the patterns shown in the Basic
6. On the Set up Proofpoint on Demand section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Proofpoint on Demand Single Sign-On
To configure single sign-on on Proofpoint on Demand side, you need to send the downloaded Certificate
(Base64) and appropriate copied URLs from Azure portal to Proofpoint on Demand support team. They set this

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Proofpoint on Demand.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Proofpoint on
Demand.
2. In the applications list, select Proofpoint on Demand.

Create Proofpoint on Demand test user
In this section, you create a user called Britta Simon in Proofpoint on Demand. Work with Proofpoint on Demand
Client support team to add users in the Proofpoint on Demand platform.
Test single sign-on
When you click the Proofpoint on Demand tile in the Access Panel, you should be automatically signed in to the
Proofpoint on Demand for which you set up SSO. For more information about the Access Panel, see Introduction
Proxyclick
In this tutorial, you'll learn how to integrate Proxyclick with Azure Active Directory (Azure AD ). This integration
You can use Azure AD to control who has access to Proxyclick.
You can enable your users to be automatically signed in to Proxyclick (single sign-on) with their Azure AD
accounts.
Directory.
Prerequisites
To configure Azure AD integration with Proxyclick, you need to have:
A Proxyclick subscription that has single sign-on enabled.
Proxyclick supports SP -initiated and IdP -initiated SSO.
Add Proxyclick from the gallery

To set up the integration of Proxyclick into Azure AD, you need to add Proxyclick from the gallery to your list of
managed SaaS apps.

4. In the search box, enter Proxyclick. Select Proxyclick in the search results and then select Add.

In this section, you'll configure and test Azure AD single sign-on with Proxyclick by using a test user named Britta
corresponding user in Proxyclick.
To configure and test Azure AD single sign-on with Proxyclick, you need to complete these steps:
2. Configure Proxyclick single sign-on on the application side.
5. Create a Proxyclick test user that's linked to the Azure AD representation of the user.
To configure Azure AD single sign-on with Proxyclick, take these steps:
1. In the Azure portal, on the Proxyclick application integration page, select Single sign-on:
mode, take the following steps.
https://saml.proxyclick.com/init/<companyId>

https://saml.proxyclick.com/consume/<companyId>
5. If you want to configure the application in SP -initiated mode, select Set additional URLs. In the Sign on
URL box, enter a URL in this pattern:
https://saml.proxyclick.com/init/<companyId>
NOTE
These values are placeholders. You need to use the actual identifier, reply URL, and sign-on URL. Steps for getting
these values are described later in this tutorial.
computer:
7. In the Set up Proxyclick section, copy the appropriate URLs, based on your requirements:
a. Login URL.
c. Logout URL.
Configure Proxyclick single sign-on
1. In a new web browser window, sign in to your Proxyclick company site as an admin.
2. Select Account & Settings:
3. Scroll down to the Integrations section and select SAML:
4. In the SAML section, take the following steps.

a. Copy the SAML Consumer URL value and paste it into the Reply URL box in the Basic SAML
b. Copy the SAML SSO Redirect URL value and paste it into the Sign on URL and Identifier boxes
in the Basic SAML Configuration dialog box in the Azure portal.
c. In the SAML Request Method list, select HTTP Redirect.
d. In the Issuer box, paste the Azure AD Identifier value that you copied from the Azure portal.
e. In the SAML 2.0 Endpoint URL box, paste the Login URL value that you copied from the Azure
portal.
f. In Notepad, open the certificate file that you downloaded from the Azure portal. Paste the contents of
this file into the Certificate box.
g. Select Save Changes.

d. Select Create.
In this section, you'll enable Britta Simon to use Azure single sign-on by granting her access to Proxyclick.
1. In the Azure portal, select Enterprise applications, select All applications, and then select Proxyclick.
2. In the list of applications, select Proxyclick.
Create a Proxyclick test user
To enable Azure AD users to sign in to Proxyclick, you need to add them to Proxyclick. You need to add them
manually.
1. Sign in to your Proxyclick company site as an admin.
2. Select Colleagues at the top of the window:
3. Select Add Colleague:
4. In the Add a colleague section, take the following steps.
a. In the Email box, enter the email address of the user. In this case, brittasimon@contoso.com.
b. In the First Name box, enter the first name of the user. In this case, Britta.
c. In the Last Name box, enter the last name of the user. In this case, Simon.
d. Select Add User.
Test single sign-on
When you select the Proxyclick tile in the Access Panel, you should be automatically signed in to the Proxyclick
My Apps portal.
integration with PureCloud by Genesys
In this tutorial, you'll learn how to integrate PureCloud by Genesys with Azure Active Directory (Azure AD ). After
you do that, you can:
Use Azure AD to control which users can access PureCloud by Genesys.
Enable your users to be automatically signed-in to PureCloud by Genesys with their Azure AD accounts.
Prerequisites
An Azure AD subscription. If you don't have one, you can get a free account.
A PureCloud by Genesys single sign-on (SSO )–enabled subscription.
PureCloud by Genesys supports SP and IDP –initiated SSO.
NOTE
Because the ID for this application is a fixed-string value, only one instance can be configured in one tenant.
Adding PureCloud by Genesys from the gallery

To configure integration of PureCloud by Genesys into Azure AD, you must add PureCloud by Genesys from the
gallery to your list of managed SaaS apps. To do this, follow these steps:
1. Sign in to the Azure portal by using a work or school account or by using a personal Microsoft account.
3. Go to Enterprise Applications and then select All Applications.
5. In the Add from the gallery section, type PureCloud by Genesys in the search box.
6. Select PureCloud by Genesys from the results panel and then add the app. Wait a few seconds while the app
Configure and test Azure AD single sign-on for PureCloud by Genesys

Configure and test Azure AD SSO with PureCloud by Genesys using a test user named B.Simon. For SSO to
work, you must establish a link relationship between an Azure AD user and the related user in PureCloud by
Genesys.
To configure and test Azure AD SSO with PureCloud by Genesys, complete the following building blocks:
2. Configure PureCloud by Genesys SSO to configure the single sign-on settings on application side.
a. Create a PureCloud by Genesys test user to have a counterpart of B.Simon in PureCloud by Genesys
that's linked to the Azure AD representation of user.

To enable Azure AD SSO in the Azure portal, follow these steps:
1. In the Azure portal, on the PureCloud by Genesys application integration page, find the Manage section
2. On the Select a Single Sign-On method page, select SAML.
3. On the Set up Single Sign-On with SAML page, select the pen icon for Basic SAML Configuration to
edit the settings.
4. In the Basic SAML Configuration section, if you want to configure the application in IDP -initiated mode,
a. In the Identifier box, enter a URL that corresponds to your region:
https://login.mypurecloud.com/saml
https://login.mypurecloud.de/saml
https://login.mypurecloud.jp/saml
https://login.mypurecloud.ie/saml
https://login.mypurecloud.au/saml
b. In the Reply URL box, enter a URL that corresponds to your region:
https://login.mypurecloud.com/saml
https://login.mypurecloud.de/saml
https://login.mypurecloud.jp/saml
https://login.mypurecloud.ie/saml
https://login.mypurecloud.com.au/saml
5. Select Set additional URLs and take the following step if you want to configure the application in SP
initiated mode:
In the Sign-on URL box, enter a URL that corresponds to your region:
https://login.mypurecloud.com
https://login.mypurecloud.de
https://login.mypurecloud.jp
https://login.mypurecloud.ie
https://login.mypurecloud.com.au
6. PureCloud by Genesys application expects the SAML assertions in a specific format, which requires you to
shows the list of default attributes:
7. Additionally, PureCloud by Genesys application expects a few more attributes to be passed back in the
SAML response, as shown in the following table. These attributes are also pre-populated, but you can
review them as needed.
Email user.userprinicipalname
OrganizationName Your organization name
9. In the Set up PureCloud by Genesys section, copy the appropriate URL (or URLs), based on your
requirements.

In this section, you'll create a test user named B.Simon in the Azure portal:
1. In the left pane of the Azure portal, select Azure Active Directory, select Users, and then select All users.
b. In the User name field, enter the user name in the following format:
username@companydomain.extension. For example: B.Simon@contoso.com .
c. Select the Show password check box, and then make note of the value that's displayed in the Password
box.
d. Select Create.
In this section, you'll set up B.Simon to use Azure single sign-on by granting access to PureCloud by Genesys.
2. In the applications list, select PureCloud by Genesys.
5. In the Users and groups dialog box, select B.Simon from the Users list, and then choose the Select button
appropriate role for the user from the list, and then choose the Select button at the bottom of the screen.
Configure PureCloud by Genesys SSO

1. In a different web browser window, sign in to PureCloud by Genesys as an administrator.
2. Select Admin at the top and then go to Single Sign-on under Integrations.
3. Switch to the ADFS/Azure AD (Premium ) tab, and then follow these steps:
a. Select Browse to upload the base-64 encoded certificate that you downloaded from the Azure portal into
the ADFS Certificate.
b. In the ADFS Issuer URI box, paste the value of Azure AD Identifier that you copied from the Azure
portal.
c. In the Target URI box, paste the value of Login URL that you copied from the Azure portal.
d. For the Relying Party Identifier value, go to the Azure portal, and then on the PureCloud by Genesys
application integration page, select the Properties tab and copy the Application ID value. Paste it into the
Relying Party Identifier box.
e. Select Save.
Create PureCloud by Genesys test user
To enable Azure AD users to sign in to PureCloud by Genesys, they must be provisioned into PureCloud by
Genesys. In PureCloud by Genesys, provisioning is a manual task.
To provision a user account, follow these steps:
1. Log in to PureCloud by Genesys as an administrator.
2. Select Admin at the top and go to People under People & Permissions.
3. On the People page, select Add Person.
4. In the Add People to the Organization dialog box, follow these steps:
a. In the Full Name box, enter the name of a user. For example: B.simon.
b. In the Email box, enter the email of the user. For example: b.simon@contoso.com.
c. Select Create.
Test SSO
When you select the PureCloud by Genesys tile in the Access Panel, you should be automatically signed in to the
PureCloud by Genesys account that you set up SSO for. For more information about the Access Panel, see
List of tutorials about how to integrate SaaS apps with Azure AD
What is application access and single sign-on with Azure AD?
What is conditional access in Azure AD?
Try PureCloud by Genesys with Azure AD
integration with PurelyHR
In this tutorial, you'll learn how to integrate PurelyHR with Azure Active Directory (Azure AD ). When you integrate
PurelyHR with Azure AD, you can:
Control in Azure AD who has access to PurelyHR.
Enable your users to be automatically signed-in to PurelyHR with their Azure AD accounts.
Prerequisites
PurelyHR single sign-on (SSO ) enabled subscription.
PurelyHR supports SP and IDP initiated SSO
PurelyHR supports Just In Time user provisioning
Adding PurelyHR from the gallery

To configure the integration of PurelyHR into Azure AD, you need to add PurelyHR from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type PurelyHR in the search box.
6. Select PurelyHR from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for PurelyHR

Configure and test Azure AD SSO with PurelyHR using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in PurelyHR.
To configure and test Azure AD SSO with PurelyHR, complete the following building blocks:
2. Configure PurelyHR SSO - to configure the single sign-on settings on application side.
Create PurelyHR test user - to have a counterpart of B.Simon in PurelyHR that is linked to the Azure

1. In the Azure portal, on the PurelyHR application integration page, find the Manage section and select
single sign-on.
edit the settings.
https://<companyID>.purelyhr.com/sso-consume
initiated mode:
https://<companyID>.purelyhr.com/sso-initiate
NOTE
These values are not real. Update these values with the actual Reply URL and Sign-On URL. Contact PurelyHR Client
7. On the Set up PurelyHR section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to PurelyHR.
2. In the applications list, select PurelyHR.
Configure PurelyHR SSO

1. To automate the configuration within PurelyHR, you need to install My Apps Secure Sign-in browser
2. After adding extension to the browser, click on Set up PurelyHR will direct you to the PurelyHR
application. From there, provide the admin credentials to sign into PurelyHR. The browser extension will
3. If you want to set up PurelyHR manually, open a new web browser window and sign in to your PurelyHR
4. Open the Dashboard from the options in the toolbar and click SSO Settings.
5. Paste the values in the boxes as described below -
a. Open the Certificate(Bas64) downloaded from the Azure portal in notepad and copy the certificate
value. Paste the copied value into the X.509 Certificate box.
b. In the Idp Issuer URL box, paste the Azure AD Identifier copied from the Azure portal.
c. In the Idp Endpoint URL box, paste the Login URL copied from the Azure portal.
d. Check the Auto-Create Users checkbox to enable automatic user provisioning in PurelyHR.
e. Click Save Changes to save the settings.
Create PurelyHR test user
This step is usually not required as the application supports just in time user provisioning. If the automatic user
provisioning is not enabled then manual user creation can be done as described below.
Sign into your Velpic SAML company site as an administrator and perform following steps:
1. Click on Manage tab and go to Users section, then click on New button to add users.
2. On the “Create New User” dialog page, perform the following steps.
a. In the First Name textbox, type the first name of B.

b. In the Last Name textbox, type the last name of Simon.
c. In the User Name textbox, type the user name of B.Simon.
d. In the Email textbox, type the email address of B.Simon@contoso.com account.
e. Rest of the information is optional, you can fill it if needed.
f. Click SAVE.
Test SSO
When you click the PurelyHR tile in the Access Panel, you should be automatically signed in to the PurelyHR for
Try PurelyHR with Azure AD
Tutorial: Integrate Qlik Sense Enterprise with Azure
Active Directory
In this tutorial, you'll learn how to integrate Qlik Sense Enterprise with Azure Active Directory (Azure AD ). When
you integrate Qlik Sense Enterprise with Azure AD, you can:
Control in Azure AD who has access to Qlik Sense Enterprise.
Enable your users to be automatically signed-in to Qlik Sense Enterprise with their Azure AD accounts.
Prerequisites
Qlik Sense Enterprise single sign-on (SSO ) enabled subscription.
In this tutorial, you configure and test Azure AD SSO in a test environment. Qlik Sense Enterprise supports SP
initiated SSO.
Adding Qlik Sense Enterprise from the gallery

To configure the integration of Qlik Sense Enterprise into Azure AD, you need to add Qlik Sense Enterprise from
5. In the Add from the gallery section, type Qlik Sense Enterprise in the search box.
6. Select Qlik Sense Enterprise from results panel and then add the app. Wait a few seconds while the app is

Configure and test Azure AD SSO with Qlik Sense Enterprise using a test user called Britta Simon. For SSO to
work, you need to establish a link relationship between an Azure AD user and the related user in Qlik Sense
Enterprise.
To configure and test Azure AD SSO with Qlik Sense Enterprise, complete the following building blocks:
2. Configure Qlik Sense Enterprise SSO - to configure the Single Sign-On settings on application side.
5. Create Qlik Sense Enterprise test user - to have a counterpart of Britta Simon in Qlik Sense Enterprise that is
1. In the Azure portal, on the Qlik Sense Enterprise application integration page, find the Manage section
https://<Fully Qualified Domain Name>:443{/virtualproxyprefix}/hub
https://<Fully Qualified Domain Name>.qlikpoc.com
https://<Fully Qualified Domain Name>.qliksense.com
https://<Fully Qualified Domain Name>:443{/virtualproxyprefix}/samlauthn/
NOTE
These values are not real. Update these values with the actual Sign-On URL, Identifier, and Reply URL, Which are
explained later in this tutorial or contact Qlik Sense Enterprise Client support team to get these values. The default
port for the URLs is 443 but you can customize it per your Organization need.
Federation Metadata XML from the given options as per your requirement and save it on your computer.
Configure Qlik Sense Enterprise SSO
1. Prepare the Federation Metadata XML file so that you can upload that to Qlik Sense server.
NOTE
Before uploading the IdP metadata to the Qlik Sense server, the file needs to be edited to remove information to
ensure proper operation between Azure AD and Qlik Sense server.
a. Open the FederationMetaData.xml file, which you have downloaded from Azure portal in a text editor.
b. Search for the value RoleDescriptor. There are four entries (two pairs of opening and closing element
tags).
c. Delete the RoleDescriptor tags and all information in between from the file.
d. Save the file and keep it nearby for use later in this document.
2. Navigate to the Qlik Sense Qlik Management Console (QMC ) as a user who can create virtual proxy
configurations.
3. In the QMC, click on the Virtual Proxies menu item.
4. At the bottom of the screen, click the Create new button.
5. The Virtual proxy edit screen appears. On the right side of the screen is a menu for making configuration
options visible.
6. With the Identification menu option checked, enter the identifying information for the Azure virtual proxy
configuration.
a. The Description field is a friendly name for the virtual proxy configuration. Enter a value for a
description.
b. The Prefix field identifies the virtual proxy endpoint for connecting to Qlik Sense with Azure AD Single
Sign-On. Enter a unique prefix name for this virtual proxy.
c. Session inactivity timeout (minutes) is the timeout for connections through this virtual proxy.
d. The Session cookie header name is the cookie name storing the session identifier for the Qlik Sense
session a user receives after successful authentication. This name must be unique.
7. Click on the Authentication menu option to make it visible. The Authentication screen appears.
a. The Anonymous access mode drop down determines if anonymous users may access Qlik Sense
through the virtual proxy. The default option is No anonymous user.
b. The Authentication method drop-down determines the authentication scheme the virtual proxy will
use. Select SAML from the drop-down list. More options appear as a result.
c. In the SAML host URI field, input the hostname users enter to access Qlik Sense through this SAML
virtual proxy. The hostname is the uri of the Qlik Sense server.
d. In the SAML entity ID, enter the same value entered for the SAML host URI field.
e. The SAML IdP metadata is the file edited earlier in the Edit Federation Metadata from Azure AD
Configuration section. Before uploading the IdP metadata, the file needs to be edited to remove
information to ensure proper operation between Azure AD and Qlik Sense server. Please refer to the
instructions above if the file has yet to be edited. If the file has been edited click on the Browse button
and select the edited metadata file to upload it to the virtual proxy configuration.
f. Enter the attribute name or schema reference for the SAML attribute representing the UserID Azure AD
sends to the Qlik Sense server. Schema reference information is available in the Azure app screens post
configuration. To use the name attribute, enter http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name .
g. Enter the value for the user directory that will be attached to users when they authenticate to Qlik Sense
server through Azure AD. Hardcoded values must be surrounded by square brackets []. To use an attribute
sent in the Azure AD SAML assertion, enter the name of the attribute in this text box without square
brackets.
h. The SAML signing algorithm sets the service provider (in this case Qlik Sense server) certificate signing
for the virtual proxy configuration. If Qlik Sense server uses a trusted certificate generated using Microsoft
Enhanced RSA and AES Cryptographic Provider, change the SAML signing algorithm to SHA -256.
i. The SAML attribute mapping section allows for additional attributes like groups to be sent to Qlik Sense
for use in security rules.
8. Click on the LOAD BALANCING menu option to make it visible. The Load Balancing screen appears.
9. Click on the Add new server node button, select engine node or nodes Qlik Sense will send sessions to for
load balancing purposes, and click the Add button.
10. Click on the Advanced menu option to make it visible. The Advanced screen appears.
The Host allow list identifies hostnames that are accepted when connecting to the Qlik Sense server. Enter
the hostname users will specify when connecting to Qlik Sense server. The hostname is the same
value as the SAML host uri without the https://.
11. Click the Apply button.
12. Click OK to accept the warning message that states proxies linked to the virtual proxy will be restarted.
13. On the right side of the screen, the Associated items menu appears. Click on the Proxies menu option.
14. The proxy screen appears. Click the Link button at the bottom to link a proxy to the virtual proxy.
15. Select the proxy node that will support this virtual proxy connection and click the Link button. After linking,
the proxy will be listed under associated proxies.
16. After about five to ten seconds, the Refresh QMC message will appear. Click the Refresh QMC button.
17. When the QMC refreshes, click on the Virtual proxies menu item. The new SAML virtual proxy entry is
listed in the table on the screen. Single click on the virtual proxy entry.
18. At the bottom of the screen, the Download SP metadata button will activate. Click the Download SP
metadata button to save the metadata to a file.
19. Open the sp metadata file. Observe the entityID entry and the AssertionConsumerService entry. These
values are equivalent to the Identifier, Sign on URL and the Reply URL in the Azure AD application
configuration. Paste these values in the Qlik Sense Enterprise Domain and URLs section in the Azure AD
application configuration if they are not matching, then you should replace them in the Azure AD App
configuration wizard.

box.
d. Click Create.
In this section, you'll enable Britta Simon to use Azure single sign-on by granting access to Qlik Sense Enterprise.
2. In the applications list, select Qlik Sense Enterprise.
Create Qlik Sense Enterprise test user
In this section, you create a user called Britta Simon in Qlik Sense Enterprise. Work with Qlik Sense Enterprise
support team to add the users in the Qlik Sense Enterprise platform. Users must be created and activated before
Test SSO
When you select the Qlik Sense Enterprise tile in the Access Panel, you should be automatically signed in to the
Qlik Sense Enterprise for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
integration with Qmarkets Idea & Innovation
Management
In this tutorial, you'll learn how to integrate Qmarkets Idea & Innovation Management with Azure Active Directory
(Azure AD ). When you integrate Qmarkets Idea & Innovation Management with Azure AD, you can:
Control in Azure AD who has access to Qmarkets Idea & Innovation Management.
Enable your users to be automatically signed-in to Qmarkets Idea & Innovation Management with their Azure
AD accounts.
Prerequisites
Qmarkets Idea & Innovation Management single sign-on (SSO ) enabled subscription.
Qmarkets Idea & Innovation Management supports SP and IDP initiated SSO
Qmarkets Idea & Innovation Management supports Just In Time user provisioning
Adding Qmarkets Idea & Innovation Management from the gallery

To configure the integration of Qmarkets Idea & Innovation Management into Azure AD, you need to add
Qmarkets Idea & Innovation Management from the gallery to your list of managed SaaS apps.
5. In the Add from the gallery section, type Qmarkets Idea & Innovation Management in the search box.
6. Select Qmarkets Idea & Innovation Management from results panel and then add the app. Wait a few
Configure and test Azure AD single sign-on for Qmarkets Idea &
Innovation Management
Configure and test Azure AD SSO with Qmarkets Idea & Innovation Management using a test user called
B.Simon. For SSO to work, you need to establish a link relationship between an Azure AD user and the related
user in Qmarkets Idea & Innovation Management.
To configure and test Azure AD SSO with Qmarkets Idea & Innovation Management, complete the following
building blocks:
2. Configure Qmarkets Idea & Innovation Management SSO - to configure the single sign-on settings on
application side.
a. Create Qmarkets Idea & Innovation Management test user - to have a counterpart of B.Simon in
Qmarkets Idea & Innovation Management that is linked to the Azure AD representation of user.

1. In the Azure portal, on the Qmarkets Idea & Innovation Management application integration page, find
edit the settings.
https://<app_url>/sso/saml2/metadata/qmarkets_sp_<endpoint_id>
https://<app_url>/sso/saml2/acs/qmarkets_sp_<endpoint_id>
initiated mode:
https://<app_url>/sso/saml2/endpoint/qmarkets_sp_<endpoint_id>
NOTE
Qmarkets Idea & Innovation Management Client support team to get these values. You can also refer to the patterns

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Qmarkets Idea &
Innovation Management.
2. In the applications list, select Qmarkets Idea & Innovation Management.
Configure Qmarkets Idea & Innovation Management SSO

To configure single sign-on on Qmarkets Idea & Innovation Management side, you need to send the App
Federation Metadata Url to Qmarkets Idea & Innovation Management support team. They set this setting to
Create Qmarkets Idea & Innovation Management test user
In this section, a user called Britta Simon is created in Qmarkets Idea & Innovation Management. Qmarkets Idea &
Innovation Management supports just-in-time user provisioning, which is enabled by default. There is no action
item for you in this section. If a user doesn't already exist in Qmarkets Idea & Innovation Management, a new one
Test SSO
When you click the Qmarkets Idea & Innovation Management tile in the Access Panel, you should be automatically
signed in to the Qmarkets Idea & Innovation Management for which you set up SSO. For more information about
Try Qmarkets Idea & Innovation Management with Azure AD
QPrism
In this tutorial, you learn how to integrate QPrism with Azure Active Directory (Azure AD ). Integrating QPrism
You can control in Azure AD who has access to QPrism.
You can enable your users to be automatically signed-in to QPrism (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with QPrism, you need the following items:
QPrism single sign-on enabled subscription
QPrism supports SP initiated SSO
Adding QPrism from the gallery

To configure the integration of QPrism into Azure AD, you need to add QPrism from the gallery to your list of
managed SaaS apps.
To add QPrism from the gallery, perform the following steps:
4. In the search box, type QPrism, select QPrism from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with QPrism based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in QPrism
To configure and test Azure AD single sign-on with QPrism, you need to complete the following building blocks:
2. Configure QPrism Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create QPrism test user - to have a counterpart of Britta Simon in QPrism that is linked to the Azure AD
To configure Azure AD single sign-on with QPrism, perform the following steps:
1. In the Azure portal, on the QPrism application integration page, select Single sign-on.
dialog.

https://<customer domain>.qmyzone.com/login
https://<customer domain>.qmyzone.com/metadata.php
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact QPrism Client
Configure QPrism Single Sign-On

To configure single sign-on on QPrism side, you need to send the App Federation Metadata Url to QPrism

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to QPrism.
1. In the Azure portal, select Enterprise Applications, select All applications, then select QPrism.
2. In the applications list, select QPrism.
Create QPrism test user
In this section, you create a user called Britta Simon in QPrism. Work with QPrism support team to add the users
in the QPrism platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the QPrism tile in the Access Panel, you should be automatically signed in to the QPrism for which
Qualtrics
In this tutorial, you learn how to integrate Qualtrics with Azure Active Directory (Azure AD ). Integrating Qualtrics
You can control in Azure AD who has access to Qualtrics.
You can enable your users to be automatically signed-in to Qualtrics (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Qualtrics, you need the following items:
Qualtrics single sign-on enabled subscription
Qualtrics supports SP initiated SSO
Qualtrics supports Just In Time user provisioning
Adding Qualtrics from the gallery

To configure the integration of Qualtrics into Azure AD, you need to add Qualtrics from the gallery to your list of
managed SaaS apps.
To add Qualtrics from the gallery, perform the following steps:
4. In the search box, type Qualtrics, select Qualtrics from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Qualtrics based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Qualtrics
To configure and test Azure AD single sign-on with Qualtrics, you need to complete the following building blocks:
2. Configure Qualtrics Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Qualtrics test user - to have a counterpart of Britta Simon in Qualtrics that is linked to the Azure AD
To configure Azure AD single sign-on with Qualtrics, perform the following steps:
1. In the Azure portal, on the Qualtrics application integration page, select Single sign-on.
dialog.

https://<companyname>.qualtrics.com
https://<companyname>.qualtrics.com/WRSAML/simplesaml/www/module.php/saml/sp/metadata.php/default-sp
https://<companyname>.co1.qualtrics.com/WRSAML/simplesaml/www/module.php/saml/sp/metadata.php/default-sp
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Qualtrics Client
6. On the Set up Qualtrics section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Qualtrics Single Sign-On
To configure single sign-on on Qualtrics side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to Qualtrics support team. They set this setting to have the SAML

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Qualtrics.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Qualtrics.
2. In the applications list, select Qualtrics.

Create Qualtrics test user
In this section, a user called Britta Simon is created in Qualtrics. Qualtrics supports just-in-time user provisioning,
Qualtrics, a new one is created after authentication.
Test single sign-on
When you click the Qualtrics tile in the Access Panel, you should be automatically signed in to the Qualtrics for
Quantum Workplace
In this tutorial, you learn how to integrate Quantum Workplace with Azure Active Directory (Azure AD ). Integrating
Quantum Workplace with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Quantum Workplace.
You can enable your users to be automatically signed-in to Quantum Workplace (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Quantum Workplace, you need the following items:
Quantum Workplace single sign-on enabled subscription
Quantum Workplace supports SP and IDP initiated SSO
Adding Quantum Workplace from the gallery

To configure the integration of Quantum Workplace into Azure AD, you need to add Quantum Workplace from the
To add Quantum Workplace from the gallery, perform the following steps:
4. In the search box, type Quantum Workplace, select Quantum Workplace from result panel then click

In this section, you configure and test Azure AD single sign-on with Quantum Workplace based on a test user
in Quantum Workplace needs to be established.
To configure and test Azure AD single sign-on with Quantum Workplace, you need to complete the following
building blocks:
2. Configure Quantum Workplace Single Sign-On - to configure the Single Sign-On settings on application
side.
5. Create Quantum Workplace test user - to have a counterpart of Britta Simon in Quantum Workplace that is
To configure Azure AD single sign-on with Quantum Workplace, perform the following steps:
1. In the Azure portal, on the Quantum Workplace application integration page, select Single sign-on.
dialog.
initiated mode:
In the Sign-on URL text box, type a URL: https://auth.quantumworkplace.com/Account/Login
Configure Quantum Workplace Single Sign-On

To configure single sign-on on Quantum Workplace side, you need to send the App Federation Metadata Url
to Quantum Workplace support team. They set this setting to have the SAML SSO connection set properly on
both sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Quantum Workplace.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Quantum
Workplace.
2. In the applications list, select Quantum Workplace.

Create Quantum Workplace test user
In this section, you create a user called Britta Simon in Quantum Workplace. Work with Quantum Workplace
support team to add the users in the Quantum Workplace platform. Users must be created and activated before
Test single sign-on
When you click the Quantum Workplace tile in the Access Panel, you should be automatically signed in to the
Quantum Workplace for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
Questetra BPM Suite
In this tutorial, you learn how to integrate Questetra BPM Suite with Azure Active Directory (Azure AD ).
Integrating Questetra BPM Suite with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Questetra BPM Suite.
You can enable your users to be automatically signed-in to Questetra BPM Suite (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Questetra BPM Suite, you need the following items:
Questetra BPM Suite single sign-on enabled subscription
Questetra BPM Suite supports SP initiated SSO
Adding Questetra BPM Suite from the gallery

To configure the integration of Questetra BPM Suite into Azure AD, you need to add Questetra BPM Suite from
To add Questetra BPM Suite from the gallery, perform the following steps:
4. In the search box, type Questetra BPM Suite, select Questetra BPM Suite from result panel then click

In this section, you configure and test Azure AD single sign-on with Questetra BPM Suite based on a test user
in Questetra BPM Suite needs to be established.
To configure and test Azure AD single sign-on with Questetra BPM Suite, you need to complete the following
building blocks:
2. Configure Questetra BPM Suite Single Sign-On - to configure the Single Sign-On settings on application
side.
5. Create Questetra BPM Suite test user - to have a counterpart of Britta Simon in Questetra BPM Suite that is
To configure Azure AD single sign-on with Questetra BPM Suite, perform the following steps:
1. In the Azure portal, on the Questetra BPM Suite application integration page, select Single sign-on.
dialog.

https://<subdomain>.questetra.net/saml/SSO/alias/bpm
https://<subdomain>.questetra.net/
NOTE
These values are not real. Update these values with the actual Sign-On URL and Identifier. You can get these values
from SP Information section on your Questetra BPM Suite company site, which is explained later in the tutorial or
contact Questetra BPM Suite Client support team. You can also refer to the patterns shown in the Basic SAML
6. On the Set up Questetra BPM Suite section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Questetra BPM Suite Single Sign-On
1. In a different web browser window, Sign in to your Questetra BPM Suite company site as an
administrator.
2. In the menu on the top, click System Settings.
3. To open the SingleSignOnSAML page, click SSO (SAML ).
4. On your Questetra BPM Suite company site, in the SP Information section, perform the following steps:
a. Copy the ACS URL, and then paste it into the Sign On URL textbox in the Basic SAML Configuration
section from Azure portal.
b. Copy the Entity ID, and then paste it into the Identifier textbox in the Basic SAML Configuration
section from Azure portal.
5. On your Questetra BPM Suite company site, perform the following steps:
a. Select Enable Single Sign-On.
b. In Entity ID textbox, paste the value of Azure AD Identifier which you have copied from Azure portal.
c. In Sign-in page URL textbox, paste the value of Login URL which you have copied from Azure portal.
d. In Sign-out page URL textbox, paste the value of Logout URL which you have copied from Azure
portal.
e. In the NameID format textbox, type urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress .
f. Open your Base-64 encoded certificate in notepad downloaded from Azure portal, copy the content of it
into your clipboard, and then paste it into the Validation certificate textbox.
g. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Questetra BPM Suite.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Questetra BPM
Suite.
2. In the applications list, select Questetra BPM Suite.

Create Questetra BPM Suite test user
The objective of this section is to create a user called Britta Simon in Questetra BPM Suite.
To create a user called Britta Simon in Questetra BPM Suite, perform the following steps:
1. Sign in to your Questetra BPM Suite company site as an administrator.
2. Go to System Settings > User List > New User.
3. On the New User dialog, perform the following steps:
a. In the Name textbox, type name of the user britta.simon@contoso.com.
b. In the Email textbox, type email of the user britta.simon@contoso.com.
c. In the Password textbox, type a password of the user.
d. Click Add new user.
Test single sign-on
When you click the Questetra BPM Suite tile in the Access Panel, you should be automatically signed in to the
Questetra BPM Suite for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
QuickHelp
In this tutorial, you learn how to integrate QuickHelp with Azure Active Directory (Azure AD ). Integrating
QuickHelp with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to QuickHelp.
You can enable your users to be automatically signed-in to QuickHelp (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with QuickHelp, you need the following items:
QuickHelp single sign-on enabled subscription
QuickHelp supports SP initiated SSO
QuickHelp supports Just In Time user provisioning
Adding QuickHelp from the gallery

To configure the integration of QuickHelp into Azure AD, you need to add QuickHelp from the gallery to your list
To add QuickHelp from the gallery, perform the following steps:
4. In the search box, type QuickHelp, select QuickHelp from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with QuickHelp based on a test user called Britta
QuickHelp needs to be established.
To configure and test Azure AD single sign-on with QuickHelp, you need to complete the following building blocks:
2. Configure QuickHelp Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create QuickHelp test user - to have a counterpart of Britta Simon in QuickHelp that is linked to the Azure
To configure Azure AD single sign-on with QuickHelp, perform the following steps:
1. In the Azure portal, on the QuickHelp application integration page, select Single sign-on.
dialog.

a. In the Sign on URL text box, type a URL using the following pattern: https://quickhelp.com/<ROUTEURL>
b. In the Identifier (Entity ID ) text box, type a URL: https://auth.quickhelp.com
NOTE
The Sign-on URL value is not real. Update the value with the actual Sign-On URL. Contact your organization’s
QuickHelp administrator or your BrainStorm Client Success Manager to get the value. You can also refer to the
patterns shown in the Basic SAML Configuration section in the Azure portal.
6. On the Set up QuickHelp section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure QuickHelp Single Sign-On
1. Sign in to your QuickHelp company site as administrator.
3. In the QuickHelp Admin menu, click Settings.
4. Click Authentication Settings.

5. On the Authentication Settings page, perform the following steps
a. As SSO Type, select WSFederation.
b. To upload your downloaded Azure metadata file, click Browse, navigate to the file, end then click Upload
Metadata.
c. In the Email textbox, type http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress .
d. In the First Name textbox, type http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname .
e. In the Last Name textbox, type http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname .
f. In the Action Bar, click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to QuickHelp.
1. In the Azure portal, select Enterprise Applications, select All applications, then select QuickHelp.
2. In the applications list, select QuickHelp.
Create QuickHelp test user
In this section, a user called Britta Simon is created in QuickHelp. QuickHelp supports just-in-time user
exist in QuickHelp, a new one is created after authentication.
Test single sign-on
When you click the QuickHelp tile in the Access Panel, you should be automatically signed in to the QuickHelp for
Qumu Cloud
In this tutorial, you learn how to integrate Qumu Cloud with Azure Active Directory (Azure AD ). Integrating Qumu
You can control in Azure AD who has access to Qumu Cloud.
You can enable your users to be automatically signed-in to Qumu Cloud (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Qumu Cloud, you need the following items:
Qumu Cloud single sign-on enabled subscription
Qumu Cloud supports SP and IDP initiated SSO
Qumu Cloud supports Just In Time user provisioning
Adding Qumu Cloud from the gallery

To configure the integration of Qumu Cloud into Azure AD, you need to add Qumu Cloud from the gallery to your
To add Qumu Cloud from the gallery, perform the following steps:
4. In the search box, type Qumu Cloud, select Qumu Cloud from result panel then click Add button to add
the application.

In this section, you configure and test Azure AD single sign-on with Qumu Cloud based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Qumu
To configure and test Azure AD single sign-on with Qumu Cloud, you need to complete the following building
blocks:
2. Configure Qumu Cloud Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Qumu Cloud test user - to have a counterpart of Britta Simon in Qumu Cloud that is linked to the
To configure Azure AD single sign-on with Qumu Cloud, perform the following steps:
1. In the Azure portal, on the Qumu Cloud application integration page, select Single sign-on.
dialog.
https://<subdomain>.qumucloud.com/saml/SSO
https://<subdomain>.qumucloud.com/saml/SSO
initiated mode:
In the Sign-on URL text box, type a URL using the following pattern: https://<subdomain>.qumucloud.com
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact Qumu
Cloud Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
6. Qumu Cloud application expects the SAML assertions in a specific format, which requires you to add
7. In addition to above, Qumu Cloud application expects few more attributes to be passed back in SAML
urn:oid:0.9.2342.19200300.100.1.3 user.mail
urn:oid:0.9.2342.19200300.100.1.1 user.userprincipalname
f. Click Save.
9. On the Set up Qumu Cloud section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Qumu Cloud Single Sign-On
To configure single sign-on on Qumu Cloud side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to Qumu Cloud support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Qumu Cloud.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Qumu Cloud.
2. In the applications list, select Qumu Cloud.

Create Qumu Cloud test user
In this section, a user called Britta Simon is created in Qumu Cloud. Qumu Cloud supports just-in-time user
exist in Qumu Cloud, a new one is created after authentication.
NOTE
If you need to create a user manually, contact Qumu Cloud Client support team.
Test single sign-on
When you click the Qumu Cloud tile in the Access Panel, you should be automatically signed in to the Qumu Cloud
Rackspace SSO
In this tutorial, you learn how to integrate Rackspace SSO with Azure Active Directory (Azure AD ). Integrating
Rackspace SSO with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Rackspace SSO.
You can enable your users to be automatically signed-in to Rackspace SSO (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Rackspace SSO, you need the following items:
Rackspace SSO single sign-on enabled subscription
Rackspace SSO supports SP initiated SSO
Adding Rackspace SSO from the gallery

To configure the integration of Rackspace SSO into Azure AD, you need to add Rackspace SSO from the gallery to
To add Rackspace SSO from the gallery, perform the following steps:
4. In the search box, type Rackspace SSO, select Rackspace SSO from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with Rackspace SSO based on a test user called
Britta Simon. When using single sign-on with Rackspace, the Rackspace users will be automatically created the
first time they sign in to the Rackspace portal.
To configure and test Azure AD single sign-on with Rackspace SSO, you need to complete the following building
blocks:
2. Configure Rackspace SSO Single Sign-On - to configure the Single Sign-On settings on application side.
5. Set up Attribute Mapping in the Rackspace Control Panel - to assign Rackspace roles to Azure AD users.
To configure Azure AD single sign-on with Rackspace SSO, perform the following steps:
1. In the Azure portal, on the Rackspace SSO application integration page, select Single sign-on.
dialog.
4. On the Basic SAML Configuration section, Upload the Service Provider metadata file which you can
download from the URL and perform the following steps:
c. Once the metadata file is successfully uploaded, the necessary urls get auto populated automatically.
d. In the Sign-on URL text box, type a URL: https://login.rackspace.com/federate/
This file will be uploaded to Rackspace to populate required Identity Federation configuration settings.
Configure Rackspace SSO Single Sign-On
To configure single sign-on on Rackspace SSO side:
1. See the documentation at Add an Identity Provider to the Control Panel
2. It will lead you through the steps to:
a. Create a new Identity Provider
b. Specify an email domain that users will use to identify your company when signing in.
c. Upload the Federation Metadata XML previously downloaded from the Azure control panel.
This will correctly configure the basic SSO settings needed for Azure and Rackspace to connect.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Rackspace SSO.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Rackspace SSO.
2. In the applications list, select Rackspace SSO.
Set up Attribute Mapping in the Rackspace control panel
Rackspace uses an Attribute Mapping Policy to assign Rackspace roles and groups to your single sign-on users.
The Attribute Mapping Policy translates Azure AD SAML claims into the user configuration fields Rackspace
requires. More documentation can be found in the Rackspace Attribute Mapping Basics documentation. Some
considerations:
If you want to assign varying levels of Rackspace access using Azure AD groups, you will need to enable the
Groups claim in the Azure Rackspace SSO Single Sign-on settings. The Attribute Mapping Policy will
then be used to match those groups to desired Rackspace roles and groups:
By default, Azure AD sends the UID of Azure AD Groups in the SAML claim, versus the name of the Group.
However, if you are synchronizing your on-premises Active Directory to Azure AD, you have the option to
send the actual names of the groups:
The following example Attribute Mapping Policy demonstrates:
1. Setting the Rackspace user's name to the user.name SAML claim. Any claim can be used, but it is most
common to set this to a field containing the user's email address.
2. Setting the Rackspace roles admin and billing:admin on a user by matching an Azure AD Group, by either
Group Name or Group UID. A substitution of "{0}" in the roles field is used, and will be replaced by the
results of the remote rule expressions.
3. Using the "{D}" default substitution to let Rackspace retrieve additional SAML fields by looking for standard
and well-known SAML claims in the SAML exchange.
---
mapping:
rules:
- local:
user:
domain: "{D}"
name: "{At(http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name)}"
email: "{D}"
roles:
- "{0}"
expire: "{D}"
remote:
- path: |
(
if (mapping:get-
attributes('http://schemas.microsoft.com/ws/2008/06/identity/claims/groups')='7269f9a2-aabb-9393-8e6d-
282e0f945985') then ('admin', 'billing:admin') else (),
if (mapping:get-
attributes('http://schemas.microsoft.com/ws/2008/06/identity/claims/groups')='MyAzureGroup') then ('admin',
'billing:admin') else ()
)
multiValue: true
version: RAX-1
TIP
Ensure that you use a text editor that validates YAML syntax when editing your policy file.
See the Rackspace Attribute Mapping Basics documentation for more examples.
Test single sign-on
When you click the Rackspace SSO tile in the Access Panel, you should be automatically signed in to the Rackspace
You can also use the Validate button in the Rackspace SSO Single sign-on settings:
Tutorial: Azure Active Directory integration with Rally
Software
In this tutorial, you learn how to integrate Rally Software with Azure Active Directory (Azure AD ). Integrating Rally
Software with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Rally Software.
You can enable your users to be automatically signed-in to Rally Software (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Rally Software, you need the following items:
Rally Software single sign-on enabled subscription
Rally Software supports SP initiated SSO
Adding Rally Software from the gallery

To configure the integration of Rally Software into Azure AD, you need to add Rally Software from the gallery to
To add Rally Software from the gallery, perform the following steps:
4. In the search box, type Rally Software, select Rally Software from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with Rally Software based on a test user called
Rally Software needs to be established.
To configure and test Azure AD single sign-on with Rally Software, you need to complete the following building
blocks:
2. Configure Rally Software Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Rally Software test user - to have a counterpart of Britta Simon in Rally Software that is linked to the
To configure Azure AD single sign-on with Rally Software, perform the following steps:
1. In the Azure portal, on the Rally Software application integration page, select Single sign-on.
dialog.

a. In the Sign on URL text box, type a URL using the following pattern: https://<tenant-name>.rally.com
https://<tenant-name>.rally.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Rally Software
6. On the Set up Rally Software section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Rally Software Single Sign-On
1. Sign in to your Rally Software tenant.
2. In the toolbar on the top, click Setup, and then select Subscription.
3. Click the Action button. Select Edit Subscription at the top right side of the toolbar.
4. On the Subscription dialog page, perform the following steps, and then click Save & Close:
a. Select Rally or SSO authentication from Authentication dropdown.

b. In the Identity provider URL textbox, paste the value of Azure AD Identifier, which you have copied
from Azure portal.
c. In the SSO Logout textbox, paste the value of Logout URL, which you have copied from Azure portal.


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Rally Software.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Rally Software.
2. In the applications list, select Rally Software.

Create Rally Software test user
For Azure AD users to be able to sign in, they must be provisioned to the Rally Software application using their
Azure Active Directory user names.
1. Sign in to your Rally Software tenant.
2. Go to Setup > USERS, and then click + Add New.
3. Type the name in the New User textbox, and then click Add with Details.
a. In the User Name textbox, type the name of user like Brittsimon.
b. In E -mail Address textbox, enter the email of user like brittasimon@contoso.com.
c. In First Name text box, enter the first name of user like Britta.
d. In Last Name text box, enter the last name of user like Simon.
e. Click Save & Close.
NOTE
You can use any other Rally Software user account creation tools or APIs provided by Rally Software to provision
Azure AD user accounts.
Test single sign-on

When you click the Rally Software tile in the Access Panel, you should be automatically signed in to the Rally
Software for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Tutorial: Azure Active Directory integration with Real
Links
In this tutorial, you learn how to integrate Real Links with Azure Active Directory (Azure AD ). Integrating Real
Links with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Real Links.
You can enable your users to be automatically signed-in to Real Links (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Real Links, you need the following items:
Real Links single sign-on enabled subscription
Real Links supports SP initiated SSO
Adding Real Links from the gallery

To configure the integration of Real Links into Azure AD, you need to add Real Links from the gallery to your list of
managed SaaS apps.
To add Real Links from the gallery, perform the following steps:
4. In the search box, type Real Links, select Real Links from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Real Links based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Real Links
To configure and test Azure AD single sign-on with Real Links, you need to complete the following building blocks:
2. Configure Real Links Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Real Links test user - to have a counterpart of Britta Simon in Real Links that is linked to the Azure AD
To configure Azure AD single sign-on with Real Links, perform the following steps:
1. In the Azure portal, on the Real Links application integration page, select Single sign-on.
dialog.

a. In the Sign on URL text box, type a URL using the following pattern: https://<SUBDOMAIN>.reallinks.io
urn:amazon:cognito:sp:<SUBDOMAIN>
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Real Links Client
Configure Real Links Single Sign-On

To configure single sign-on on Real Links side, you need to send the App Federation Metadata Url to Real Links

b. In the User name field, type brittasimon@yourcompanydomain.extension . For example,
d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Real Links.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Real Links.
2. In the applications list, select Real Links.
Create Real Links test user
In this section, you create a user called Britta Simon in Real Links. Work with Real Links support team to add the
users in the Real Links platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Real Links tile in the Access Panel, you should be automatically signed in to the Real Links for
Recognize
In this tutorial, you learn how to integrate Recognize with Azure Active Directory (Azure AD ). Integrating
Recognize with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Recognize.
You can enable your users to be automatically signed-in to Recognize (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Recognize, you need the following items:
Recognize single sign-on enabled subscription
Recognize supports SP initiated SSO
Adding Recognize from the gallery

To configure the integration of Recognize into Azure AD, you need to add Recognize from the gallery to your list of
managed SaaS apps.
To add Recognize from the gallery, perform the following steps:
4. In the search box, type Recognize, select Recognize from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Recognize based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Recognize
To configure and test Azure AD single sign-on with Recognize, you need to complete the following building blocks:
2. Configure Recognize Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Recognize test user - to have a counterpart of Britta Simon in Recognize that is linked to the Azure AD
To configure Azure AD single sign-on with Recognize, perform the following steps:
1. In the Azure portal, on the Recognize application integration page, select Single sign-on.
dialog.
following steps:
NOTE
You will get the Service Provider metadata file from the Configure Recognize Single Sign-On section of the
tutorial.

c. After the metadata file is successfully uploaded, the Identifier value get auto populated in Basic SAML
https://recognizeapp.com/<your-domain>/saml/sso
NOTE
If the Identifier value do not get auto populated, you will get the Identifier value by opening the Service Provider
Metadata URL from the SSO Settings section that is explained later in the Configure Recognize Single Sign-On
section of the tutorial. The Sign-on URL value is not real. Update the value with the actual Sign-on URL. Contact
Recognize Client support team to get the value. You can also refer to the patterns shown in the Basic SAML
6. On the Set up Recognize section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Recognize Single Sign-On
1. In a different web browser window, sign in to your Recognize tenant as an administrator.
2. On the upper right corner, click Menu. Go to Company Admin.
4. Perform the following steps on SSO Settings section.

a. As Enable SSO, select ON.
b. In the IDP Entity ID textbox, paste the value of Azure AD Identifier which you have copied from Azure
portal.
c. In the Sso target url textbox, paste the value of Login URL which you have copied from Azure portal.
d. In the Slo target url textbox, paste the value of Logout URL which you have copied from Azure portal.
e. Open your downloaded Certificate (Base64) file in notepad, copy the content of it into your clipboard,
and then paste it to the Certificate textbox.
f. Click the Save settings button.
5. Beside the SSO Settings section, copy the URL under Service Provider Metadata url.
6. Open the Metadata URL link under a blank browser to download the metadata document. Then copy the
EntityDescriptor value(entityID ) from the file and paste it in Identifier textbox in Basic SAML
Configuration on Azure portal.


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Recognize.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Recognize.
2. In the applications list, select Recognize.

Create Recognize test user
In order to enable Azure AD users to log into Recognize, they must be provisioned into Recognize. In the case of
Recognize, provisioning is a manual task.
This app doesn't support SCIM provisioning but has an alternate user sync that provisions users.
1. Sign into your Recognize company site as an administrator.
2. On the upper right corner, click Menu. Go to Company Admin.
4. Perform the following steps on User Sync section.
a. As Sync Enabled, select ON.

b. As Choose sync provider, select Microsoft / Office 365.
c. Click Run User Sync.
Test single sign-on
When you click the Recognize tile in the Access Panel, you should be automatically signed in to the Recognize for
2 minutes to read
RedVector
In this tutorial, you learn how to integrate RedVector with Azure Active Directory (Azure AD ). Integrating
RedVector with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to RedVector.
You can enable your users to be automatically signed-in to RedVector (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with RedVector, you need the following items:
RedVector single sign-on enabled subscription
RedVector supports SP initiated SSO
Adding RedVector from the gallery

To configure the integration of RedVector into Azure AD, you need to add RedVector from the gallery to your list of
managed SaaS apps.
To add RedVector from the gallery, perform the following steps:
4. In the search box, type RedVector, select RedVector from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with RedVector based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in RedVector
To configure and test Azure AD single sign-on with RedVector, you need to complete the following building blocks:
2. Configure RedVector Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create RedVector test user - to have a counterpart of Britta Simon in RedVector that is linked to the Azure AD
To configure Azure AD single sign-on with RedVector, perform the following steps:
1. In the Azure portal, on the RedVector application integration page, select Single sign-on.
dialog.

https://sso2.redvector.com/adfs/<Companyname>
https://<Companyname>.redvector.com/saml2
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact RedVector Client
6. On the Set up RedVector section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure RedVector Single Sign-On
To configure single sign-on on RedVector side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to RedVector support team. They set this setting to have the SAML

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to RedVector.
1. In the Azure portal, select Enterprise Applications, select All applications, then select RedVector.
2. In the applications list, select RedVector.
Create RedVector test user
In this section, you create a user called Britta Simon in RedVector. Work with RedVector support team to add the
users in the RedVector platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the RedVector tile in the Access Panel, you should be automatically signed in to the RedVector for
Reflektive
In this tutorial, you learn how to integrate Reflektive with Azure Active Directory (Azure AD ). Integrating Reflektive
You can control in Azure AD who has access to Reflektive.
You can enable your users to be automatically signed-in to Reflektive (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Reflektive, you need the following items:
Reflektive single sign-on enabled subscription
Reflektive supports SP and IDP initiated SSO
Adding Reflektive from the gallery

To configure the integration of Reflektive into Azure AD, you need to add Reflektive from the gallery to your list of
managed SaaS apps.
To add Reflektive from the gallery, perform the following steps:
4. In the search box, type Reflektive, select Reflektive from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Reflektive based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Reflektive
To configure and test Azure AD single sign-on with Reflektive, you need to complete the following building blocks:
2. Configure Reflektive Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Reflektive test user - to have a counterpart of Britta Simon in Reflektive that is linked to the Azure AD
To configure Azure AD single sign-on with Reflektive, perform the following steps:
1. In the Azure portal, on the Reflektive application integration page, select Single sign-on.
dialog.
In the Identifier text box, use one of the below URL as per confirmation from the reflective support team:
reflektive.com
https://www.reflektive.com/saml/metadata
initiated mode:
In the Sign-on URL text box, type a URL: https://www.reflektive.com/app
NOTE
For SP mode you need to get the email id registered with Reflektive support team. When you enter your ID in the
Email textbox then the single sign-on option will be enabled. You can also refer to the patterns shown in the Basic
7. On the Set up Reflektive section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Reflektive Single Sign-On
To configure single sign-on on Reflektive side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to Reflektive support team. They set this setting to have the SAML

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Reflektive.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Reflektive.
2. In the applications list, select Reflektive.

Create Reflektive test user
In this section, you create a user called Britta Simon in Reflektive. Work with Reflektive support team to add the
users in the Reflektive platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Reflektive tile in the Access Panel, you should be automatically signed in to the Reflektive for
integration with RENRAKU
In this tutorial, you'll learn how to integrate RENRAKU with Azure Active Directory (Azure AD ). When you
integrate RENRAKU with Azure AD, you can:
Control in Azure AD who has access to RENRAKU.
Enable your users to be automatically signed-in to RENRAKU with their Azure AD accounts.
Prerequisites
RENRAKU single sign-on (SSO ) enabled subscription.
RENRAKU supports SP initiated SSO
Adding RENRAKU from the gallery

To configure the integration of RENRAKU into Azure AD, you need to add RENRAKU from the gallery to your list
5. In the Add from the gallery section, type RENRAKU in the search box.
6. Select RENRAKU from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for RENRAKU

Configure and test Azure AD SSO with RENRAKU using a test user called B.Simon. For SSO to work, you need
to establish a link relationship between an Azure AD user and the related user in RENRAKU.
To configure and test Azure AD SSO with RENRAKU, complete the following building blocks:
2. Configure RENRAKU SSO - to configure the single sign-on settings on application side.
a. Create RENRAKU test user - to have a counterpart of B.Simon in RENRAKU that is linked to the Azure

1. In the Azure portal, on the RENRAKU application integration page, find the Manage section and select
single sign-on.
edit the settings.
https://<CUSTOMURL>/front/login?sso
b. In the Identifier (Entity ID ) text box, type a URL using the following pattern: https://<CUSTOMURL>/front
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact RENRAKU Client
6. On the Set up RENRAKU section, copy the appropriate URL (s) based on your requirement.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to RENRAKU.
2. In the applications list, select RENRAKU.
Configure RENRAKU SSO

To configure single sign-on on RENRAKU side, you need to send the downloaded Certificate (Raw) and
appropriate copied URLs from Azure portal to RENRAKU support team. They set this setting to have the SAML
Create RENRAKU test user
In this section, you create a user called B.Simon in RENRAKU. Work with RENRAKU support team to add the
users in the RENRAKU platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the RENRAKU tile in the Access Panel, you should be automatically signed in to the RENRAKU for
Try RENRAKU with Azure AD
Tutorial: Integrate Replicon with Azure Active
Directory
In this tutorial, you'll learn how to integrate Replicon with Azure Active Directory (Azure AD ). When you integrate
Replicon with Azure AD, you can:
Control in Azure AD who has access to Replicon.
Enable your users to be automatically signed-in to Replicon with their Azure AD accounts.
Prerequisites
Replicon single sign-on (SSO ) enabled subscription.
In this tutorial, you configure and test Azure AD SSO in a test environment. Replicon supports SP initiated SSO.
Adding Replicon from the gallery

To configure the integration of Replicon into Azure AD, you need to add Replicon from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Replicon in the search box.
6. Select Replicon from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.

Configure and test Azure AD SSO with Replicon using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Replicon.
To configure and test Azure AD SSO with Replicon, complete the following building blocks:
2. Configure Replicon SSO - to configure the Single Sign-On settings on application side.
5. Create Replicon test user - to have a counterpart of B.Simon in Replicon that is linked to the Azure AD
1. In the Azure portal, on the Replicon application integration page, find the Manage section and select
Single sign-on.
https://global.replicon.com/!/saml2/<client name>/sp-sso/post

https://global.replicon.com/!/saml2/<client name>
https://global.replicon.com/!/saml2/<client name>/sso/post
NOTE
Replicon Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
5. Click the edit/pen icon for SAML Signing Certificate to edit the settings.
a. Select Sign SAML assertion as the Signing Option.

b. Select SHA -256 as the Signing Algorithm.
computer.
Configure Replicon SSO
1. In a different web browser window, sign into your Replicon company site as an administrator.
2. To configure SAML 2.0, perform the following steps:
a. To display the EnableSAML Authentication2 dialog, append the following to your URL, after your
company key: /services/SecurityService1.svc/help/test/EnableSAMLAuthentication2
The following shows the schema of the complete URL:
https://na2.replicon.com/\
<YourCompanyKey\>/services/SecurityService1.svc/help/test/EnableSAMLAuthentication2
b. Click the + to expand the v20Configuration section.
c. Click the + to expand the metaDataConfiguration section.
d. Select SHA256 for xmlSignatureAlgorithm
e. Click Choose File, to select your identity provider metadata XML file, and click Submit.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Replicon.
2. In the applications list, select Replicon.
Create Replicon test user
The objective of this section is to create a user called B.Simon in Replicon.
1. In a web browser window, sign into your Replicon company site as an administrator.
2. Go to Administration > Users.
3. Click +Add User.
4. In the User Profile section, perform the following steps:
a. In the Login Name textbox, type the Azure AD email address of the Azure AD user you want to provision
like B.Simon@contoso.com .
NOTE
Login Name needs to match the user's email address in Azure AD
b. As Authentication Type, select SSO.

c. Set Authentication ID to the same value as Login Name (The Azure AD email address of the user)
d. In the Department textbox, type the user’s department.
e. As Employee Type, select Administrator.
f. Click Save User Profile.
NOTE
You can use any other Replicon user account creation tools or APIs provided by Replicon to provision Azure AD user
accounts.
Test SSO
When you select the Replicon tile in the Access Panel, you should be automatically signed in to the Replicon for
Reviewsnap
In this tutorial, you learn how to integrate Reviewsnap with Azure Active Directory (Azure AD ). Integrating
Reviewsnap with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Reviewsnap.
You can enable your users to be automatically signed-in to Reviewsnap (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Reviewsnap, you need the following items:
Reviewsnap single sign-on enabled subscription
Reviewsnap supports SP and IDP initiated SSO
Adding Reviewsnap from the gallery

To configure the integration of Reviewsnap into Azure AD, you need to add Reviewsnap from the gallery to your
To add Reviewsnap from the gallery, perform the following steps:
4. In the search box, type Reviewsnap, select Reviewsnap from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Reviewsnap based on a test user called Britta
Reviewsnap needs to be established.
To configure and test Azure AD single sign-on with Reviewsnap, you need to complete the following building
blocks:
2. Configure Reviewsnap Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Reviewsnap test user - to have a counterpart of Britta Simon in Reviewsnap that is linked to the Azure
To configure Azure AD single sign-on with Reviewsnap, perform the following steps:
1. In the Azure portal, on the Reviewsnap application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type a URL: https://app.reviewsnap.com
https://app.reviewsnap.com/auth/saml/callback?namespace=<CUSTOMER_NAMESPACE>
initiated mode:
In the Sign-on URL text box, type a URL: https://app.reviewsnap.com/login
NOTE
The Reply URL value is not real. Update the value with the actual Reply URL. Contact Reviewsnap Client support team
portal.
7. On the Set up Reviewsnap section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Reviewsnap Single Sign-On
To configure single sign-on on Reviewsnap side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to Reviewsnap support team. They set this setting to have the SAML

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Reviewsnap.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Reviewsnap.
2. In the applications list, select Reviewsnap.

Create Reviewsnap test user
In this section, you create a user called Britta Simon in Reviewsnap. Work with Reviewsnap support team to add
the users in the Reviewsnap platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Reviewsnap tile in the Access Panel, you should be automatically signed in to the Reviewsnap
Reward Gateway
In this tutorial, you learn how to integrate Reward Gateway with Azure Active Directory (Azure AD ). Integrating
Reward Gateway with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Reward Gateway.
You can enable your users to be automatically signed-in to Reward Gateway (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Reward Gateway, you need the following items:
Reward Gateway single sign-on enabled subscription
Reward Gateway supports IDP initiated SSO
Adding Reward Gateway from the gallery

To configure the integration of Reward Gateway into Azure AD, you need to add Reward Gateway from the gallery
To add Reward Gateway from the gallery, perform the following steps:
4. In the search box, type Reward Gateway, select Reward Gateway from result panel then click Add button

In this section, you configure and test Azure AD single sign-on with Reward Gateway based on a test user called
Reward Gateway needs to be established.
To configure and test Azure AD single sign-on with Reward Gateway, you need to complete the following building
blocks:
2. Configure Reward Gateway Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Reward Gateway test user - to have a counterpart of Britta Simon in Reward Gateway that is linked to
To configure Azure AD single sign-on with Reward Gateway, perform the following steps:
1. In the Azure portal, on the Reward Gateway application integration page, select Single sign-on.
dialog.
https://<companyname>.rewardgateway.com
https://<companyname>.rewardgateway.co.uk/
https://<companyname>.rewardgateway.co.nz/
https://<companyname>.rewardgateway.com.au/
https://<companyname>.rewardgateway.com/Authentication/EndLogin?idp=<Unique Id>
https://<companyname>.rewardgateway.co.uk/Authentication/EndLogin?idp=<Unique Id>
https://<companyname>.rewardgateway.co.nz/Authentication/EndLogin?idp=<Unique Id>
https://<companyname>.rewardgateway.com.au/Authentication/EndLogin?idp=<Unique Id>
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. To get these values start
setting up an Integration on the Reward Manager Portal. Details can be found on
https://success.rewardgateway.com/hc/en-us/articles/360038650573-Microsoft-Azure-for-Authentication
6. On the Set up Reward Gateway section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Reward Gateway Single Sign-On
To configure single sign-on on Reward Gateway side, start setting up an Integration on the Reward Manager
Portal. Use the downloaded metadata to obtain your Signing Certificate and upload that during the configuration.
Details can be found on https://success.rewardgateway.com/hc/en-us/articles/360038650573-Microsoft-Azure-
for-Authentication

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Reward Gateway.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Reward Gateway.
2. In the applications list, select Reward Gateway.

Create Reward Gateway test user
In this section, you create a user called Britta Simon in Reward Gateway. Work with Reward Gateway support team
to add the users in the Reward Gateway platform. Users must be created and activated before you use single sign-
on.
Test single sign-on
When you click the Reward Gateway tile in the Access Panel, you should be automatically signed in to the Reward
Gateway for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
RFPIO
In this tutorial, you learn how to integrate RFPIO with Azure Active Directory (Azure AD ). Integrating RFPIO with
You can control in Azure AD who has access to RFPIO.
You can enable your users to be automatically signed-in to RFPIO (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with RFPIO, you need the following items:
RFPIO single sign-on enabled subscription
RFPIO supports SP and IDP initiated SSO
Adding RFPIO from the gallery

To configure the integration of RFPIO into Azure AD, you need to add RFPIO from the gallery to your list of
managed SaaS apps.
To add RFPIO from the gallery, perform the following steps:
4. In the search box, type RFPIO, select RFPIO from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with RFPIO based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in RFPIO
To configure and test Azure AD single sign-on with RFPIO, you need to complete the following building blocks:
2. Configure RFPIO Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create RFPIO test user - to have a counterpart of Britta Simon in RFPIO that is linked to the Azure AD
To configure Azure AD single sign-on with RFPIO, perform the following steps:
1. In the Azure portal, on the RFPIO application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type a URL using the following pattern: https://www.rfpio.com

c. In the Relay State textbox enter a string value. Contact RFPIO support team to get this value.
initiated mode:
In the Sign-on URL text box, type a URL using the following pattern: https://www.app.rfpio.com
NOTE
These values are not real. Update these values with the actual Identifier and Sign-on URL. Contact RFPIO Client
7. On the Set up RFPIO section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure RFPIO Single Sign-On
1. In a different web browser window, sign in to the RFPIO website as an administrator.
2. Click on the bottom left corner dropdown.
3. Click on the Organization Settings.
4. Click on the FEATURES & INTEGRATION.
5. In the SAML SSO Configuration Click Edit.

6. In this Section perform following actions:
a. Copy the content of the Downloaded Metadata XML and paste it into the identity configuration
field.
NOTE
To copy the content of downloaded Federation Metadata XML Use Notepad++ or proper XML Editor.
b. Click Validate.
c. After Clicking Validate, Flip SAML (Enabled) to on.
d. Click Submit.


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to RFPIO.
1. In the Azure portal, select Enterprise Applications, select All applications, then select RFPIO.
2. In the applications list, select RFPIO.

Create RFPIO test user
1. Sign in to your RFPIO company site as an administrator.
2. Click on the bottom left corner dropdown.
3. Click on the Organization Settings.
4. Click TEAM MEMBERS.
5. Click on ADD MEMBERS.

6. In the Add New Members section. Perform following actions:
a. Enter Email address in the Enter one email per line field.
b. Please select Role according your requirements.
c. Click ADD MEMBERS.
NOTE
becomes active.
Test single sign-on

When you click the RFPIO tile in the Access Panel, you should be automatically signed in to the RFPIO for which
RightAnswers
In this tutorial, you learn how to integrate RightAnswers with Azure Active Directory (Azure AD ). Integrating
RightAnswers with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to RightAnswers.
You can enable your users to be automatically signed-in to RightAnswers (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with RightAnswers, you need the following items:
RightAnswers single sign-on enabled subscription
RightAnswers supports SP initiated SSO
Adding RightAnswers from the gallery

To configure the integration of RightAnswers into Azure AD, you need to add RightAnswers from the gallery to
To add RightAnswers from the gallery, perform the following steps:
4. In the search box, type RightAnswers, select RightAnswers from result panel then click Add button to add
the application.

In this section, you configure and test Azure AD single sign-on with RightAnswers based on a test user called
RightAnswers needs to be established.
To configure and test Azure AD single sign-on with RightAnswers, you need to complete the following building
blocks:
2. Configure RightAnswers Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create RightAnswers test user - to have a counterpart of Britta Simon in RightAnswers that is linked to the
To configure Azure AD single sign-on with RightAnswers, perform the following steps:
1. In the Azure portal, on the RightAnswers application integration page, select Single sign-on.
dialog.

https://<subdomain>.rightanswers.com/portal/ss/
https://<subdomain>.rightanswers.com:<identifier>/portal
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact RightAnswers
6. On the Set up RightAnswers section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure RightAnswers Single Sign-On
To configure single sign-on on RightAnswers side, you need to send the downloaded Federation Metadata
XML and appropriate copied URLs from Azure portal to RightAnswers support team. They set this setting to have
NOTE
Your RightAnswers support team has to do the actual SSO configuration. You will get a notification when SSO has been
enabled for your subscription.


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to RightAnswers.
1. In the Azure portal, select Enterprise Applications, select All applications, then select RightAnswers.
2. In the applications list, select RightAnswers.

Create RightAnswers test user
To enable Azure AD users to sign in to RightAnswers, they must be provisioned into RightAnswers. When
RightAnswers, provisioning is an automated task so there is no action item for you.
Users are automatically created if necessary during the first single sign-on attempt.
NOTE
You can use any other RightAnswers user account creation tools or APIs provided by RightAnswers to provision Azure AD
user accounts.
Test single sign-on

When you click the RightAnswers tile in the Access Panel, you should be automatically signed in to the
RightAnswers for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Rightscale
In this tutorial, you learn how to integrate Rightscale with Azure Active Directory (Azure AD ). Integrating
Rightscale with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Rightscale.
You can enable your users to be automatically signed-in to Rightscale (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Rightscale, you need the following items:
Rightscale single sign-on enabled subscription
Rightscale supports SP and IDP initiated SSO
Adding Rightscale from the gallery

To configure the integration of Rightscale into Azure AD, you need to add Rightscale from the gallery to your list of
managed SaaS apps.
To add Rightscale from the gallery, perform the following steps:
4. In the search box, type Rightscale, select Rightscale from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Rightscale based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Rightscale
To configure and test Azure AD single sign-on with Rightscale, you need to complete the following building blocks:
2. Configure Rightscale Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Rightscale test user - to have a counterpart of Britta Simon in Rightscale that is linked to the Azure
To configure Azure AD single sign-on with Rightscale, perform the following steps:
1. In the Azure portal, on the Rightscale application integration page, select Single sign-on.
dialog.
initiated mode:
In the Sign-on URL text box, type the URL: https://login.rightscale.com/
7. On the Set up Rightscale section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Rightscale Single Sign-On
1. To get SSO configured for your application, you need to sign-on to your RightScale tenant as an
administrator.
2. In the menu on the top, click the Settings tab and select Single Sign-On.
3. Click the new button to add Your SAML Identity Providers.
4. In the textbox of Display Name, input your company name.
5. Select Allow RightScale-initiated SSO using a discovery hint and input your domain name in the
below textbox.
6. Paste the value of Login URL which you have copied from Azure portal into SAML SSO Endpoint in
RightScale.
7. Paste the value of Azure AD Identifier which you have copied from Azure portal into SAML EntityID in
RightScale.
8. Click Browser button to upload the certificate which you downloaded from Azure portal.
9. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Rightscale.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Rightscale.
2. In the applications list, select Rightscale.

Create Rightscale test user
In this section, you create a user called Britta Simon in Rightscale. Work with Rightscale Client support team to add
the users in the Rightscale platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Rightscale tile in the Access Panel, you should be automatically signed in to the Rightscale for
Tutorial: Integrate RingCentral with Azure Active
Directory
In this tutorial, you'll learn how to integrate RingCentral with Azure Active Directory (Azure AD ). When you
integrate RingCentral with Azure AD, you can:
Control in Azure AD who has access to RingCentral.
Enable your users to be automatically signed-in to RingCentral with their Azure AD accounts.
Prerequisites
RingCentral single sign-on (SSO ) enabled subscription.
RingCentral supports IDP initiated SSO
Adding RingCentral from the gallery

To configure the integration of RingCentral into Azure AD, you need to add RingCentral from the gallery to your
5. In the Add from the gallery section, type RingCentral in the search box.
6. Select RingCentral from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.

Configure and test Azure AD SSO with RingCentral using a test user called Britta Simon. For SSO to work, you
need to establish a link relationship between an Azure AD user and the related user in RingCentral.
To configure and test Azure AD SSO with RingCentral, complete the following building blocks:
2. Configure RingCentral SSO - to configure the single sign-on settings on application side.
Create RingCentral test user - to have a counterpart of B.Simon in RingCentral that is linked to the
1. In the Azure portal, on the RingCentral application integration page, find the Manage section and select
Single sign-on.
following steps:
c. After the metadata file is successfully uploaded, the Identifier and Reply URL values get auto
populated in Basic SAML Configuration section.
NOTE
You get the Service Provider metadata file on the RingCentral SSO Configuration page which is explained later in
the tutorial.
5. If you don't have Service Provider metadata file, enter the values for the following fields:
a. In the Identifier textbox, type a URL:
https://sso.ringcentral.com
https://ssoeuro.ringcentral.com
b. In the Reply URL textbox, type a URL:
https://sso.ringcentral.com/sp/ACS.saml2
https://ssoeuro.ringcentral.com/sp/ACS.saml2

box.
d. Click Create.
In this section, you'll enable Britta Simon to use Azure single sign-on by granting access to RingCentral.
2. In the applications list, select RingCentral.
Configure RingCentral SSO

1. To automate the configuration within RingCentral, you need to install My Apps Secure Sign-in browser
2. After adding extension to the browser, click on Set up RingCentral will direct you to the RingCentral
application. From there, provide the admin credentials to sign into RingCentral. The browser extension will
3. If you want to setup RingCentral manually, open a new web browser window and sign into your
RingCentral company site as an administrator and perform the following steps:
4. On the top, click on Tools.
5. Navigate to Single Sign-on.

6. On the Single Sign-on page, under SSO Configuration section, from Step 1 click Edit and perform the
following steps:
7. On the Set up Single Sign-on page, perform the following steps:

a. Click Browse to upload the metadata file which you have downloaded from Azure portal.
b. After uploading metadata the values get auto-populated in SSO General Information section.
c. Under Attribute Mapping section, select Map Email Attribute to as
d. Click Save.
e. From Step 2 click Download to download the Service Provider metadata file and upload it in Basic
SAML Configuration section to auto-populate the Identifier and Reply URL values in Azure portal.
f. On the same page, navigate to Enable SSO section and perform the following steps:
Select Enable SSO Service.

Select Allow users to log in with SSO or RingCentral credential.
Click Save.
Create RingCentral test user
In this section, you create a user called Britta Simon in RingCentral. Work with RingCentral Client support team to
add the users in the RingCentral platform. Users must be created and activated before you use single sign-on.
Test SSO
When you select the RingCentral tile in the Access Panel, you should be automatically signed in to the RingCentral
Try RingCentral with Azure AD
Riskware
In this tutorial, you learn how to integrate Riskware with Azure Active Directory (Azure AD ). Integrating Riskware
You can control in Azure AD who has access to Riskware.
You can enable your users to be automatically signed-in to Riskware (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Riskware, you need the following items:
Riskware single sign-on enabled subscription
Riskware supports SP initiated SSO
Adding Riskware from the gallery

To configure the integration of Riskware into Azure AD, you need to add Riskware from the gallery to your list of
managed SaaS apps.
To add Riskware from the gallery, perform the following steps:
4. In the search box, type Riskware, select Riskware from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Riskware based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Riskware
To configure and test Azure AD single sign-on with Riskware, you need to complete the following building blocks:
2. Configure Riskware Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Riskware test user - to have a counterpart of Britta Simon in Riskware that is linked to the Azure AD
To configure Azure AD single sign-on with Riskware, perform the following steps:
1. In the Azure portal, on the Riskware application integration page, select Single sign-on.
dialog.

UAT https://riskcloud.net/uat?ccode=<COMPANYCODE>
PROD https://riskcloud.net/prod?ccode=<COMPANYCODE>
DEMO https://riskcloud.net/demo?ccode=<COMPANYCODE>
b. In the Identifier (Entity ID ) text box, type the URL:
UAT https://riskcloud.net/uat
PROD https://riskcloud.net/prod
DEMO https://riskcloud.net/demo
NOTE
The Sign on URL value is not real. Update the value with the actual Sign-On URL. Contact Riskware Client support
Azure portal.
6. On the Set up Riskware section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Riskware Single Sign-On
1. In a different web browser window, sign in to your Riskware company site as an administrator.
2. On the top right, click Maintenance to open the maintenance page.
3. In the maintenance page, click Authentication.
4. In Authentication Configuration page, perform the following steps:

a. Select Type as SAML for authentication.
b. In the Code textbox, type your code like AZURE_UAT.
c. In the Description textbox, type your description like AZURE Configuration for SSO.
d. In Single Sign On Page textbox, paste the Login URL value, which you have copied from Azure portal.
e. In Sign out Page textbox, paste the Logout URL value, which you have copied from Azure portal.
f. In the Post Form Field textbox, type the field name present in Post Response that contains SAML like
SAMLResponse
g. In the XML Identity Tag Name textbox, type attribute, which contains the unique identifier in the SAML
response like NameID.
h. Open the downloaded Metadata Xml from Azure portal in notepad, copy the certificate from the
Metadata file and paste it into the Certificate textbox
i. In Consumer URL textbox, paste the value of Reply URL, which you get from the support team.
j. In Issuer textbox, paste the value of Identifier, which you get from the support team.
NOTE
Contact Riskware Client support team to get these values
k. Select Use POST checkbox.

l. Select Use SAML Request checkbox.
m. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Riskware.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Riskware.
2. In the applications list, select Riskware.
Create Riskware test user
To enable Azure AD users to sign in to Riskware, they must be provisioned into Riskware. In Riskware,
1. Sign in to Riskware as a Security Administrator.
2. On the top right, click Maintenance to open the maintenance page.
3. In the maintenance page, click People.
4. Select Details tab and perform the following steps:
a. Select Person Type like Employee.

b. In First Name textbox, enter the first name of user like Britta.
c. In Surname textbox, enter the last name of user like Simon.
5. On the Security tab, perform the following steps:
a. Under Authentication section, select the Authentication mode, which you have setup like AZURE
Configuration for SSO.
b. Under Logon Details section, in the User ID textbox, enter the email of user like
brittasimon@contoso.com .
c. In the Password textbox, enter password of the user.

6. On the Organization tab, perform the following steps:
a. Select the option as Level1 organization.

b. Under Person's Primary Workplace section, in the Location textbox, type your location.
c. Under Employee section, select Employee Status like Casual.
d. Click Save.
Test single sign-on
When you click the Riskware tile in the Access Panel, you should be automatically signed in to the Riskware for
integration with Riva
In this tutorial, you'll learn how to integrate Riva with Azure Active Directory (Azure AD ). When you integrate Riva
Control in Azure AD who has access to Riva.
Enable your users to be automatically signed-in to Riva with their Azure AD accounts.
Prerequisites
Riva single sign-on (SSO ) enabled subscription.
Riva supports IDP initiated SSO
Adding Riva from the gallery

To configure the integration of Riva into Azure AD, you need to add Riva from the gallery to your list of managed
SaaS apps.
5. In the Add from the gallery section, type Riva in the search box.
6. Select Riva from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
Configure and test Azure AD single sign-on for Riva

Configure and test Azure AD SSO with Riva using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Riva.
To configure and test Azure AD SSO with Riva, complete the following building blocks:
2. Configure Riva SSO - to configure the single sign-on settings on application side.
Create Riva test user - to have a counterpart of B.Simon in Riva that is linked to the Azure AD

1. In the Azure portal, on the Riva application integration page, find the Manage section and select single
sign-on.
edit the settings.
6. On the Set up Riva section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Riva.
2. In the applications list, select Riva.
Configure Riva SSO

To configure single sign-on on Riva side, you need to send the downloaded Certificate (Base64) and appropriate
copied URLs from Azure portal to Riva support team. They set this setting to have the SAML SSO connection set
Create Riva test user
In this section, you create a user called B.Simon in Riva. Work with Riva support team to add the users in the Riva
Test SSO
When you click the Riva tile in the Access Panel, you should be automatically signed in to the Riva for which you
Try Riva with Azure AD
Tutorial: Integrate Robin with Azure Active Directory
In this tutorial, you'll learn how to integrate Robin with Azure Active Directory (Azure AD ). When you integrate
Robin with Azure AD, you can:
Control in Azure AD who has access to Robin.
Enable your users to be automatically signed-in to Robin with their Azure AD accounts.
Prerequisites
Robin single sign-on (SSO ) enabled subscription.
Robin supports SP and IDP initiated SSO
Robin supports Just In Time user provisioning
Adding Robin from the gallery

To configure the integration of Robin into Azure AD, you need to add Robin from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Robin in the search box.
6. Select Robin from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.

Configure and test Azure AD SSO with Robin using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Robin.
To configure and test Azure AD SSO with Robin, complete the following building blocks:
2. Configure Robin SSO - to configure the single sign-on settings on application side.
Create Robin test user - to have a counterpart of B.Simon in Robin that is linked to the Azure AD
1. In the Azure portal, on the Robin application integration page, find the Manage section and select Single
sign-on.
4. On the Basic SAML Configuration section, the application is pre-configured in IDP initiated mode and
the necessary URLs are already pre-populated with Azure. The user needs to save the configuration by
clicking the Save button.
initiated mode:
In the Sign-on URL text box, type a URL: https://dashboard.robinpowered.com/
6. Robin application expects the SAML assertions in a specific format, which requires you to add custom
default attributes.
7. In addition to above, Robin application expects few more attributes to be passed back in SAML response
requirements.
Email user.userprincipalname
9. On the Set up Robin section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Robin.
2. In the applications list, select Robin.
Configure Robin SSO

To configure single sign-on on Robin side, you need to send the downloaded Certificate (Raw) and appropriate
copied URLs from Azure portal to Robin support team. They set this setting to have the SAML SSO connection set
Create Robin test user
In this section, a user called B.Simon is created in Robin. Robin supports just-in-time user provisioning, which is
enabled by default. There is no action item for you in this section. If a user doesn't already exist in Robin, a new one
Test SSO
When you click the Robin tile in the Access Panel, you should be automatically signed in to the Robin for which you
Try Robin with Azure AD
RStudio Connect
In this tutorial, you learn how to integrate RStudio Connect with Azure Active Directory (Azure AD ). Integrating
RStudio Connect with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to RStudio Connect.
You can enable your users to be automatically signed-in to RStudio Connect (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with RStudio Connect, you need the following items:
RStudio Connect. There is a 45 day free evaluation.
RStudio Connect supports SP and IDP initiated SSO
RStudio Connect supports Just In Time user provisioning
Adding RStudio Connect from the gallery

To configure the integration of RStudio Connect into Azure AD, you need to add RStudio Connect from the gallery
To add RStudio Connect from the gallery, perform the following steps:
4. In the search box, type RStudio Connect, select RStudio Connect from result panel then click Add button

In this section, you configure and test Azure AD single sign-on with RStudio Connect based on a test user called
RStudio Connect needs to be established.
To configure and test Azure AD single sign-on with RStudio Connect, you need to complete the following building
blocks:
2. Configure RStudio Connect Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create RStudio Connect test user - to have a counterpart of Britta Simon in RStudio Connect that is linked to
To configure Azure AD single sign-on with RStudio Connect, perform the following steps:
1. In the Azure portal, on the RStudio Connect application integration page, select Single sign-on.
dialog.
perform the following steps, replacing <example.com> with your RStudio Connect Server Address and port:
a. In the Identifier text box, type a URL using the following pattern: https://<example.com>/__login__/saml
https://<example.com>/__login__/saml/acs
initiated mode:
In the Sign-on URL text box, type a URL using the following pattern: https://<example.com>/
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. They are
determined from the RStudio Connect Server Address ( https://example.com in the examples above). Contact the
RStudio Connect support team if you have trouble. You can also refer to the patterns shown in the Basic SAML
6. Your RStudio Connect application expects the SAML assertions in a specific format, which requires you to
RStudio Connect application expects nameidentifier to be mapped with user.mail, so you need to edit the
Configure RStudio Connect Single Sign-On
To configure single sign-on on for RStudio Connect, you need to use the App Federation Metadata Url and
Server Address used above. This is done in the RStudio Connect configuration file at
/etc/rstudio-connect.rstudio-connect.gcfg .
This is an example configuration file:
[Server]
SenderEmail =
; Important! The user-facing URL of your RStudio Connect server.

Address =
[Http]
Listen = :3939
[Authentication]
Provider = saml
[SAML]
Logging = true
; Important! The URL where your IdP hosts the SAML metadata or the path to a local copy of it placed in the
RStudio Connect server.
IdPMetaData =
IdPAttributeProfile = azure
SSOInitiated = IdPAndSP
Store your Server Address in the Server.Address value, and the App Federation Metadata Url in the
SAML.IdPMetaData value.
If you have trouble with configuration, you can read the RStudio Connect Admin Guide or email the RStudio
support team for help.


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to RStudio Connect.
1. In the Azure portal, select Enterprise Applications, select All applications, then select RStudio Connect.
2. In the applications list, select RStudio Connect.

Create RStudio Connect test user
In this section, a user called Britta Simon is created in RStudio Connect. RStudio Connect supports just-in-time
exist in RStudio Connect, a new one is created when you attempt to access RStudio Connect.
Test single sign-on
When you click the RStudio Connect tile in the Access Panel, you should be automatically signed in to the RStudio
Connect for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
RolePoint
In this tutorial, you'll learn how to integrate RolePoint with Azure Active Directory (Azure AD ). This integration
You can use Azure AD to control who has access to RolePoint.
You can enable your users to be automatically signed in to RolePoint (single sign-on) with their Azure AD
accounts.
Directory.
Prerequisites
To configure Azure AD integration with RolePoint, you need to have:
A RolePoint subscription with single sign-on enabled.
RolePoint supports SP -initiated SSO.
Add RolePoint from the gallery

To set up the integration of RolePoint into Azure AD, you need to add RolePoint from the gallery to your list of
managed SaaS apps.

4. In the search box, enter RolePoint. Select RolePoint in the search results and then select Add.

In this section, you'll configure and test Azure AD single sign-on with RolePoint by using a test user named Britta
corresponding user in RolePoint.
To configure and test Azure AD single sign-on with RolePoint, you need to complete these steps:
2. Configure RolePoint single sign-on on the application side.
5. Create a RolePoint test user that's linked to the Azure AD representation of the user.
To configure Azure AD single sign-on with RolePoint, take these steps:
1. In the Azure portal, on the RolePoint application integration page, select Single sign-on:
https://<subdomain>.rolepoint.com/login

https://app.rolepoint.com/<instancename>
NOTE
These values are placeholders. You need to use the actual sign-on URL and identifier. We suggest that you use a
unique string value in the identifier. Contact the RolePoint support team to get these values. You can also refer to the
patterns shown in the Basic SAML Configuration dialog box in the Azure portal.
Download link next to Federation Metadata XML, per your requirements, and save the file on your
computer.
6. In the Set up RolePoint section, copy the appropriate URLs, based on your requirements:
a. Login URL.
c. Logout URL.
Configure RolePoint single sign-on
To set up single sign-on on the RolePoint side, you need to work with the RolePoint support team. Send this team
the Federation Metadata XML file and the URLs that you got from the Azure portal. They'll configure RolePoint to
ensure the SAML SSO connection is set properly on both sides.

d. Select Create.
In this section, you'll enable Britta Simon to use Azure single sign-on by granting her access to RolePoint.
1. In the Azure portal, select Enterprise applications, select All applications, and then select RolePoint.
2. In the list of applications, select RolePoint.

Create a RolePoint test user
Next, you need to create a user named Britta Simon in RolePoint. Work with the RolePoint support team to add
users to RolePoint. Users need to be created and activated before you can use single sign-on.
Test single sign-on
When you select the RolePoint tile in the Access Panel, you should be automatically signed in to the RolePoint
My Apps portal.
Rollbar
In this tutorial, you learn how to integrate Rollbar with Azure Active Directory (Azure AD ). Integrating Rollbar with
You can control in Azure AD who has access to Rollbar.
You can enable your users to be automatically signed-in to Rollbar (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Rollbar, you need the following items:
Rollbar single sign-on enabled subscription
Rollbar supports SP and IDP initiated SSO
Adding Rollbar from the gallery

To configure the integration of Rollbar into Azure AD, you need to add Rollbar from the gallery to your list of
managed SaaS apps.
To add Rollbar from the gallery, perform the following steps:
4. In the search box, type Rollbar, select Rollbar from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Rollbar based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Rollbar
To configure and test Azure AD single sign-on with Rollbar, you need to complete the following building blocks:
2. Configure Rollbar Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Rollbar test user - to have a counterpart of Britta Simon in Rollbar that is linked to the Azure AD
To configure Azure AD single sign-on with Rollbar, perform the following steps:
1. In the Azure portal, on the Rollbar application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type the URL: https://saml.rollbar.com
https://rollbar.com/<accountname>/saml/sso/azure/
initiated mode:
https://rollbar.com/<accountname>/saml/login/azure/
NOTE
These values are not real. Update these values with the actual Reply URL and Sign-On URL. Contact Rollbar Client
7. On the Set up Rollbar section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Rollbar Single Sign-On
1. In a different web browser window, sign in to your Rollbar company site as an administrator.
2. Click on the Profile Settings on the right top corner and then click Account Name settings.
3. Click Identity Provider under SECURITY.
4. In the SAML Identity Provider section, perform the following steps:

a. Select AZURE from the SAML Identity Provider dropdown.
b. Open your metadata file in notepad, copy the content of it into your clipboard, and then paste it to the
SAML Metadata textbox.
c. Click Save.
5. After clicking the save button, the screen will be like this:
NOTE
In order to complete the following step, you must first add yourself as a user to the Rollbar app in Azure.
a. If you want to require all users to authenticate via Azure, then click log in via your identity provider to
re-authenticate via Azure.
b. Once you're returned to the screen, select the Require login via SAML Identity Provider checkbox.
b. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Rollbar.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Rollbar.
2. In the applications list, select Rollbar.
Create Rollbar test user
To enable Azure AD users to sign in to Rollbar, they must be provisioned into Rollbar. In the case of Rollbar,
1. Sign in to your Rollbar company site as an administrator.
2. Click on the Profile Settings on the right top corner and then click Account Name settings.
3. Click Users.
4. Click Invite Team Members.

5. In the textbox, enter the name of user like brittasimon@contoso.com and the click Add/Invite.
6. User receives an invitation and after accepting it they are created in the system.
Test single sign-on
When you click the Rollbar tile in the Access Panel, you should be automatically signed in to the Rollbar for which
Tutorial: Integrate RunMyProcess with Azure Active
Directory
In this tutorial, you'll learn how to integrate RunMyProcess with Azure Active Directory (Azure AD ). When you
integrate RunMyProcess with Azure AD, you can:
Control in Azure AD who has access to RunMyProcess.
Enable your users to be automatically signed-in to RunMyProcess with their Azure AD accounts.
Prerequisites
RunMyProcess single sign-on (SSO ) enabled subscription.
RunMyProcess supports SP initiated SSO
Adding RunMyProcess from the gallery

To configure the integration of RunMyProcess into Azure AD, you need to add RunMyProcess from the gallery to
5. In the Add from the gallery section, type RunMyProcess in the search box.
6. Select RunMyProcess from results panel and then add the app. Wait a few seconds while the app is added to
your tenant.

Configure and test Azure AD SSO with RunMyProcess using a test user called B.Simon. For SSO to work, you
need to establish a link relationship between an Azure AD user and the related user in RunMyProcess.
To configure and test Azure AD SSO with RunMyProcess, complete the following building blocks:
2. Configure RunMyProcess SSO - to configure the Single Sign-On settings on application side.
5. Create RunMyProcess test user - to have a counterpart of B.Simon in RunMyProcess that is linked to the
1. In the Azure portal, on the RunMyProcess application integration page, find the Manage section and
https://live.runmyprocess.com/live/<tenant id>
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact RunMyProcess Client support team to
6. On the Set up RunMyProcess section, copy the appropriate URL (s) based on your requirement.
Configure RunMyProcess SSO
1. In a different web browser window, sign-on to your RunMyProcess tenant as an administrator.
2. In left navigation panel, click Account and select Configuration.
3. Go to Authentication method section and perform below steps:
a. As Method, select SSO with Samlv2.

b. In the SSO redirect textbox, paste the value of Login URL, which you have copied from Azure portal.
c. In the Logout redirect textbox, paste the value of Logout URL, which you have copied from Azure
portal.
d. In the Name ID Format textbox, type the value of Name Identifier Format as
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.
e. Open the downloaded certificate file from Azure portal in notepad, copy the content of certificate file and
then paste it into the Certificate textbox.
f. Click Save icon.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to RunMyProcess.
2. In the applications list, select RunMyProcess.
Create RunMyProcess test user
In order to enable Azure AD users to sign in to RunMyProcess, they must be provisioned into RunMyProcess. In
the case of RunMyProcess, provisioning is a manual task.
1. Sign in to your RunMyProcess company site as an administrator.
2. Click Account and select Users in left navigation panel, then click New User.
3. In the User Settings section, perform the following steps:
a. Type the Name and E -mail of a valid Azure AD account you want to provision into the related textboxes.
b. Select an IDE language, Language, and Profile.
c. Select Send account creation e-mail to me.
d. Click Save.
NOTE
You can use any other RunMyProcess user account creation tools or APIs provided by RunMyProcess to provision
Azure Active Directory user accounts.
Test SSO
When you click the RunMyProcess tile in the Access Panel, you should be automatically signed in to the
RunMyProcess for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Tutorial: Integrate SafeConnect with Azure Active
Directory
In this tutorial, you'll learn how to integrate SafeConnect with Azure Active Directory (Azure AD ). When you
integrate SafeConnect with Azure AD, you can:
Control in Azure AD who has access to SafeConnect.
Enable your users to be automatically signed-in to SafeConnect with their Azure AD accounts.
Prerequisites
SafeConnect single sign-on (SSO ) enabled subscription.
SafeConnect supports SP initiated SSO
Adding SafeConnect from the gallery

To configure the integration of SafeConnect into Azure AD, you need to add SafeConnect from the gallery to your
5. In the Add from the gallery section, type SafeConnect in the search box.
6. Select SafeConnect from results panel and then add the app. Wait a few seconds while the app is added to
your tenant.

Configure and test Azure AD SSO with SafeConnect using a test user called B.Simon. For SSO to work, you need
to establish a link relationship between an Azure AD user and the related user in SafeConnect.
To configure and test Azure AD SSO with SafeConnect, complete the following building blocks:
2. Configure SafeConnect SSO - to configure the Single Sign-On settings on application side.
5. Create SafeConnect test user - to have a counterpart of B.Simon in SafeConnect that is linked to the Azure
1. In the Azure portal, on the SafeConnect application integration page, find the Manage section and select
Single sign-on.
https://portal.myweblogon.com:8443/saml/login
6. On the Set up SafeConnect section, copy the appropriate URL (s) based on your requirement.
Configure SafeConnect SSO

To configure single sign-on on SafeConnect side, you need to send the downloaded Metadata XML and
appropriate copied URLs from Azure portal to SafeConnect support team. They set this setting to have the SAML
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to SafeConnect.
2. In the applications list, select SafeConnect.
Create SafeConnect test user
In this section, you create a user called Britta Simon in SafeConnect. Work with SafeConnect support team to add
the users in the SafeConnect platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the SafeConnect tile in the Access Panel, you should be automatically signed in to the SafeConnect
Tutorial: Integrate SafetyNet with Azure Active
Directory
In this tutorial, you'll learn how to integrate SafetyNet with Azure Active Directory (Azure AD ). When you integrate
SafetyNet with Azure AD, you can:
Control in Azure AD who has access to SafetyNet.
Enable your users to be automatically signed-in to SafetyNet with their Azure AD accounts.
Prerequisites
SafetyNet single sign-on (SSO ) enabled subscription.
SafetyNet supports SP and IDP initiated SSO
Adding SafetyNet from the gallery

To configure the integration of SafetyNet into Azure AD, you need to add SafetyNet from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type SafetyNet in the search box.
6. Select SafetyNet from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.

Configure and test Azure AD SSO with SafetyNet using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in SafetyNet.
To configure and test Azure AD SSO with SafetyNet, complete the following building blocks:
2. Configure SafetyNet SSO - to configure the Single Sign-On settings on application side.
5. Create SafetyNet test user - to have a counterpart of B.Simon in SafetyNet that is linked to the Azure AD
1. In the Azure portal, on the SafetyNet application integration page, find the Manage section and select
Single sign-on.
https://<subdomain>.predictivesolutions.com/sp
https://<subdomain>.predictivesolutions.com/CRMApp/saml/SSO
initiated mode:
https://<subdomain>.predictivesolutions.com
NOTE
SafetyNet Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
Configure SafetyNet SSO
To configure single sign-on on SafetyNet side, you need to send the App Federation Metadata Url to SafetyNet
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to SafetyNet.
2. In the applications list, select SafetyNet.
Create SafetyNet test user
In this section, you create a user called Britta Simon in SafetyNet. Work with SafetyNet support team to add the
users in the SafetyNet platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the SafetyNet tile in the Access Panel, you should be automatically signed in to the SafetyNet for
integration with Salesforce
In this tutorial, you'll learn how to integrate Salesforce with Azure Active Directory (Azure AD ). When you
integrate Salesforce with Azure AD, you can:
Control in Azure AD who has access to Salesforce.
Enable your users to be automatically signed-in to Salesforce with their Azure AD accounts.
Prerequisites
Salesforce single sign-on (SSO ) enabled subscription.
Salesforce supports SP initiated SSO
Salesforce supports Just In Time user provisioning
Salesforce supports Automated user provisioning
Salesforce Mobile application can now be configured with Azure AD for enabling SSO. In this tutorial, you
configure and test Azure AD SSO in a test environment.
Adding Salesforce from the gallery

To configure the integration of Salesforce into Azure AD, you need to add Salesforce from the gallery to your list
5. In the Add from the gallery section, type Salesforce in the search box.
6. Select Salesforce from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Salesforce

Configure and test Azure AD SSO with Salesforce using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Salesforce.
To configure and test Azure AD SSO with Salesforce, complete the following building blocks:
2. Configure Salesforce SSO - to configure the Single Sign-On settings on application side.
a. Create Salesforce test user - to have a counterpart of B.Simon in Salesforce that is linked to the Azure

To configure Azure AD single sign-on with Salesforce, perform the following steps:
1. In the Azure portal, on the Salesforce application integration page, find the Manage section and select
Single sign-on.

a. In the Sign-on URL textbox, type the value using the following pattern:
Enterprise account: https://<subdomain>.my.salesforce.com
Developer account: https://<subdomain>-dev-ed.my.salesforce.com
b. In the Identifier textbox, type the value using the following pattern:
Enterprise account: https://<subdomain>.my.salesforce.com
Developer account: https://<subdomain>-dev-ed.my.salesforce.com
NOTE
These values are not real. Update these values with the actual Sign-on URL and Identifier. Contact Salesforce Client
support team to get these values.
6. On the Set up Salesforce section, copy the appropriate URL (s) as per your requirement.

1. From the left pane in the Azure portal, select Azure Active Directory, select Users, and then select All
users.
box.
d. Click Create.
NOTE
Salesforce user attributes are case sensitive for SAML validation.

In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Salesforce.
2. In the applications list, select Salesforce.
Configure Salesforce SSO

1. Open a new tab in your browser and sign in to your Salesforce administrator account.
2. Click on the Setup under settings icon on the top right corner of the page.
3. Scroll down to the SETTINGS in the navigation pane, click Identity to expand the related section. Then
click Single Sign-On Settings.
4. On the Single Sign-On Settings page, click the Edit button.
NOTE
If you are unable to enable Single Sign-On settings for your Salesforce account, you may need to contact Salesforce
Client support team.
5. Select SAML Enabled, and then click Save.
6. To configure your SAML single sign-on settings, click New from Metadata File.
7. Click Choose File to upload the metadata XML file which you have downloaded from the Azure portal and
click Create.
8. On the SAML Single Sign-On Settings page, fields populate automatically and click save.
9. On the left navigation pane in Salesforce, click Company Settings to expand the related section, and then
click My Domain.
10. Scroll down to the Authentication Configuration section, and click the Edit button.
11. In the Authentication Configuration section, Check the AzureSSO as Authentication Service of your
SAML SSO configuration, and then click Save.
NOTE
If more than one authentication service is selected, users are prompted to select which authentication service they
like to sign in with while initiating single sign-on to your Salesforce environment. If you don’t want it to happen, then
you should leave all other authentication services unchecked.
Create Salesforce test user

In this section, a user called B.Simon is created in Salesforce. Salesforce supports just-in-time provisioning, which
is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Salesforce, a
new one is created when you attempt to access Salesforce. Salesforce also supports automatic user provisioning,
you can find more details here on how to configure automatic user provisioning.
Test SSO
When you click the Salesforce tile in the Access Panel, you should be automatically signed in to the Salesforce for
Test SSO for Salesforce (Mobile)

1. Open Salesforce mobile application. On the sign in page, click on Use Custom Domain.
2. In the Custom Domain textbox, enter your registered custom domain name and click Continue.
3. Enter your Azure AD credentials to sign in into the Salesforce application and click Next.
4. On the Allow Access page as shown below, click Allow to give access to the Salesforce application.
5. Finally after successful sign in, the application homepage will be displayed.
Try Salesforce with Azure AD
Salesforce Sandbox
In this tutorial, you learn how to integrate Salesforce Sandbox with Azure Active Directory (Azure AD ).
Sandboxes give you the ability to create multiple copies of your organization in separate environments for a variety
of purposes, such as development, testing, and training, without compromising the data and applications in your
Salesforce production organization. For more details, see Sandbox Overview.
Integrating Salesforce Sandbox with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Salesforce Sandbox.
You can enable your users to be automatically signed-in to Salesforce Sandbox (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Salesforce Sandbox, you need the following items:
Salesforce Sandbox single sign-on enabled subscription
Salesforce Sandbox supports SP and IDP initiated SSO
Salesforce Sandbox supports Just In Time user provisioning
Salesforce Sandbox supports Automated user provisioning
Adding Salesforce Sandbox from the gallery

To configure the integration of Salesforce Sandbox into Azure AD, you need to add Salesforce Sandbox from the
To add Salesforce Sandbox from the gallery, perform the following steps:
4. In the search box, type Salesforce Sandbox, select Salesforce Sandbox from result panel then click Add

In this section, you configure and test Azure AD single sign-on with Salesforce Sandbox based on a test user called
Britta Simon.
For single sign-on to work, Azure AD needs to know what the counterpart user in Salesforce Sandbox is to a user
in Azure AD. In other words, a link relationship between an Azure AD user and the related user in Salesforce
Sandbox needs to be established.
To configure and test Azure AD single sign-on with Salesforce Sandbox, you need to complete the following
building blocks:
2. Configure Salesforce Sandbox Single Sign-On - to configure the Single Sign-On settings on application
side.
5. Create Salesforce Sandbox test user - to have a counterpart of Britta Simon in Salesforce Sandbox that is
To configure Azure AD single sign-on with Salesforce Sandbox, perform the following steps:
1. In the Azure portal, on the Salesforce Sandbox application integration page, select Single sign-on.
dialog.
configure in IDP initiated mode perform the following steps:
NOTE
You will get the service provider metadata file from the Salesforce Sandbox admin portal which is explained later in
the tutorial.
c. After the metadata file is successfully uploaded, the Reply URL value will get auto populated in Reply
URL textbox.
NOTE
If the Reply URL value do not get auto polulated, then fill in the value manually according to your requirement.
your computer.
6. On the Set up Salesforce Sandbox section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Salesforce Sandbox Single Sign-On
1. Open a new tab in your browser and sign in to your Salesforce Sandbox administrator account.
3. Scroll down to the SETTINGS in the left navigation pane, click Identity to expand the related section. Then

7. Click Choose File to upload the metadata XML file which you have downloaded from the Azure portal and
click Create.
8. On the SAML Single Sign-On Settings page, fields populate automatically and click save.
9. On the Single Sign-On Settings page, click the Download Metadata button to download the service
provider metadata file. Use this file in the Basic SAML Configuration section in the Azure portal for
configuring the necessary URLs as explained above.
10. If you wish to configure the application in SP initiated mode, following are the prerequisites for that:
a. You should have a verified domain.
b. You need to configure and enable your domain on Salesforce Sandbox, steps for this are explained later in
this tutorial.
c. In the Azure portal, on the Basic SAML Configuration section, click Set additional URLs and perform
the following step:
In the Sign-on URL textbox, type the value using the following pattern:
https://<instancename>--Sandbox.<entityid>.my.salesforce.com
NOTE
This value should be copied from the Salesforce Sandbox portal once you have enabled the domain.
11. On the SAML Signing Certificate section, click Federation Metadata XML and then save the xml file on
your computer.
12. Open a new tab in your browser and sign in to your Salesforce Sandbox administrator account.
14. Scroll down to the SETTINGS in the left navigation pane, click Identity to expand the related section. Then
18. Click Choose File to upload the metadata XML file and click Create.
19. On the SAML Single Sign-On Settings page, fields populate automatically, type the name of the
configuration (for example: SPSSOWAAD_Test), in the Name textbox and click save.
20. To enable your domain on Salesforce Sandbox, perform the following steps:
NOTE
Before enabling the domain you need to create the same on Salesforce Sandbox. For more information, see Defining
Your Domain Name. Once the domain is created, please make sure that it's configured correctly.
21. On the left navigation pane in Salesforce Sandbox, click Company Settings to expand the related section,
and then click My Domain.
22. In the Authentication Configuration section, click Edit.
23. In the Authentication Configuration section, as Authentication Service, select the name of the SAML
Single Sign-On Setting which you have set during SSO configuration in Salesforce Sandbox and click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Salesforce Sandbox.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Salesforce
Sandbox.
2. In the applications list, select Salesforce Sandbox.
Create Salesforce Sandbox test user
In this section, a user called Britta Simon is created in Salesforce Sandbox. Salesforce Sandbox supports just-in-
already exist in Salesforce Sandbox, a new one is created when you attempt to access Salesforce Sandbox.
Salesforce Sandbox also supports automatic user provisioning, you can find more details here on how to configure
Test single sign-on
When you click the Salesforce Sandbox tile in the Access Panel, you should be automatically signed in to the
Salesforce Sandbox for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
Samanage
In this tutorial, you learn how to integrate Samanage with Azure Active Directory (Azure AD ). Integrating
Samanage with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Samanage.
You can enable your users to be automatically signed-in to Samanage (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Samanage, you need the following items:
Samanage single sign-on enabled subscription
Samanage supports SP initiated SSO
Adding Samanage from the gallery

To configure the integration of Samanage into Azure AD, you need to add Samanage from the gallery to your list
To add Samanage from the gallery, perform the following steps:
4. In the search box, type Samanage, select Samanage from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Samanage based on a test user called Britta
Samanage needs to be established.
To configure and test Azure AD single sign-on with Samanage, you need to complete the following building blocks:
2. Configure Samanage Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Samanage test user - to have a counterpart of Britta Simon in Samanage that is linked to the Azure
To configure Azure AD single sign-on with Samanage, perform the following steps:
1. In the Azure portal, on the Samanage application integration page, select Single sign-on.
dialog.

https://<Company Name>.samanage.com/saml_login/<Company Name>
https://<Company Name>.samanage.com
NOTE
These values are not real. Update these values with the actual Sign-on URL and Identifier, which is explained later in
the tutorial. For more details contact Samanage Client support team. You can also refer to the patterns shown in the
6. On the Set up Samanage section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Samanage Single Sign-On
1. In a different web browser window, log into your Samanage company site as an administrator.
2. Click Dashboard and select Setup in left navigation pane.
3. Click Single Sign-On.
4. Navigate to Login using SAML section, perform the following steps:

a. Click Enable Single Sign-On with SAML.
b. In the Identity Provider URL textbox, paste the value of Azure Ad Identifier which you have copied
from Azure portal.
c. Confirm the Login URL matches the Sign On URL of Basic SAML Configuration section in Azure
portal.
d. In the Logout URL textbox, enter the value of Logout URL which you have copied from Azure portal.
e. In the SAML Issuer textbox, type the app id URI set in your identity provider.
f. Open your base-64 encoded certificate downloaded from Azure portal in notepad, copy the content of it
into your clipboard, and then paste it to the Paste your Identity Provider x.509 Certificate below
textbox.
g. Click Create users if they do not exist in Samanage.
h. Click Update.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Samanage.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Samanage.
2. In the applications list, select Samanage.
Create Samanage test user
To enable Azure AD users to log in to Samanage, they must be provisioned into Samanage.
In the case of Samanage, provisioning is a manual task.
1. Log into your Samanage company site as an administrator.
2. Click Dashboard and select Setup in left navigation pan.
3. Click the Users tab
4. Click New User.
5. Type the Name and the Email Address of an Azure Active Directory account you want to provision and
click Create user.
NOTE
becomes active. You can use any other Samanage user account creation tools or APIs provided by Samanage to
provision Azure Active Directory user accounts.
Test single sign-on

When you click the Samanage tile in the Access Panel, you should be automatically signed in to the Samanage for
SAML 1.1 Token enabled LOB App
In this tutorial, you learn how to integrate SAML 1.1 Token enabled LOB App with Azure Active Directory (Azure
AD ). Integrating SAML 1.1 Token enabled LOB App with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to SAML 1.1 Token enabled LOB App.
You can enable your users to be automatically signed-in to SAML 1.1 Token enabled LOB App (Single Sign-On)
you begin.
Prerequisites
To configure Azure AD integration with SAML 1.1 Token enabled LOB App, you need the following items:
SAML 1.1 Token enabled LOB App single sign-on enabled subscription
SAML 1.1 Token enabled LOB App supports SP initiated SSO
Adding SAML 1.1 Token enabled LOB App from the gallery
To configure the integration of SAML 1.1 Token enabled LOB App into Azure AD, you need to add SAML 1.1 Token
enabled LOB App from the gallery to your list of managed SaaS apps.
To add SAML 1.1 Token enabled LOB App from the gallery, perform the following steps:
4. In the search box, type SAML 1.1 Token enabled LOB App, select SAML 1.1 Token enabled LOB App

In this section, you configure and test Azure AD single sign-on with SAML 1.1 Token enabled LOB App based on a
related user in SAML 1.1 Token enabled LOB App needs to be established.
To configure and test Azure AD single sign-on with SAML 1.1 Token enabled LOB App, you need to complete the
2. Configure SAML 1.1 Token enabled LOB App Single Sign-On - to configure the Single Sign-On settings
5. Create SAML 1.1 Token enabled LOB App test user - to have a counterpart of Britta Simon in SAML 1.1
Token enabled LOB App that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with SAML 1.1 Token enabled LOB App, perform the following steps:
1. In the Azure portal, on the SAML 1.1 Token enabled LOB App application integration page, select Single
sign-on.
dialog.

a. In the Sign on URL text box, type a URL using the following pattern: https://your-app-url
b. In the Identifier (Entity ID ) text box, type a URL using the following pattern: https://your-app-url
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact SAML 1.1 Token
enabled LOB App Client support team to get these values. You can also refer to the patterns shown in the Basic
6. On the Set up SAML 1.1 Token enabled LOB App section, copy the appropriate URL (s) as per your
requirement.
a. Login URL
c. Logout URL
Configure SAML 1.1 Token enabled LOB App Single Sign-On
To configure single sign-on on SAML 1.1 Token enabled LOB App side, you need to send the downloaded
Certificate (Base64) and appropriate copied URLs from Azure portal to SAML 1.1 Token enabled LOB App

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to SAML 1.1 Token enabled
LOB App.
1. In the Azure portal, select Enterprise Applications, select All applications, then select SAML 1.1 Token
enabled LOB App.
2. In the applications list, type and select SAML 1.1 Token enabled LOB App.
Create SAML 1.1 Token enabled LOB App test user
In this section, you create a user called Britta Simon in SAML 1.1 Token enabled LOB App. Work with SAML 1.1
Token enabled LOB App support team to add the users in the SAML 1.1 Token enabled LOB App platform. Users
Test single sign-on
When you click the SAML 1.1 Token enabled LOB App tile in the Access Panel, you should be automatically signed
in to the SAML 1.1 Token enabled LOB App for which you set up SSO. For more information about the Access
SAML SSO for Bamboo by resolution GmbH
In this tutorial, you learn how to integrate SAML SSO for Bamboo by resolution GmbH with Azure Active
Directory (Azure AD ). Integrating SAML SSO for Bamboo by resolution GmbH with Azure AD provides you with
You can control in Azure AD who has access to SAML SSO for Bamboo by resolution GmbH.
You can enable your users to be automatically signed-in to SAML SSO for Bamboo by resolution GmbH
you begin.
Prerequisites
To configure Azure AD integration with SAML SSO for Bamboo by resolution GmbH, you need the following
items:
SAML SSO for Bamboo by resolution GmbH single sign-on enabled subscription
SAML SSO for Bamboo by resolution GmbH supports SP and IDP initiated SSO
SAML SSO for Bamboo by resolution GmbH supports Just In Time user provisioning
Adding SAML SSO for Bamboo by resolution GmbH from the gallery
To configure the integration of SAML SSO for Bamboo by resolution GmbH into Azure AD, you need to add
SAML SSO for Bamboo by resolution GmbH from the gallery to your list of managed SaaS apps.
To add SAML SSO for Bamboo by resolution GmbH from the gallery, perform the following steps:
4. In the search box, type SAML SSO for Bamboo by resolution GmbH, select SAML SSO for Bamboo by
resolution GmbH from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with SAML SSO for Bamboo by resolution GmbH
and the related user in SAML SSO for Bamboo by resolution GmbH needs to be established.
To configure and test Azure AD single sign-on with SAML SSO for Bamboo by resolution GmbH, you need to
2. Configure SAML SSO for Bamboo by resolution GmbH Single Sign-On - to configure the Single Sign-
5. Create SAML SSO for Bamboo by resolution GmbH test user - to have a counterpart of Britta Simon in
SAML SSO for Bamboo by resolution GmbH that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with SAML SSO for Bamboo by resolution GmbH, perform the following
steps:
1. In the Azure portal, on the SAML SSO for Bamboo by resolution GmbH application integration page,
dialog.
https://<server-base-url>/plugins/servlet/samlsso
initiated mode:
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact SAML
SSO for Bamboo by resolution GmbH Client support team to get these values. You can also refer to the patterns
7. On the Set up SAML SSO for Bamboo by resolution GmbH section, copy the appropriate URL (s) as per
your requirement.
a. Login URL
c. Logout URL
Configure SAML SSO for Bamboo by resolution GmbH Single Sign-On
1. Sign-on to your SAML SSO for Bamboo by resolution GmbH company site as administrator.
2. On the right side of the main toolbar, click Settings > Add-ons.
3. Go to SECURITY section, click on SAML SingleSignOn on the Menubar.
4. On the SAML SIngleSignOn Plugin Configuration page, click Add idp.
5. On the Choose your SAML Identity Provider Page, perform the following steps:
a. Select Idp Type as AZURE AD.
b. In the Name textbox, type the name.
c. In the Description textbox, type the description.
d. Click Next.
6. On the Identity provider configuration page click Next.
7. On the Import SAML Idp Metadata Page, click Load File to upload the METADATA XML file which you
have downloaded from Azure portal.
8. Click Next.
9. Click Save settings.


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to SAML SSO for Bamboo
by resolution GmbH.
1. In the Azure portal, select Enterprise Applications, select All applications, then select SAML SSO for
Bamboo by resolution GmbH.
2. In the applications list, select SAML SSO for Bamboo by resolution GmbH.
Create SAML SSO for Bamboo by resolution GmbH test user
The objective of this section is to create a user called Britta Simon in SAML SSO for Bamboo by resolution GmbH.
SAML SSO for Bamboo by resolution GmbH supports just-in-time provisioning and also users can be created
manually, contact SAML SSO for Bamboo by resolution GmbH Client support team as per your requirement.
Test single sign-on
When you click the SAML SSO for Bamboo by resolution GmbH tile in the Access Panel, you should be
automatically signed in to the SAML SSO for Bamboo by resolution GmbH for which you set up SSO. For more
SAML SSO for Bitbucket by resolution GmbH
In this tutorial, you learn how to integrate SAML SSO for Bitbucket by resolution GmbH with Azure Active
Directory (Azure AD ). Integrating SAML SSO for Bitbucket by resolution GmbH with Azure AD provides you with
You can control in Azure AD who has access to SAML SSO for Bitbucket by resolution GmbH.
You can enable your users to be automatically signed-in to SAML SSO for Bitbucket by resolution GmbH
you begin.
Prerequisites
To configure Azure AD integration with SAML SSO for Bitbucket by resolution GmbH, you need the following
items:
SAML SSO for Bitbucket by resolution GmbH single sign-on enabled subscription
SAML SSO for Bitbucket by resolution GmbH supports SP and IDP initiated SSO
SAML SSO for Bitbucket by resolution GmbH supports Just In Time user provisioning
Adding SAML SSO for Bitbucket by resolution GmbH from the gallery
To configure the integration of SAML SSO for Bitbucket by resolution GmbH into Azure AD, you need to add
SAML SSO for Bitbucket by resolution GmbH from the gallery to your list of managed SaaS apps.
To add SAML SSO for Bitbucket by resolution GmbH from the gallery, perform the following steps:
4. In the search box, type SAML SSO for Bitbucket by resolution GmbH, select SAML SSO for Bitbucket
by resolution GmbH from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with SAML SSO for Bitbucket by resolution GmbH
and the related user in SAML SSO for Bitbucket by resolution GmbH needs to be established.
To configure and test Azure AD single sign-on with SAML SSO for Bitbucket by resolution GmbH, you need to
2. Configure SAML SSO for Bitbucket by resolution GmbH Single Sign-On - to configure the Single Sign-
5. Create SAML SSO for Bitbucket by resolution GmbH test user - to have a counterpart of Britta Simon in
SAML SSO for Bitbucket by resolution GmbH that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with SAML SSO for Bitbucket by resolution GmbH, perform the following
steps:
1. In the Azure portal, on the SAML SSO for Bitbucket by resolution GmbH application integration page,
dialog.
4. On the Basic SAML Configuration section, perform the following steps if you wish to configure the
initiated mode:
NOTE
SSO for Bitbucket by resolution GmbH Client support team to get these values. You can also refer to the patterns
Configure SAML SSO for Bitbucket by resolution GmbH Single Sign-On

1. Sign-on to your SAML SSO for Bitbucket by resolution GmbH company site as administrator.
2. On the right side of the main toolbar, click Settings.
3. Go to ACCOUNTS section, click on SAML SingleSignOn on the Menubar.
4. On the SAML SIngleSignOn Plugin Configuration page, click Add idp.
5. On the Choose your SAML Identity Provider Page, perform the following steps:
a. Select Idp Type as AZURE AD.

b. In the Name textbox, type the name.
c. In the Description textbox, type the description.
d. Click Next.
6. On the Identity provider configuration page, click Next.
7. On the Import SAML Idp Metadata Page, click Load File to upload the METADATA XML file which you
have downloaded from Azure portal.
8. Click Next.
9. Click Save settings.



d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to SAML SSO for Bitbucket
by resolution GmbH.
Bitbucket by resolution GmbH.
2. In the applications list, type and select SAML SSO for Bitbucket by resolution GmbH.
Create SAML SSO for Bitbucket by resolution GmbH test user
The objective of this section is to create a user called Britta Simon in SAML SSO for Bitbucket by resolution
GmbH. SAML SSO for Bitbucket by resolution GmbH supports just-in-time provisioning and also users can be
created manually, contact SAML SSO for Bitbucket by resolution GmbH Client support team as per your
requirement.
Test single sign-on
When you click the SAML SSO for Bitbucket by resolution GmbH tile in the Access Panel, you should be
automatically signed in to the SAML SSO for Bitbucket by resolution GmbH for which you set up SSO. For more
SAML SSO for Confluence by resolution GmbH
In this tutorial, you learn how to integrate SAML SSO for Confluence by resolution GmbH with Azure Active
Directory (Azure AD ). Integrating SAML SSO for Confluence by resolution GmbH with Azure AD provides you
with the following benefits:
You can control in Azure AD who has access to SAML SSO for Confluence by resolution GmbH.
You can enable your users to be automatically signed-in to SAML SSO for Confluence by resolution GmbH
you begin.
Prerequisites
To configure Azure AD integration with SAML SSO for Confluence by resolution GmbH, you need the following
items:
SAML SSO for Confluence by resolution GmbH single sign-on enabled subscription
SAML SSO for Confluence by resolution GmbH supports SP and IDP initiated SSO
Adding SAML SSO for Confluence by resolution GmbH from the

gallery
To configure the integration of SAML SSO for Confluence by resolution GmbH into Azure AD, you need to add
SAML SSO for Confluence by resolution GmbH from the gallery to your list of managed SaaS apps.
To add SAML SSO for Confluence by resolution GmbH from the gallery, perform the following steps:
4. In the search box, type SAML SSO for Confluence by resolution GmbH, select SAML SSO for
Confluence by resolution GmbH from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with SAML SSO for Confluence by resolution
GmbH based on a test user called Britta Simon. For single sign-on to work, a link relationship between an Azure
AD user and the related user in SAML SSO for Confluence by resolution GmbH needs to be established.
To configure and test Azure AD single sign-on with SAML SSO for Confluence by resolution GmbH, you need to
2. Configure SAML SSO for Confluence by resolution GmbH Single Sign-On - to configure the Single
Sign-On settings on application side.
5. Create SAML SSO for Confluence by resolution GmbH test user - to have a counterpart of Britta Simon in
SAML SSO for Confluence by resolution GmbH that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with SAML SSO for Confluence by resolution GmbH, perform the following
steps:
1. In the Azure portal, on the SAML SSO for Confluence by resolution GmbH application integration page,
dialog.
4. On the Basic SAML Configuration section perform the following steps, if you wish to configure the
application in IDP Initiated mode:
initiated mode:
NOTE
SSO for Confluence by resolution GmbH Client support team to get these values. You can also refer to the patterns
Configure SAML SSO for Confluence by resolution GmbH Single Sign-On

1. In a different web browser window, log in to your SAML SSO for Confluence by resolution GmbH
admin portal as an administrator.
3. You are redirected to Administrator Access page. Enter the password and click Confirm button.
4. Under ATLASSIAN MARKETPLACE tab, click Find new add-ons.
5. Search SAML Single Sign On (SSO ) for Confluence and click Install button to install the new SAML
plugin.
6. The plugin installation will start. Click Close.
7. Click Manage.
9. This new plugin can also be found under USERS & SECURITY tab.
10. On SAML SingleSignOn Plugin Configuration page, click Add new IdP button to configure the
settings of Identity Provider.
11. On Choose your SAML Identity Provider page, perform the following steps:
a. Set Azure AD as the IdP type.
b. Add Name of the Identity Provider (e.g Azure AD ).
c. Add Description of the Identity Provider (e.g Azure AD ).
d. Click Next.
12. On Identity provider configuration page, click Next button.
13. On Import SAML IdP Metadata page, perform the following steps:
a. Click Load File button and pick Metadata XML file you downloaded in Step 5.
b. Click Import button.
c. Wait briefly until import succeeds.
d. Click Next button.
14. On User ID attribute and transformation page, click Next button.
15. On User creation and update page, click Save & Next to save settings.
16. On Test your settings page, click Skip test & configure manually to skip the user test for now. This will
be performed in the next section and requires some settings in Azure portal.
17. In the appearing dialog reading Skipping the test means..., click OK.


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to SAML SSO for
Confluence by resolution GmbH.
Confluence by resolution GmbH.
2. In the applications list, type and select SAML SSO for Confluence by resolution GmbH.
Create SAML SSO for Confluence by resolution GmbH test user
To enable Azure AD users to log in to SAML SSO for Confluence by resolution GmbH, they must be provisioned
into SAML SSO for Confluence by resolution GmbH.
In SAML SSO for Confluence by resolution GmbH, provisioning is a manual task.
1. Log in to your SAML SSO for Confluence by resolution GmbH company site as an administrator.
3. Under Users section, click Add users tab. On the “Add a User” dialog page, perform the following steps:
a. In the Username textbox, type the email of user like Britta Simon.
b. In the Full Name textbox, type the full name of user like Britta Simon.
d. In the Password textbox, type the password for Britta Simon.
Test single sign-on
When you click the SAML SSO for Confluence by resolution GmbH tile in the Access Panel, you should be
automatically signed in to the SAML SSO for Confluence by resolution GmbH for which you set up SSO. For more
SAML SSO for Jira by resolution GmbH
In this tutorial, you learn how to set up SAML SSO for Jira by resolution GmbH with Azure Active Directory (Azure
AD ). Integrating SAML SSO for Jira by resolution GmbH with Azure AD provides you with the following benefits:
You can control in Azure AD who can sign in to Jira with the SAML SSO plugin by resolution GmbH.
You can enable your users to be automatically signed-in to Jira with their Azure AD accounts by using SAML
SSO for Jira by resolution GmbH (Single Sign-On).
you begin.
Prerequisites
To configure Azure AD integration and SAML SSO for Jira by resolution GmbH, you need the following items:
An Azure AD subscription. If you don't have an Azure AD environment, you can get a one-month trial here
SAML SSO for Jira by resolution GmbH single sign-on enabled subscription
SAML SSO for Jira by resolution GmbH supports SP and IDP initiated SSO
Adding an enterprise application for single sign-on

In order to set up single sign-on in Azure AD, you need to add a new enterprise application. In the gallery, there is a
pre-configured application preset for this, SAML SSO for Jira by resolution GmbH.
To add SAML SSO for Jira by resolution GmbH from the gallery, perform the following steps:
2. Navigate to Enterprise Applications, and then click All Applications.

3. To add new application, click the New application button on the top of dialog.
4. In the search box, type SAML SSO for Jira by resolution GmbH, select SAML SSO for Jira by
resolution GmbH from the result panel, and then click the Add button to add the application. You can also
change the name of the enterprise app.
Configure and test single sign-on with the SAML SSO plugin and Azure
AD
In this section, you will test and configure single sign-on to Jira for an Azure AD user. This will be done for a test
user in SAML SSO for Jira by resolution GmbH needs to be established.
To configure and test single sign-on, you need to complete the following steps:
1. Configure the Azure AD enterprise application for single sign-on - Configure the Azure AD enterprise
application for the single sign-on
2. Configure the SAML SSO plugin of your Jira instance - Configure the Single Sign-On settings on
application side.
3. Create an Azure AD test user - Create a test user in Azure AD.
4. Assign the Azure AD test user - Enabling the test user to use the single sign-on the Azure side.
5. Create the test user in Jira - Create a counterpart test user in Jira for the Azure AD test user.
6. Test single sign-on - Verify whether the configuration works.
Configure the Azure AD enterprise application for single sign-on
In this section, you set up the single sign-on in the Azure portal.
To configure the single sign-on with SAML SSO for Jira by resolution GmbH, perform the following steps:
1. In the Azure portal, in the just created SAML SSO for Jira by resolution GmbH enterprise application,
select Single sign-on in the left panel.
2. For Select a Single sign-on method, select the SAML mode to enable single sign-on.
3. Afterwards, click the Edit icon to open the Basic SAML Configuration dialog.
4. In the Basic SAML Configuration section, if you wish to configure the application in the IDP initiated
mode, then perform the following steps:
c. Click Set additional URLs and perform the following step, if you wish to configure the application in the
SP initiated mode:
NOTE
For the Identifier, Reply URL and Sign-on URL, substitute <server-base-url> with the base URL of your Jira instance.
You can also refer to the patterns shown in the Basic SAML Configuration section in the Azure portal. If you have a
problem, contact us at SAML SSO for Jira by resolution GmbH Client support team.
5. On the Set up Single Sign-On with SAML page, in the SAML Signing Certificate section, download the
Federation Metadata XML and save it to your computer.
Configure the SAML SSO plugin of your Jira instance

1. In a different web browser window, sign in to your Jira instance as an administrator.
2. Hover over the cog at the right side and click Manage apps.
3. If you are redirected to Administrator Access page, enter the Password and click the Confirm button.
4. Jira normally redirects you to the Atlassian marketplace. If not, click on Find new apps in the left panel.
Search for SAML Single Sign On (SSO ) for JIRA and click the Install button to install the SAML plugin.
5. The plugin installation will start. When it's done, click the Close button.
6. Then, click Manage.

7. Afterwards, click Configure to configure the just installed plugin.
8. In the SAML SingleSignOn Plugin Configuration wizard, click Add new IdP to configure Azure AD as a
new Identity Provider.
9. On the Choose your SAML Identity Provider page, perform the following steps:
a. Set Azure AD as the IdP type.
b. Add the Name of the Identity Provider (e.g Azure AD ).
c. Add an (optional) Description of the Identity Provider (e.g Azure AD ).
d. Click Next.
10. On the Identity provider configuration page, click Next.
11. On Import SAML IdP Metadata page, perform the following steps:
a. Click the Select Metadata XML File button and pick the Federation Metadata XML file you
downloaded before.
b. Click the Import button.
c. Wait briefly until the import succeeds.
d. Click the Next button.
12. On User ID attribute and transformation page, click the Next button.
13. On the User creation and update page, click Save & Next to save the settings.
14. On the Test your settings page, click Skip test & configure manually to skip the user test for now. This
will be performed in the next section and requires some settings in the Azure portal.
15. Click OK to skip the warning.

The objective of this section is to create a test user in the Azure portal called Britta Simon. With the user, you will
test single sign-on.
2. Choose New user at the top of the screen.
3. In the User properties, perform the following steps:

a. In the Name field, enter Britta Simon.
b. In the User name field, enter BrittaSimon@contoso.com.
box.
d. Click Create.
In this section, you add Britta Simon to the enterprise application, which allows her to use single sign-on.
2. In the applications list, search for the enterprise application you've created in the beginning of this tutorial. If
you are following the steps of the tutorial, it's called SAML SSO for Jira by resolution GmbH. If you've
given it a another name, search for that name.
3. In the left panel, click Users and groups.
4. Select Add user, and then select Users and groups in the Add Assignment dialog.
5. In the Users and groups dialog, select Britta Simon from the Users list, and then click the Select button at
6. If you're expecting any role value in the SAML assertion, then in the Select Role dialog, select the
appropriate role for the user from the list, and then click the Select button at the bottom of the screen.
Create the test user also in Jira
To enable Azure AD users to sign in to SAML SSO for Jira by resolution GmbH, they must be provisioned into
SAML SSO for Jira by resolution GmbH. For the case of this tutorial, you have to do the provisioning by hand.
However, there are also other provisioning models available for the SAML SSO plugin by resolution, for example
Just In Time provisioning. Refer to their documentation at SAML SSO by resolution GmbH. If you have a
question about it, contact support at resolution support.
To manually provision a user account, perform the following steps:
1. Sign in to Jira instance as an administrator.
2. Hover over the cog and select User management.
3. If you are redirected to the Administrator Access page, then enter the Password and click the Confirm
button.
4. Under the User management tab section, click create user.
5. On the “Create new user” dialog page, perform the following steps. You have to create the user exactly like
in Azure AD:
a. In the Email address textbox, type the email address of the user: BrittaSimon@contoso.com.
b. In the Full Name textbox, type full name of the user: Britta Simon.
c. In the Username textbox, type the email address of the user: BrittaSimon@contoso.com.
d. In the Password textbox, enter the password of the user.
e. Click Create user to finish the user creation.
Test single sign-on
When you click the SAML SSO for Jira by resolution GmbH tile in the Access Panel, you should be automatically
signed in to the SAML SSO for Jira by resolution GmbH for which you set up SSO. For more information about
You can also test single sign-on, if you navigate to https://<server-base-url>/plugins/servlet/samlsso. Substitute
<server-base-url> with the base URL of your Jira instance.
Enable single sign-on redirection for Jira

As noted in the section before, there are currently two ways to trigger the single sign-on. Either by using the Azure
portal or using a special link to your Jira instance. The SAML SSO plugin by resolution GmbH also allows you
to trigger single sign-on by simply accessing any URL pointing to your Jira instance.
In essence, all users accessing Jira will be redirected to the single sign-on after activating an option in the plugin.
To activate SSO redirect, do the following in your Jira instance:
1. Access the configuration page of the SAML SSO plugin in Jira.
2. Click on Redirection in the left panel.
3. Tick Enable SSO Redirect.
4. Press the Save Settings button in the top right corner.

After activating the option, you can still reach the username/password prompt if the Enable nosso option is ticked
by navigating to https://<server-base-url>/login.jsp?nosso. As always, substitute <server-base-url> with your
base URL.
integration with Azure AD SAML Toolkit
In this tutorial, you'll learn how to integrate Azure AD SAML Toolkit with Azure Active Directory (Azure AD ). When
you integrate Azure AD SAML Toolkit with Azure AD, you can:
Control in Azure AD who has access to Azure AD SAML Toolkit.
Enable your users to be automatically signed-in to Azure AD SAML Toolkit with their Azure AD accounts.
Prerequisites
Azure AD SAML Toolkit single sign-on (SSO ) enabled subscription.
Azure AD SAML Toolkit supports SP initiated SSO
Adding Azure AD SAML Toolkit from the gallery

To configure the integration of Azure AD SAML Toolkit into Azure AD, you need to add Azure AD SAML Toolkit
5. In the Add from the gallery section, type Azure AD SAML Toolkit in the search box.
6. Select Azure AD SAML Toolkit from results panel and then add the app. Wait a few seconds while the app is
Configure and test Azure AD single sign-on for Azure AD SAML Toolkit
Configure and test Azure AD SSO with Azure AD SAML Toolkit using a test user called B.Simon. For SSO to
work, you need to establish a link relationship between an Azure AD user and the related user in Azure AD SAML
Toolkit.
To configure and test Azure AD SSO with Azure AD SAML Toolkit, complete the following building blocks:
2. Configure Azure AD SAML Toolkit SSO - to configure the single sign-on settings on application side.
a. Create Azure AD SAML Toolkit test user - to have a counterpart of B.Simon in Azure AD SAML
Toolkit that is linked to the Azure AD representation of user.

1. In the Azure portal, on the Azure AD SAML Toolkit application integration page, find the Manage section
edit the settings.
a. In the Sign on URL text box, type a URL: https://samltoolkit.azurewebsites.net/
b. In the Identifier (Entity ID ) text box, type a URL: https://samltoolkit.azurewebsites.net
c. In the Reply URL text box, type a URL: https://samltoolkit.azurewebsites.net/SAML/Consume
6. On the Set up Azure AD SAML Toolkit section, copy the appropriate URL (s) based on your requirement.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Azure AD SAML Toolkit.
2. In the applications list, select Azure AD SAML Toolkit.
Configure Azure AD SAML Toolkit SSO

1. Open a new web browser window, if you have not registered in the Azure AD SAML Toolkit website, first
register by clicking on the Register. If you have registered already, sign into your Azure AD SAML Toolkit
company site using the registered sign in credentials.
2. Click on the SAML Configuration.
3. Click Create.
4. On the SAML SSO Configuration page, perform the following steps:

a. In the Login URL textbox, paste the Login URL value, which you have copied from the Azure portal.
b. In the Azure AD Identifier textbox, paste the Azure AD Identifier value, which you have copied
c. In the Logout URL textbox, paste the Logout URL value, which you have copied from the Azure
portal.
d. Click Choose File and upload the Certificate (Raw) file which you have downloaded from the
Azure portal.
e. Click Create.
Create Azure AD SAML Toolkit test user
In this section, a user called B.Simon is created in Azure AD SAML Toolkit. Azure AD SAML Toolkit supports just-
doesn't already exist in Azure AD SAML Toolkit, a new one is created after authentication.
Test SSO
When you click the Azure AD SAML Toolkit tile in the Access Panel, you should be automatically signed in to the
Azure AD SAML Toolkit for which you set up SSO. For more information about the Access Panel, see Introduction
Try Azure AD SAML Toolkit with Azure AD
Tutorial: Integrate Sansan with Azure Active Directory
In this tutorial, you'll learn how to integrate Sansan with Azure Active Directory (Azure AD ). When you integrate
Sansan with Azure AD, you can:
Control in Azure AD who has access to Sansan.
Enable your users to be automatically signed-in to Sansan with their Azure AD accounts.
Prerequisites
Sansan single sign-on (SSO ) enabled subscription.
In this tutorial, you configure and test Azure AD SSO in a test environment. Sansan supports SP initiated SSO.
Adding Sansan from the gallery

To configure the integration of Sansan into Azure AD, you need to add Sansan from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Sansan in the search box.
6. Select Sansan from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.

Configure and test Azure AD SSO with Sansan using a test user called Britta Simon. For SSO to work, you need
to establish a link relationship between an Azure AD user and the related user in Sansan.
To configure and test Azure AD SSO with Sansan, complete the following building blocks:
2. Configure Sansan to configure the SSO settings on application side.
5. Create Sansan test user to have a counterpart of Britta Simon in Sansan that is linked to the Azure AD
1. In the Azure portal, on the Sansan application integration page, find the Manage section and select Single
sign-on.
a. In the Sign-on URL text box, type any one of the URL using the following pattern:
ENVIRONMENT URL
PC web https://ap.sansan.com/v/saml2/<company name>/acs
Native Mobile app https://internal.api.sansan.com/saml2/<company

name>/acs
Mobile browser settings https://ap.sansan.com/s/saml2/<company name>/acs
b. In the Identifier (Entity ID ) text box, you can set-up multiple identifier values and select any one of
them as per the environments.
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact Sansan Client support team to get the
6. On the Set up Sansan section, copy the appropriate URL (s) based on your requirement.
Configure Sansan
To configure single sign-on on Sansan side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to Sansan Client support team. They set this setting to have the SAML
box.
d. Click Create.
In this section, you'll enable Britta Simon to use Azure single sign-on by granting access to Sansan.
2. In the applications list, select Sansan.
Create Sansan test user
In this section, you create a user called Britta Simon in Sansan. Sansan application needs the user to be provisioned
in the application before doing SSO.
NOTE
If you need to create a user manually or batch of users, you need to contact the Sansan support team.
Test SSO
When you select the Sansan tile in the Access Panel, you should be automatically signed in to the Sansan for which
Tutorial: Azure Active Directory integration with SAP
Business ByDesign
In this tutorial, you learn how to integrate SAP Business ByDesign with Azure Active Directory (Azure AD ).
Integrating SAP Business ByDesign with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to SAP Business ByDesign.
You can enable your users to be automatically signed-in to SAP Business ByDesign (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with SAP Business ByDesign, you need the following items:
SAP Business ByDesign single sign-on enabled subscription
SAP Business ByDesign supports SP initiated SSO
Adding SAP Business ByDesign from the gallery

To configure the integration of SAP Business ByDesign into Azure AD, you need to add SAP Business ByDesign
To add SAP Business ByDesign from the gallery, perform the following steps:
4. In the search box, type SAP Business ByDesign, select SAP Business ByDesign from result panel then

In this section, you configure and test Azure AD single sign-on with SAP Business ByDesign based on a test user
in SAP Business ByDesign needs to be established.
To configure and test Azure AD single sign-on with SAP Business ByDesign, you need to complete the following
building blocks:
2. Configure SAP Business ByDesign Single Sign-On - to configure the Single Sign-On settings on
application side.
5. Create SAP Business ByDesign test user - to have a counterpart of Britta Simon in SAP Business ByDesign
To configure Azure AD single sign-on with SAP Business ByDesign, perform the following steps:
1. In the Azure portal, on the SAP Business ByDesign application integration page, select Single sign-on.
dialog.

https://<servername>.sapbydesign.com
https://<servername>.sapbydesign.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact SAP Business
ByDesign Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
5. SAP Business ByDesign application expects the SAML assertions in a specific format. Configure the
6. Click on the Edit icon to edit the Name identifier value.

7. On the Manage user claims section, perform the following steps:
a. Select Transformation as a Source.

b. In the Transformation dropdown list, select ExtractMailPrefix().
c. In the Parameter 1 dropdown list, select the user attribute you want to use for your implementation. For
d. Click Save.
9. On the Set up SAP Business ByDesign section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure SAP Business ByDesign Single Sign-On
1. Sign on to your SAP Business ByDesign portal with administrator rights.
2. Navigate to Application and User Management Common Task and click the Identity Provider tab.
3. Click New Identity Provider and select the metadata XML file that you have downloaded from the Azure
portal. By importing the metadata, the system automatically uploads the required signature certificate and
encryption certificate.
4. To include the Assertion Consumer Service URL into the SAML request, select Include Assertion
Consumer Service URL.
5. Click Activate Single Sign-On.
7. Click the My System tab.
8. In the Azure AD Sign On URL textbox, paste Login URL value, which you have copied from the Azure
portal.
9. Specify whether the employee can manually choose between logging on with user ID and password or SSO
by selecting Manual Identity Provider Selection.
10. In the SSO URL section, specify the URL that should be used by the employee to signon to the system. In
the URL Sent to Employee dropdown list, you can choose between the following options:
Non-SSO URL
The system sends only the normal system URL to the employee. The employee cannot signon using SSO,
and must use password or certificate instead.
SSO URL
The system sends only the SSO URL to the employee. The employee can signon using SSO. Authentication
request is redirected through the IdP.
Automatic Selection
If SSO is not active, the system sends the normal system URL to the employee. If SSO is active, the system
checks whether the employee has a password. If a password is available, both SSO URL and Non-SSO URL
are sent to the employee. However, if the employee has no password, only the SSO URL is sent to the
employee.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to SAP Business ByDesign.
1. In the Azure portal, select Enterprise Applications, select All applications, then select SAP Business
ByDesign.
2. In the applications list, select SAP Business ByDesign.
Create SAP Business ByDesign test user
In this section, you create a user called Britta Simon in SAP Business ByDesign. Please work with SAP Business
ByDesign Client support team to add the users in the SAP Business ByDesign platform.
NOTE
Please make sure that NameID value should match with the username field in the SAP Business ByDesign platform.
Test single sign-on

When you click the SAP Business ByDesign tile in the Access Panel, you should be automatically signed in to the
SAP Business ByDesign for which you set up SSO. For more information about the Access Panel, see Introduction
Tutorial: Integrate SAP Analytics Cloud with Azure
Active Directory
In this tutorial, you'll learn how to integrate SAP Analytics Cloud with Azure Active Directory (Azure AD ). When
you integrate SAP Analytics Cloud with Azure AD, you can:
Control in Azure AD who has access to SAP Analytics Cloud.
Enable your users to be automatically signed-in to SAP Analytics Cloud with their Azure AD accounts.
Prerequisites
SAP Analytics Cloud single sign-on (SSO ) enabled subscription.
SAP Analytics Cloud supports SP initiated SSO
Adding SAP Analytics Cloud from the gallery

To configure the integration of SAP Analytics Cloud into Azure AD, you need to add SAP Analytics Cloud from the
5. In the Add from the gallery section, type SAP Analytics Cloud in the search box.
6. Select SAP Analytics Cloud from results panel and then add the app. Wait a few seconds while the app is

Configure and test Azure AD SSO with SAP Analytics Cloud using a test user called B.Simon. For SSO to work,
you need to establish a link relationship between an Azure AD user and the related user in SAP Analytics Cloud.
To configure and test Azure AD SSO with SAP Analytics Cloud, complete the following building blocks:
2. Configure SAP Analytics Cloud SSO - to configure the Single Sign-On settings on application side.
5. Create SAP Analytics Cloud test user - to have a counterpart of B.Simon in SAP Analytics Cloud that is
1. In the Azure portal, on the SAP Analytics Cloud application integration page, find the Manage section
https://<sub-domain>.sapanalytics.cloud/
https://<sub-domain>.sapbusinessobjects.cloud/
<sub-domain>.sapbusinessobjects.cloud
<sub-domain>.sapanalytics.cloud
NOTE
The values in these URLs are for demonstration only. Update the values with the actual sign-on URL and identifier
URL. To get the sign-on URL, contact the SAP Analytics Cloud Client support team. You can get the identifier URL by
downloading the SAP Analytics Cloud metadata from the admin console. This is explained later in the tutorial.
computer.
6. On the Set up SAP Analytics Cloud section, copy the appropriate URL (s) based on your requirement.
Configure SAP Analytics Cloud SSO

1. In a different web browser window, sign in to your SAP Analytics Cloud company site as an administrator.
2. Select Menu > System > Administration.
3. On the Security tab, select the Edit (pen) icon.

4. For Authentication Method, select SAML Single Sign-On (SSO ).
5. To download the service provider metadata (Step 1), select Download. In the metadata file, find and copy
the entityID value. In the Azure portal, on the Basic SAML Configuration dialog, paste the value in the
Identifier box.
6. To upload the service provider metadata (Step 2) in the file that you downloaded from the Azure portal,
under Upload Identity Provider metadata, select Upload.
7. In the User Attribute list, select the user attribute (Step 3) that you want to use for your implementation.
This user attribute maps to the identity provider. To enter a custom attribute on the user's page, use the
Custom SAML Mapping option. Or, you can select either Email or USER ID as the user attribute. In our
example, we selected Email because we mapped the user identifier claim with the userprincipalname
attribute in the User Attributes & Claims section in the Azure portal. This provides a unique user email,
which is sent to the SAP Analytics Cloud application in every successful SAML response.
8. To verify the account with the identity provider (Step 4), in the Login Credential (Email) box, enter the
user's email address. Then, select Verify Account. The system adds sign-in credentials to the user account.
9. Select the Save icon.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to SAP Analytics Cloud.
2. In the applications list, select SAP Analytics Cloud.
Create SAP Analytics Cloud test user
Azure AD users must be provisioned in SAP Analytics Cloud before they can sign in to SAP Analytics Cloud. In
SAP Analytics Cloud, provisioning is a manual task.
To provision a user account:
1. Sign in to your SAP Analytics Cloud company site as an administrator.
2. Select Menu > Security > Users.
3. On the Users page, to add new user details, select +.
Then, complete the following steps:

a. In the USER ID box, enter the user ID of the user, like B.
b. In the FIRST NAME box, enter the first name of the user, like B.
c. In the LAST NAME box, enter the last name of the user, like Simon.
d. In the DISPLAY NAME box, enter the full name of the user, like B.Simon.
e. In the E -MAIL box, enter the email address of the user, like b.simon@contoso.com .
f. On the Select Roles page, select the appropriate role for the user, and then select OK.
g. Select the Save icon.

Test SSO
When you click the SAP Analytics Cloud tile in the Access Panel, you should be automatically signed in to the SAP
Analytics Cloud for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
integration with SAP Cloud for Customer
In this tutorial, you'll learn how to integrate SAP Cloud for Customer with Azure Active Directory (Azure AD ).
When you integrate SAP Cloud for Customer with Azure AD, you can:
Control in Azure AD who has access to SAP Cloud for Customer.
Enable your users to be automatically signed-in to SAP Cloud for Customer with their Azure AD accounts.
Prerequisites
SAP Cloud for Customer single sign-on (SSO ) enabled subscription.
SAP Cloud for Customer supports SP initiated SSO
Adding SAP Cloud for Customer from the gallery

To configure the integration of SAP Cloud for Customer into Azure AD, you need to add SAP Cloud for Customer
5. In the Add from the gallery section, type SAP Cloud for Customer in the search box.
6. Select SAP Cloud for Customer from results panel and then add the app. Wait a few seconds while the app is
Configure and test Azure AD single sign-on for SAP Cloud for
Customer
Configure and test Azure AD SSO with SAP Cloud for Customer using a test user called B.Simon. For SSO to
work, you need to establish a link relationship between an Azure AD user and the related user in SAP Cloud for
Customer.
To configure and test Azure AD SSO with SAP Cloud for Customer, complete the following building blocks:
2. Configure SAP Cloud for Customer SSO - to configure the single sign-on settings on application side.
a. Create SAP Cloud for Customer test user - to have a counterpart of B.Simon in SAP Cloud for
Customer that is linked to the Azure AD representation of user.

1. In the Azure portal, on the SAP Cloud for Customer application integration page, find the Manage
edit the settings.
https://<server name>.crm.ondemand.com
https://<server name>.crm.ondemand.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact SAP Cloud for
Customer Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
5. SAP Cloud for Customer application expects the SAML assertions in a specific format, which requires you
6. In the User Attributes section on the User Attributes & Claims dialog, perform the following steps:
b. Select Transformation as source.

c. From the Transformation list, select ExtractMailPrefix().
d. From the Parameter 1 list, select the user attribute you want to use for your implementation. For
e. Click Save.
computer.
8. On the Set up SAP Cloud for Customer section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to SAP Cloud for Customer.
2. In the applications list, select SAP Cloud for Customer.
Configure SAP Cloud for Customer SSO

1. Open a new web browser window and sign into your SAP Cloud for Customer company site as an
administrator.
2. From the left side of menu, click on Identity Providers > Corporate Identity Providers > Add and on
the pop-up add the Identity provider name like Azure AD, click Save then click on SAML 2.0
Configuration.
3. On the SAML 2.0 Configuration section, perform the following steps:

a. Click Browse to upload the Federation Metadata XML file, which you have downloaded from Azure
portal.
b. Once the XML file is successfully uploaded, the below values will get auto populated automatically then
click Save.
Create SAP Cloud for Customer test user
To enable Azure AD users to sign in to SAP Cloud for Customer, they must be provisioned into SAP Cloud for
Customer. In SAP Cloud for Customer, provisioning is a manual task.
1. Sign in to SAP Cloud for Customer as a Security Administrator.
2. From the left side of the menu, click on Users & Authorizations > User Management > Add User.
3. On the Add New User section, perform the following steps:
a. In the First Name text box, enter the name of user like B.
b. In the Last Name text box, enter the name of user like Simon.
c. In E -Mail text box, enter the email of user like B.Simon@contoso.com .
d. In the Login Name text box, enter the name of user like B.Simon.
e. Select User Type as per your requirement.
f. Select Account Activation option as per your requirement.
Test SSO
When you click the SAP Cloud for Customer tile in the Access Panel, you should be automatically signed in to the
SAP Cloud for Customer for which you set up SSO. For more information about the Access Panel, see Introduction
Try SAP Cloud for Customer with Azure AD
Cloud Platform
In this tutorial, you learn how to integrate SAP Cloud Platform with Azure Active Directory (Azure AD ). Integrating
SAP Cloud Platform with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to SAP Cloud Platform.
You can enable your users to be automatically signed-in to SAP Cloud Platform (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with SAP Cloud Platform, you need the following items:
SAP Cloud Platform single sign-on enabled subscription
After completing this tutorial, the Azure AD users you have assigned to SAP Cloud Platform will be able to single
sign into the application using the Introduction to the Access Panel.
IMPORTANT
You need to deploy your own application or subscribe to an application on your SAP Cloud Platform account to test single
sign on. In this tutorial, an application is deployed in the account.
SAP Cloud Platform supports SP initiated SSO
Adding SAP Cloud Platform from the gallery

To configure the integration of SAP Cloud Platform into Azure AD, you need to add SAP Cloud Platform from the
To add SAP Cloud Platform from the gallery, perform the following steps:
4. In the search box, type SAP Cloud Platform, select SAP Cloud Platform from result panel then click Add

In this section, you configure and test Azure AD single sign-on with SAP Cloud Platform based on a test user
in SAP Cloud Platform needs to be established.
To configure and test Azure AD single sign-on with SAP Cloud Platform, you need to complete the following
building blocks:
2. Configure SAP Cloud Platform Single Sign-On - to configure the Single Sign-On settings on application
side.
5. Create SAP Cloud Platform test user - to have a counterpart of Britta Simon in SAP Cloud Platform that is
To configure Azure AD single sign-on with SAP Cloud Platform, perform the following steps:
1. In the Azure portal, on the SAP Cloud Platform application integration page, select Single sign-on.
dialog.

a. In the Sign On URL textbox, type the URL used by your users to sign into your SAP Cloud Platform
application. This is the account-specific URL of a protected resource in your SAP Cloud Platform application.
The URL is based on the following pattern:
https://<applicationName><accountName>.<landscape host>.ondemand.com/<path_to_protected_resource>
NOTE
This is the URL in your SAP Cloud Platform application that requires the user to authenticate.
https://<subdomain>.hanatrial.ondemand.com/<instancename>
https://<subdomain>.hana.ondemand.com/<instancename>
b. In the Identifier textbox you will provide your SAP Cloud Platform's type a URL using one of the
following patterns:
https://hanatrial.ondemand.com/<instancename>
https://hana.ondemand.com/<instancename>
https://us1.hana.ondemand.com/<instancename>
https://ap1.hana.ondemand.com/<instancename>
https://<subdomain>.hanatrial.ondemand.com/<instancename>
https://<subdomain>.hana.ondemand.com/<instancename>
https://<subdomain>.us1.hana.ondemand.com/<instancename>
https://<subdomain>.dispatcher.us1.hana.ondemand.com/<instancename>
https://<subdomain>.ap1.hana.ondemand.com/<instancename>
https://<subdomain>.dispatcher.ap1.hana.ondemand.com/<instancename>
https://<subdomain>.dispatcher.hana.ondemand.com/<instancename>
NOTE
These values are not real. Update these values with the actual Sign-On URL, Identifier, and Reply URL. Contact SAP
Cloud Platform Client support team to get Sign-On URL and Identifier. Reply URL you can get from trust
management section which is explained later in the tutorial.
Configure SAP Cloud Platform Single Sign-On

1. In a different web browser window, sign on to the SAP Cloud Platform Cockpit at
https://account.<landscape host>.ondemand.com/cockpit (for example:
https://account.hanatrial.ondemand.com/cockpit).
2. Click the Trust tab.
3. In the Trust Management section, under Local Service Provider, perform the following steps:
a. Click Edit.
b. As Configuration Type, select Custom.
c. As Local Provider Name, leave the default value. Copy this value and paste it into the Identifier field in
the Azure AD configuration for SAP Cloud Platform.
d. To generate a Signing Key and a Signing Certificate key pair, click Generate Key Pair.
e. As Principal Propagation, select Disabled.
f. As Force Authentication, select Disabled.
g. Click Save.
4. After saving the Local Service Provider settings, perform the following to obtain the Reply URL:
a. Download the SAP Cloud Platform metadata file by clicking Get Metadata.
b. Open the downloaded SAP Cloud Platform metadata XML file, and then locate the
ns3:AssertionConsumerService tag.
c. Copy the value of the Location attribute, and then paste it into the Reply URL field in the Azure AD
configuration for SAP Cloud Platform.
5. Click the Trusted Identity Provider tab, and then click Add Trusted Identity Provider.
NOTE
To manage the list of trusted identity providers, you need to have chosen the Custom configuration type in the Local
Service Provider section. For Default configuration type, you have a non-editable and implicit trust to the SAP ID
Service. For None, you don't have any trust settings.
6. Click the General tab, and then click Browse to upload the downloaded metadata file.
NOTE
After uploading the metadata file, the values for Single Sign-on URL, Single Logout URL, and Signing Certificate
are populated automatically.
7. Click the Attributes tab.

8. On the Attributes tab, perform the following step:
a. Click Add Assertion-Based Attribute, and then add the following assertion-based attributes:
ASSERTION ATTRIBUTE PRINCIPAL ATTRIBUTE
firstname
lastname
email
NOTE
The configuration of the Attributes depends on how the application(s) on SCP are developed, that is, which
attribute(s) they expect in the SAML response and under which name (Principal Attribute) they access this attribute in
the code.
b. The Default Attribute in the screenshot is just for illustration purposes. It is not required to make the
scenario work.
c. The names and values for Principal Attribute shown in the screenshot depend on how the application is
developed. It is possible that your application requires different mappings.
Assertion-based groups
As an optional step, you can configure assertion-based groups for your Azure Active Directory Identity Provider.
Using groups on SAP Cloud Platform allows you to dynamically assign one or more users to one or more roles in
your SAP Cloud Platform applications, determined by values of attributes in the SAML 2.0 assertion.
For example, if the assertion contains the attribute "contract=temporary", you may want all affected users to be
added to the group "TEMPORARY". The group "TEMPORARY" may contain one or more roles from one or more
applications deployed in your SAP Cloud Platform account.
Use assertion-based groups when you want to simultaneously assign many users to one or more roles of
applications in your SAP Cloud Platform account. If you want to assign only a single or small number of users to
specific roles, we recommend assigning them directly in the “Authorizations” tab of the SAP Cloud Platform
cockpit.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to SAP Cloud Platform.
1. In the Azure portal, select Enterprise Applications, select All applications, then select SAP Cloud
Platform.
2. In the applications list, type and select SAP Cloud Platform.
Create SAP Cloud Platform test user
In order to enable Azure AD users to log in to SAP Cloud Platform, you must assign roles in the SAP Cloud
Platform to them.
To assign a role to a user, perform the following steps:
1. Log in to your SAP Cloud Platform cockpit.
2. Perform the following:
a. Click Authorization.
b. Click the Users tab.
c. In the User textbox, type the user’s email address.
d. Click Assign to assign the user to a role.
e. Click Save.
Test single sign-on
When you click the SAP Cloud Platform tile in the Access Panel, you should be automatically signed in to the SAP
Cloud Platform for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Cloud Platform Identity Authentication
In this tutorial, you learn how to integrate SAP Cloud Platform Identity Authentication with Azure Active Directory
(Azure AD ). Integrating SAP Cloud Platform Identity Authentication with Azure AD provides you with the
following benefits:
You can control in Azure AD who has access to SAP Cloud Platform Identity Authentication.
You can enable your users to be automatically signed-in to SAP Cloud Platform Identity Authentication (Single
you begin.
Prerequisites
To configure Azure AD integration with SAP Cloud Platform Identity Authentication, you need the following items:
SAP Cloud Platform Identity Authentication single sign-on enabled subscription
SAP Cloud Platform Identity Authentication supports SP and IDP initiated SSO
Before you dive into the technical details, it's vital to understand the concepts you're going to look at. The SAP
Cloud Platform Identity Authentication and Active Directory Federation Services enable you to implement SSO
across applications or services that are protected by Azure AD (as an IdP ) with SAP applications and services that
are protected by SAP Cloud Platform Identity Authentication.
Currently, SAP Cloud Platform Identity Authentication acts as a Proxy Identity Provider to SAP applications. Azure
Active Directory in turn acts as the leading Identity Provider in this setup.
The following diagram illustrates this relationship:
With this setup, your SAP Cloud Platform Identity Authentication tenant is configured as a trusted application in
All SAP applications and services that you want to protect this way are subsequently configured in the SAP Cloud
Platform Identity Authentication management console.
Therefore, the authorization for granting access to SAP applications and services needs to take place in SAP Cloud
Platform Identity Authentication (as opposed to Azure Active Directory).
By configuring SAP Cloud Platform Identity Authentication as an application through the Azure Active Directory
Marketplace, you don't need to configure individual claims or SAML assertions.
NOTE
Currently only Web SSO has been tested by both parties. The flows that are necessary for App-to-API or API-to-API
communication should work but have not been tested yet. They will be tested during subsequent activities.
Adding SAP Cloud Platform Identity Authentication from the gallery

To configure the integration of SAP Cloud Platform Identity Authentication into Azure AD, you need to add SAP
Cloud Platform Identity Authentication from the gallery to your list of managed SaaS apps.
To add SAP Cloud Platform Identity Authentication from the gallery, perform the following steps:
4. In the search box, type SAP Cloud Platform Identity Authentication, select SAP Cloud Platform
Identity Authentication from result panel then click Add button to add the application.

building blocks:
2. Configure SAP Cloud Platform Identity Authentication Single Sign-On - to configure the Single Sign-
5. Create SAP Cloud Platform Identity Authentication test user - to have a counterpart of Britta Simon in
SAP Cloud Platform Identity Authentication that is linked to the Azure AD representation of user.
1. In the Azure portal, on the SAP Cloud Platform Identity Authentication application integration page,
dialog.
4. On the Basic SAML Configuration section, if you wish to configure in IDP intiated mode perform the
following steps:
a. In the Identifier text box, type a URL using the following pattern: <IAS-tenant-id>.accounts.ondemand.com
https://<IAS-tenant-id>.accounts.ondemand.com/saml2/idp/acs/<IAS-tenant-id>.accounts.ondemand.com
NOTE
These values are not real. Update these values with the actual identifier and Reply URL. Contact the SAP Cloud
Platform Identity Authentication Client support team to get these values. If you don't understand Identifier value,
read the SAP Cloud Platform Identity Authentication documentation about Tenant SAML 2.0 configuration.
initiated mode:
In the Sign-on URL text box, type a URL using the following pattern: {YOUR BUSINESS APPLICATION URL}
NOTE
This value is not real. Update this value with the actual sign-on URL. Please use your specific business application
Sign-on URL. Contact the SAP Cloud Platform Identity Authentication Client support team if you have any doubt.
6. SAP Cloud Platform Identity Authentication application expects the SAML assertions in a specific format.
Configure the following claims for this application. You can manage the values of these attributes from the
User Attributes section on application integration page. On the Set up Single Sign-On with SAML page,
click Edit button to open User Attributes dialog.
7. If your SAP application expects an attribute such as firstName, add the firstName attribute in the User
Claims section on the User Attributes dialog, configure SAML token attribute as shown in the image
above and perform the following steps:
b. In the Name textbox, type the attribute name firstName.

e. From the Source attribute list, select the attribute value user.givenname.
f. Click Ok
g. Click Save.
your computer.
9. On the Set up SAP Cloud Platform Identity Authentication section, copy the appropriate URL (s) as per
your requirement.
a. Login URL
c. Logout URL
Configure SAP Cloud Platform Identity Authentication Single Sign-On
1. To get SSO configured for your application, go to the SAP Cloud Platform Identity Authentication
administration console. The URL has the following pattern:
https://<tenant-id>.accounts.ondemand.com/admin . Then read the documentation about SAP Cloud Platform
Identity Authentication at Integration with Microsoft Azure AD.
2. In the Azure portal, select the Save button.
3. Continue with the following only if you want to add and enable SSO for another SAP application. Repeat
the steps under the section Adding SAP Cloud Platform Identity Authentication from the gallery.
4. In the Azure portal, on the SAP Cloud Platform Identity Authentication application integration page,
select Linked Sign-on.
5. Save the configuration.

NOTE
The new application leverages the single sign-on configuration of the previous SAP application. Make sure you use the same
Corporate Identity Providers in the SAP Cloud Platform Identity Authentication administration console.


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to SAP Cloud Platform
Identity Authentication.
1. In the Azure portal, select Enterprise Applications, select All applications, then select SAP Cloud
Platform Identity Authentication.
2. In the applications list, select SAP Cloud Platform Identity Authentication.
Create SAP Cloud Platform Identity Authentication test user
You don't need to create a user in SAP Cloud Platform Identity Authentication. Users who are in the Azure AD user
store can use the SSO functionality.
SAP Cloud Platform Identity Authentication supports the Identity Federation option. This option allows the
application to check whether users who are authenticated by the corporate identity provider exist in the user store
of SAP Cloud Platform Identity Authentication.
The Identity Federation option is disabled by default. If Identity Federation is enabled, only the users that are
imported in SAP Cloud Platform Identity Authentication can access the application.
For more information about how to enable or disable Identity Federation with SAP Cloud Platform Identity
Authentication, see "Enable Identity Federation with SAP Cloud Platform Identity Authentication" in Configure
Identity Federation with the User Store of SAP Cloud Platform Identity Authentication.
Test single sign-on
When you click the SAP Cloud Platform Identity Authentication tile in the Access Panel, you should be
automatically signed in to the SAP Cloud Platform Identity Authentication for which you set up SSO. For more
integration with SAP Fiori
In this tutorial, you'll learn how to integrate SAP Fiori with Azure Active Directory (Azure AD ). When you integrate
SAP Fiori with Azure AD, you can:
Control in Azure AD who has access to SAP Fiori.
Enable your users to be automatically signed-in to SAP Fiori with their Azure AD accounts.
Prerequisites
SAP Fiori single sign-on (SSO ) enabled subscription.
SAP Fiori supports SP initiated SSO
NOTE
For SAP Fiori initiated iFrame Authentication, we recommend using the IsPassive parameter in the SAML AuthnRequest for
silent authentication. For more details of the IsPassive parameter refer to Azure AD SAML single sign-on information
Adding SAP Fiori from the gallery

To configure the integration of SAP Fiori into Azure AD, you need to add SAP Fiori from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type SAP Fiori in the search box.
6. Select SAP Fiori from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for SAP Fiori

Configure and test Azure AD SSO with SAP Fiori using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in SAP Fiori.
To configure and test Azure AD SSO with SAP Fiori, complete the following building blocks:
2. Configure SAP Fiori SSO - to configure the single sign-on settings on application side.
a. Create SAP Fiori test user - to have a counterpart of B.Simon in SAP Fiori that is linked to the Azure

1. Open a new web browser window and sign in to your SAP Fiori company site as an administrator.
2. Make sure that http and https services are active and that the relevant ports are assigned to transaction
code SMICM.
3. Sign in to SAP Business Client for SAP system T01, where single sign-on is required. Then, activate HTTP
Security Session Management.
a. Go to transaction code SICF_SESSIONS. All relevant profile parameters with current values are
shown. They look like the following example:
login/create_sso2_ticket = 2
login/accept_sso2_ticket = 1
login/ticketcache_entries_max = 1000
login/ticketcache_off = 0 login/ticket_only_by_https = 0
icf/set_HTTPonly_flag_on_cookies = 3
icf/user_recheck = 0 http/security_session_timeout = 1800
http/security_context_cache_size = 2500
rdisp/plugin_auto_logout = 1800
rdisp/autothtime = 60
NOTE
Adjust the parameters based on your organization requirements. The preceding parameters are given only as
an example.
b. If necessary, adjust parameters in the instance (default) profile of the SAP system and restart the SAP
system.
c. Double-click the relevant client to enable an HTTP security session.
d. Activate the following SICF services:
/sap/public/bc/sec/saml2
/sap/public/bc/sec/cdc_ext_service
/sap/bc/webdynpro/sap/saml2
/sap/bc/webdynpro/sap/sec_diag_tool (This is only to enable / disable trace)
4. Go to transaction code SAML2 in Business Client for SAP system [T01/122]. The configuration UI opens in
a new browser window. In this example, we use Business Client for SAP system 122.
5. Enter your username and password, and then select Log on.
6. In the Provider Name box, replace T01122 with http://T01122, and then select Save.
NOTE
By default, the provider name is in the format <sid><client>. Azure AD expects the name in the format
<protocol>://<name>. We recommend that you maintain the provider name as https://<sid><client> so you can
configure multiple SAP Fiori ABAP engines in Azure AD.
7. Select Local Provider tab > Metadata.
8. In the SAML 2.0 Metadata dialog box, download the generated metadata XML file and save it on your
computer.
9. In the Azure portal, on the SAP Fiori application integration page, find the Manage section and select
single sign-on.
edit the settings.
following steps:
c. When the metadata file is successfully uploaded, the Identifier and Reply URL values are automatically
populated in the Basic SAML Configuration pane. In the Sign on URL box, enter a URL that has the
following pattern: https:\//\<your company instance of SAP Fiori\> .
NOTE
A few customers report errors related to incorrectly configured Reply URL values. If you see this error, you can use
the following PowerShell script to set the correct Reply URL for your instance:
Set-AzureADServicePrincipal -ObjectId $ServicePrincipalObjectId -ReplyUrls "<Your Correct Reply

URL(s)>"
You can set the ServicePrincipal object ID yourself before running the script, or you can pass it here.
13. The SAP Fiori application expects the SAML assertions to be in a specific format. Configure the following
claims for this application. To manage these attribute values, in the Set up Single Sign-On with SAML
pane, select Edit.
14. In the User Attributes & Claims pane, configure the SAML token attributes as shown in the preceding
image. Then, complete the following steps:
a. Select Edit to open the Manage user claims pane.
b. In the Transformation list, select ExtractMailPrefix().
c. In the Parameter 1 list, select user.userprinicipalname.
d. Select Save.
computer.
16. On the Set up SAP Fiori section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to SAP Fiori.
2. In the applications list, select SAP Fiori.
Configure SAP Fiori SSO

1. Sign in to the SAP system and go to transaction code SAML2. A new browser window opens with the
SAML configuration page.
2. To configure endpoints for a trusted identity provider (Azure AD ), select the Trusted Providers tab.
3. Select Add, and then select Upload Metadata File from the context menu.
4. Upload the metadata file that you downloaded in the Azure portal. Select Next.
5. On the next page, in the Alias box, enter the alias name. For example, aadsts. Select Next.
6. Make sure that the value in the Digest Algorithm box is SHA -256. Select Next.
7. Under Single Sign-On Endpoints, select HTTP POST, and then select Next.
8. Under Single Logout Endpoints, select HTTP Redirect, and then select Next.
9. Under Artifact Endpoints, select Next to continue.
10. Under Authentication Requirements, select Finish.

11. Select Trusted Provider > Identity Federation (at the bottom of the page). Select Edit.
12. Select Add.
13. In the Supported NameID Formats dialog box, select Unspecified. Select OK.
The values for User ID Source and User ID Mapping Mode determine the link between the SAP user and
the Azure AD claim.
Scenario 1: SAP user to Azure AD user mapping
a. In SAP, under Details of NameID Format "Unspecified", note the details:
b. In the Azure portal, under User Attributes & Claims, note the required claims from Azure AD.
Scenario 2: Select the SAP user ID based on the configured email address in SU01. In this case, the email
ID should be configured in SU01 for each user who requires SSO.
a. In SAP, under Details of NameID Format "Unspecified", note the details:
b. In the Azure portal, under User Attributes & Claims, note the required claims from Azure AD.
14. Select Save, and then select Enable to enable the identity provider.
15. Select OK when prompted.
Create SAP Fiori test user

In this section, you create a user named Britta Simon in SAP Fiori. Work with your in-house SAP team of experts
or your organization SAP partner to add the user in the SAP Fiori platform.
Test SSO
1. After the identity provider Azure AD is activated in SAP Fiori, try to access one of the following URLs to test
single sign-on (you shouldn't be prompted for a username and password):
https://<sapurl>/sap/bc/bsp/sap/it00/default.htm
NOTE
Replace sapurl with the actual SAP host name.
2. The test URL should take you to the following test application page in SAP. If the page opens, Azure AD
single sign-on is successfully set up.
3. If you are prompted for a username and password, enable trace to help diagnose the issue. Use the
following URL for the trace: https://<sapurl>/sap/bc/webdynpro/sap/sec_diag_tool?sap-client=122&sap-
language=EN#.
Try SAP Fiori with Azure AD
HANA
In this tutorial, you learn how to integrate SAP HANA with Azure Active Directory (Azure AD ). Integrating SAP
HANA with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to SAP HANA.
You can enable your users to be automatically signed-in to SAP HANA (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with SAP HANA, you need the following items:
A SAP HANA subscription that's single sign-on (SSO ) enabled
A HANA instance that's running on any public IaaS, on-premises, Azure VM, or SAP large instances in Azure
The XSA Administration web interface, as well as HANA Studio installed on the HANA instance
NOTE
We do not recommend using a production environment of SAP HANA to test the steps in this tutorial. Test the integration
first in the development or staging environment of the application, and then use the production environment.
To test the steps in this tutorial, follow these recommendations:

SAP HANA single sign-on enabled subscription
SAP HANA supports IDP initiated SSO
SAP HANA supports just-in-time user provisioning
Adding SAP HANA from the gallery

To configure the integration of SAP HANA into Azure AD, you need to add SAP HANA from the gallery to your
To add SAP HANA from the gallery, perform the following steps:
4. In the search box, type SAP HANA, select SAP HANA from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with SAP HANA based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in SAP
HANA needs to be established.
To configure and test Azure AD single sign-on with SAP HANA, you need to complete the following building
blocks:
2. Configure SAP HANA Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create SAP HANA test user - to have a counterpart of Britta Simon in SAP HANA that is linked to the Azure
To configure Azure AD single sign-on with SAP HANA, perform the following steps:
1. In the Azure portal, on the SAP HANA application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type the following: HA100
https://<Customer-SAP-instance-url>/sap/hana/xs/saml/login.xscfunc
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact SAP HANA Client
5. SAP HANA application expects the SAML assertions in a specific format. Configure the following claims for
6. In the User attributes section on the User Attributes & Claims dialog, perform the following steps:
c. From the Parameter 1 list, select user.mail.
d. Click Save.
Configure SAP HANA Single Sign-On

1. To configure single sign-on on the SAP HANA side, sign in to your HANA XSA Web Console by going to
the respective HTTPS endpoint.
NOTE
In the default configuration, the URL redirects the request to a sign-in screen, which requires the credentials of an
authenticated SAP HANA database user. The user who signs in must have permissions to perform SAML
administration tasks.
2. In the XSA Web Interface, go to SAML Identity Provider. From there, select the + button on the bottom of
the screen to display the Add Identity Provider Info pane. Then take the following steps:
a. In the Add Identity Provider Info pane, paste the contents of the Metadata XML (which you
downloaded from the Azure portal) into the Metadata box.
b. If the contents of the XML document are valid, the parsing process extracts the information that's
required for the Subject, Entity ID, and Issuer fields in the General data screen area. It also extracts the
information that's necessary for the URL fields in the Destination screen area, for example, the Base URL
and SingleSignOn URL (*) fields.
c. In the Name box of the General Data screen area, enter a name for the new SAML SSO identity
provider.
NOTE
The name of the SAML IDP is mandatory and must be unique. It appears in the list of available SAML IDPs that is
displayed when you select SAML as the authentication method for SAP HANA XS applications to use. For example,
you can do this in the Authentication screen area of the XS Artifact Administration tool.
3. Select Save to save the details of the SAML identity provider and to add the new SAML IDP to the list of
known SAML IDPs.
4. In HANA Studio, within the system properties of the Configuration tab, filter the settings by saml. Then
adjust the assertion_timeout from 10 sec to 120 sec.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to SAP HANA.
1. In the Azure portal, select Enterprise Applications, select All applications, then select SAP HANA.
2. In the applications list, type and select SAP HANA.

Create SAP HANA test user
To enable Azure AD users to sign in to SAP HANA, you must provision them in SAP HANA. SAP HANA supports
just-in-time provisioning, which is by enabled by default.
If you need to create a user manually, take the following steps:
NOTE
You can change the external authentication that the user uses. They can authenticate with an external system such as
Kerberos. For detailed information about external identities, contact your domain administrator.
1. Open the SAP HANA Studio as an administrator, and then enable the DB -User for SAML SSO.
2. Select the invisible check box to the left of SAML, and then select the Configure link.
3. Select Add to add the SAML IDP. Select the appropriate SAML IDP, and then select OK.
4. Add the External Identity (in this case, BrittaSimon) or choose Any. Then select OK.
NOTE
If the Any check box is not selected, then the user name in HANA needs to exactly match the name of the user in the
UPN before the domain suffix. (For example, BrittaSimon@contoso.com becomes BrittaSimon in HANA.)
5. For testing purposes, assign all XS roles to the user.

TIP
You should give permissions that are appropriate for your use cases only.
6. Save the user.

Test single sign-on
When you click the SAP HANA tile in the Access Panel, you should be automatically signed in to the SAP HANA
integration with SAP NetWeaver
In this tutorial, you'll learn how to integrate SAP NetWeaver with Azure Active Directory (Azure AD ). When you
integrate SAP NetWeaver with Azure AD, you can:
Control in Azure AD who has access to SAP NetWeaver.
Enable your users to be automatically signed-in to SAP NetWeaver with their Azure AD accounts.
Prerequisites
SAP NetWeaver single sign-on (SSO ) enabled subscription.
SAP NetWeaver V7.20 required atleast
SAP NetWeaver supports both SAML (SP initiated SSO ) and OAuth. In this tutorial, you configure and test
Azure AD SSO in a test environment.
NOTE
Configure the application either in SAML or in OAuth as per your organizational requirement.
Adding SAP NetWeaver from the gallery

To configure the integration of SAP NetWeaver into Azure AD, you need to add SAP NetWeaver from the gallery
5. In the Add from the gallery section, type SAP NetWeaver in the search box.
6. Select SAP NetWeaver from results panel and then add the app. Wait a few seconds while the app is added to
your tenant.
Configure and test Azure AD single sign-on for SAP NetWeaver

Configure and test Azure AD SSO with SAP NetWeaver using a test user called B.Simon. For SSO to work, you
need to establish a link relationship between an Azure AD user and the related user in SAP NetWeaver.
To configure and test Azure AD SSO with SAP NetWeaver, complete the following building blocks:
2. Configure SAP NetWeaver using SAML to configure the SSO settings on application side.
a. Create SAP NetWeaver test user to have a counterpart of B.Simon in SAP NetWeaver that is linked to
4. Configure SAP NetWeaver for OAuth to configure the OAuth settings on application side.

To configure Azure AD single sign-on with SAP NetWeaver, perform the following steps:
1. Open a new web browser window and sign into your SAP NetWeaver company site as an administrator
2. Make sure that http and https services are active and appropriate ports are assigned in SMICM T-Code.
3. Sign on to business client of SAP System (T01), where SSO is required and activate HTTP Security session
Management.
a. Go to Transaction code SICF_SESSIONS. It displays all relevant profile parameters with current values.
They look like below:-
login/create_sso2_ticket = 2
login/accept_sso2_ticket = 1
login/ticketcache_entries_max = 1000
login/ticketcache_off = 0 login/ticket_only_by_https = 0
icf/set_HTTPonly_flag_on_cookies = 3
icf/user_recheck = 0 http/security_session_timeout = 1800
http/security_context_cache_size = 2500
rdisp/plugin_auto_logout = 1800
rdisp/autothtime = 60
NOTE
Adjust above parameters as per your organization requirements, Above parameters are given here as indication only.
b. If necessary adjust parameters, in the instance/default profile of SAP system and restart SAP system.
c. Double-click on relevant client to enable HTTP security session.
d. Activate below SICF services:
/sap/public/bc/sec/saml2
/sap/public/bc/sec/cdc_ext_service
/sap/bc/webdynpro/sap/saml2
/sap/bc/webdynpro/sap/sec_diag_tool (This is only to enable / disable trace)
4. Go to Transaction code SAML2 in business client of SAP system [T01/122]. It will open a user interface in a
browser. In this example, we assumed 122 as SAP business client.
5. Provide your username and password to enter in user interface and click Edit.
6. Replace Provider Name from T01122 to http://T01122 and click on Save.
NOTE
By default provider name come as <sid><client> format but Azure AD expects name in the format of
<protocol>://<name> , recommending to maintain provider name as https://<sid><client> to allow multiple
SAP NetWeaver ABAP engines to configure in Azure AD.
7. Generating Service Provider Metadata:- Once we are done with configuring the Local Provider and
Trusted Providers settings on SAML 2.0 User Interface, the next step would be to generate the service
provider’s metadata file (which would contain all the settings, authentication contexts and other
configurations in SAP ). Once this file is generated we need to upload this in Azure AD.
a. Go to Local Provider tab.

b. Click on Metadata.
c. Save the generated Metadata XML file on your computer and upload it in Basic SAML Configuration
section to autopopulate the Identifier and Reply URL values in Azure portal.
1. In the Azure portal, on the SAP NetWeaver application integration page, find the Manage section and
a. Click Upload metadata file to upload the Service Provider metadata file, which you have obtained
earlier.
in Basic SAML Configuration section textbox as shown below:
https://<your company instance of SAP NetWeaver>
NOTE
We have seen few customers reporting an error of incorrect Reply URL configured for their instance. If you receive
any such error, you can use following PowerShell script as a work around to set the correct Reply URL for your
instance.:
Set-AzureADServicePrincipal -ObjectId $ServicePrincipalObjectId -ReplyUrls "<Your Correct Reply

URL(s)>"
ServicePrincipal Object ID is to be set by yourself first or you can pass that also here.
5. SAP NetWeaver application expects the SAML assertions in a specific format, which requires you to add

c. From the Parameter 1 list, select user.userprinicipalname.
d. Click Save.
computer.
8. On the Set up SAP NetWeaver section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to SAP NetWeaver.
2. In the applications list, select SAP NetWeaver.
Configure SAP NetWeaver using SAML

1. Sign in to SAP system and go to transaction code SAML2. It opens new browser window with SAML
configuration screen.
2. For configuring End points for trusted Identity provider (Azure AD ) go to Trusted Providers tab.
3. Press Add and select Upload Metadata File from the context menu.
4. Upload metadata file, which you have downloaded from the Azure portal.
5. In the next screen type the Alias name. For example, aadsts and press Next to continue.
6. Make sure that your Digest Algorithm should be SHA -256 and don’t require any changes and press
Next.
7. On Single Sign-On Endpoints, use HTTP POST and click Next to continue.
8. On Single Logout Endpoints select HTTPRedirect and click Next to continue.
9. On Artifact Endpoints, press Next to continue.
10. On Authentication Requirements, click Finish.

11. Go to tab Trusted Provider > Identity Federation (from bottom of the screen). Click Edit.
12. Click Add under the Identity Federation tab (bottom window ).
13. From the pop-up window, select Unspecified from the Supported NameID formats and click OK.
14. Note that user ID Source and user ID mapping mode values determine the link between SAP user and
Azure AD claim.
Scenario: SAP User to Azure AD user mapping.
a. NameID details screenshot from SAP.
b. Screenshot mentioning Required claims from Azure AD.
Scenario: Select SAP user ID based on configured email address in SU01. In this case email ID should be configured in su01 for
each user who requires SSO.
a. NameID details screenshot from SAP.
b. screenshot mentioning Required claims from Azure AD.
15. Click Save and then click Enable to enable identity provider.
16. Click OK once prompted.
Create SAP NetWeaver test user

In this section, you create a user called B.simon in SAP NetWeaver. Please work your in house SAP expert
team or work with your organization SAP partner to add the users in the SAP NetWeaver platform.
Test SSO
1. Once the identity provider Azure AD was activated, try accessing below URL to check SSO (there will no
prompt for username & password)
(or) use the URL below

NOTE
Replace sapurl with actual SAP hostname.
2. The above URL should take you to below mentioned screen. If you are able to reach up to the below page,
Azure AD SSO setup is successfully done.
3. If username & password prompt occurs, please diagnose the issue by enable the trace using below URL
https://<sapurl>/sap/bc/webdynpro/sap/sec_diag_tool?sap-client=122&sap-language=EN#
Configure SAP NetWeaver for OAuth

1. SAP Documented process is available at the location: NetWeaver Gateway Service Enabling and OAuth 2.0
Scope Creation
2. Go to SPRO and find Activate and Maintain services.
3. In this example we want to connect the OData service: DAAG_MNGGRP with OAuth to Azure AD SSO. Use the
technical service name search for the service DAAG_MNGGRP and activate if not yet active, already (look for
green status under ICF nodes tab). Ensure if system alias (the connected backend system, where the service
actually running) is correct.
Then click pushbutton OAuth on the top button bar and assign scope (keep default name as offered).
4. For our example the scope is DAAG_MNGGRP_001 , it is generated from the service name by automatically
adding a number. Report /IWFND/R_OAUTH_SCOPES can be used to change name of scope or create manually.
NOTE
Message soft state status is not supported – can be ignored, as no problem. For more details, refer here
Create a service user for the OAuth 2.0 Client

1. OAuth2 uses a service ID to get the access token for the end-user on its behalf. Important restriction by
OAuth design: the OAuth 2.0 Client ID must be identical with the username the OAuth 2.0 client uses for
login when requesting an Access Token. Therefore, for our example, we are going to register an OAuth 2.0
client with name CLIENT1, and as a prerequisite a user with the same name (CLIENT1) must exist in the
SAP system and that user we will configure to be used by the referred application.
2. When registering an OAuth Client we use the SAML Bearer Grant type .
NOTE
For more details, refer OAuth 2.0 Client Registration for the SAML Bearer Grant Type here
3. tcod: SU01 / create user CLIENT1 as System type and assign password, save it as need to provide the
credential to the API programmer, who should burn it with the username to the calling code. No profile or
role should be assigned.
Register the new OAuth 2.0 Client ID with the creation wizard
1. To register a new OAuth 2.0 client start transaction SOAUTH2. The transaction will display an overview
about the OAuth 2.0 clients that were already registered. Choose Create to start the wizard for the new
OAuth client named as CLIENT1in this example.
2. Go to T-Code: SOAUTH2 and Provide the description then click next.
3. Select the already added SAML2 IdP – Azure AD from the dropdown list and save.
4. Click on Add under scope assignment to add the previously created scope: DAAG_MNGGRP_001
5. Click finish.
Try SAP NetWeaver with Azure AD
Sauce Labs - Mobile and Web Testing
In this tutorial, you learn how to integrate Sauce Labs - Mobile and Web Testing with Azure Active Directory (Azure
AD ). Integrating Sauce Labs - Mobile and Web Testing with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Sauce Labs - Mobile and Web Testing.
You can enable your users to be automatically signed-in to Sauce Labs - Mobile and Web Testing (Single Sign-
you begin.
Prerequisites
To configure Azure AD integration with Sauce Labs - Mobile and Web Testing, you need the following items:
Sauce Labs - Mobile and Web Testing single sign-on enabled subscription
Sauce Labs - Mobile and Web Testing supports IDP initiated SSO
Sauce Labs - Mobile and Web Testing supports Just In Time user provisioning
Adding Sauce Labs - Mobile and Web Testing from the gallery
To configure the integration of Sauce Labs - Mobile and Web Testing into Azure AD, you need to add Sauce Labs -
Mobile and Web Testing from the gallery to your list of managed SaaS apps.
To add Sauce Labs - Mobile and Web Testing from the gallery, perform the following steps:
4. In the search box, type Sauce Labs - Mobile and Web Testing, select Sauce Labs - Mobile and Web
Testing from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Sauce Labs - Mobile and Web Testing based
the related user in Sauce Labs - Mobile and Web Testing needs to be established.
To configure and test Azure AD single sign-on with Sauce Labs - Mobile and Web Testing, you need to complete
2. Configure Sauce Labs - Mobile and Web Testing Single Sign-On - to configure the Single Sign-On
5. Create Sauce Labs - Mobile and Web Testing test user - to have a counterpart of Britta Simon in Sauce
Labs - Mobile and Web Testing that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with Sauce Labs - Mobile and Web Testing, perform the following steps:
1. In the Azure portal, on the Sauce Labs - Mobile and Web Testing application integration page, select
Single sign-on.
dialog.
6. On the Set up Sauce Labs - Mobile and Web Testing section, copy the appropriate URL (s) as per your
requirement.
a. Login URL
c. Logout URL
Configure Sauce Labs - Mobile and Web Testing Single Sign-On
1. In a different web browser window, sign in to your Sauce Labs - Mobile and Web Testing company site as an
administrator.
2. Click on the User icon and select Team Management tab.
3. Enter your Domain name in the textbox.

4. Click Configure tab.
5. In the Configure Single Sign On section, perform the following steps.
a. Click Browse and upload the downloaded metadata file from the Azure AD.
b. Select the ALLOW JUST-IN -TIME PROVISIONING checkbox.
c. Click Save.


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Sauce Labs - Mobile and
Web Testing.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Sauce Labs -
Mobile and Web Testing.
2. In the applications list, select Sauce Labs - Mobile and Web Testing.
Create Sauce Labs - Mobile and Web Testing test user
In this section, a user called Britta Simon is created in Sauce Labs - Mobile and Web Testing. Sauce Labs - Mobile
and Web Testing supports just-in-time user provisioning, which is enabled by default. There is no action item for
you in this section. If a user doesn't already exist in Sauce Labs - Mobile and Web Testing, a new one is created
after authentication.
NOTE
If you need to create a user manually, contact Sauce Labs - Mobile and Web Testing support team.
Test single sign-on

When you click the Sauce Labs - Mobile and Web Testing tile in the Access Panel, you should be automatically
signed in to the Sauce Labs - Mobile and Web Testing for which you set up SSO. For more information about the
integration with ScaleX Enterprise
In this tutorial, you'll learn how to integrate ScaleX Enterprise with Azure Active Directory (Azure AD ). When you
integrate ScaleX Enterprise with Azure AD, you can:
Control in Azure AD who has access to ScaleX Enterprise.
Enable your users to be automatically signed-in to ScaleX Enterprise with their Azure AD accounts.
Prerequisites
ScaleX Enterprise single sign-on (SSO ) enabled subscription.
ScaleX Enterprise supports SP and IDP initiated SSO
Adding ScaleX Enterprise from the gallery

To configure the integration of ScaleX Enterprise into Azure AD, you need to add ScaleX Enterprise from the
5. In the Add from the gallery section, type ScaleX Enterprise in the search box.
6. Select ScaleX Enterprise from results panel and then add the app. Wait a few seconds while the app is added
to your tenant.
Configure and test Azure AD single sign-on for ScaleX Enterprise

Configure and test Azure AD SSO with ScaleX Enterprise using a test user called B.Simon. For SSO to work, you
need to establish a link relationship between an Azure AD user and the related user in ScaleX Enterprise.
To configure and test Azure AD SSO with ScaleX Enterprise, complete the following building blocks:
2. Configure ScaleX Enterprise SSO - to configure the single sign-on settings on application side.
Create ScaleX Enterprise test user - to have a counterpart of B.Simon in ScaleX Enterprise that is

1. In the Azure portal, on the ScaleX Enterprise application integration page, find the Manage section and
edit the settings.
https://platform.rescale.com/saml2/<company id>/
https://platform.rescale.com/saml2/<company id>/acs/
initiated mode:
https://platform.rescale.com/saml2/<company id>/sso/
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact ScaleX
Enterprise Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
6. Your ScaleX Enterprise application expects the SAML assertions in a specific format, which requires you to
shows the list of default attributes, where as emailaddress is mapped with user.mail. ScaleX Enterprise
application expects emailaddress to be mapped with user.userprincipalname, so you need to edit the
8. On the Set up ScaleX Enterprise section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to ScaleX Enterprise.
2. In the applications list, select ScaleX Enterprise.
Configure ScaleX Enterprise SSO

1. To automate the configuration within ScaleX Enterprise, you need to install My Apps Secure Sign-in
2. After adding extension to the browser, click on Set up ScaleX Enterprise will direct you to the ScaleX
Enterprise application. From there, provide the admin credentials to sign into ScaleX Enterprise. The
browser extension will automatically configure the application for you and automate steps 3-6.
3. If you want to setup ScaleX Enterprise manually, open a new web browser window and sign into your
ScaleX Enterprise company site as an administrator and perform the following steps:
4. Click the menu in the upper right and select Contoso Administration.
NOTE
Contoso is just an example. This should be your actual Company Name.
5. Select Integrations from the top menu and select single sign-on.
6. Complete the form as follows:

a. Select Create any user who can authenticate with SSO
b. Service Provider saml: Paste the value urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
c. Name of Identity Provider email field in ACS response: Paste the value
d. Identity Provider EntityDescriptor Entity ID: Paste the Azure AD Identifier value copied from the
Azure portal.
e. Identity Provider SingleSignOnService URL: Paste the Login URL from the Azure portal.
f. Identity Provider public X509 certificate: Open the X509 certificate downloaded from the Azure in
notepad and paste the contents in this box. Ensure there are no line breaks in the middle of the certificate
contents.
g. Check the following checkboxes: Enabled, Encrypt NameID and Sign AuthnRequests.
h. Click Update SSO Settings to save the settings.
Create ScaleX Enterprise test user
To enable Azure AD users to sign in to ScaleX Enterprise, they must be provisioned in to ScaleX Enterprise. In the
case of ScaleX Enterprise, provisioning is an automatic task and no manual steps are required. Any user who can
successfully authenticate with SSO credentials will be automatically provisioned on the ScaleX side.
Test SSO
When you click the ScaleX Enterprise tile in the Access Panel, you should be automatically signed in to the ScaleX
Panel.
Try ScaleX Enterprise with Azure AD
Tutorial: Azure Active Directory integration with SCC
LifeCycle
In this tutorial, you learn how to integrate SCC LifeCycle with Azure Active Directory (Azure AD ). Integrating SCC
LifeCycle with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to SCC LifeCycle.
You can enable your users to be automatically signed-in to SCC LifeCycle (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with SCC LifeCycle, you need the following items:
SCC LifeCycle single sign-on enabled subscription
SCC LifeCycle supports SP initiated SSO
Adding SCC LifeCycle from the gallery

To configure the integration of SCC LifeCycle into Azure AD, you need to add SCC LifeCycle from the gallery to
To add SCC LifeCycle from the gallery, perform the following steps:
4. In the search box, type SCC LifeCycle, select SCC LifeCycle from result panel then click Add button to add
the application.

In this section, you configure and test Azure AD single sign-on with SCC LifeCycle based on a test user called
SCC LifeCycle needs to be established.
To configure and test Azure AD single sign-on with SCC LifeCycle, you need to complete the following building
blocks:
2. Configure SCC LifeCycle Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create SCC LifeCycle test user - to have a counterpart of Britta Simon in SCC LifeCycle that is linked to the
To configure Azure AD single sign-on with SCC LifeCycle, perform the following steps:
1. In the Azure portal, on the SCC LifeCycle application integration page, select Single sign-on.
dialog.

https://<sub-domain>.scc.com/ic7/welcome/customer/PICTtest.aspx
https://bs1.scc.com/<entity>
https://lifecycle.scc.com/<entity>
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact SCC LifeCycle Client
6. On the Set up SCC LifeCycle section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure SCC LifeCycle Single Sign-On
To configure single sign-on on SCC LifeCycle side, you need to send the downloaded Metadata XML and
appropriate copied URLs from Azure portal to SCC LifeCycle support team. They set this setting to have the SAML
NOTE
Single sign-on has to be enabled by the SCC LifeCycle support team.


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to SCC LifeCycle.
1. In the Azure portal, select Enterprise Applications, select All applications, then select SCC LifeCycle.
2. In the applications list, select SCC LifeCycle.

Create SCC LifeCycle test user
In order to enable Azure AD users to log into SCC LifeCycle, they must be provisioned into SCC LifeCycle. There is
no action item for you to configure user provisioning to SCC LifeCycle.
When an assigned user tries to log into SCC LifeCycle, an SCC LifeCycle account is automatically created if
necessary.
NOTE
active.
Test single sign-on

When you click the SCC LifeCycle tile in the Access Panel, you should be automatically signed in to the SCC
LifeCycle for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
integration with Screencast-O-Matic
In this tutorial, you'll learn how to integrate Screencast-O -Matic with Azure Active Directory (Azure AD ). When you
integrate Screencast-O -Matic with Azure AD, you can:
Control in Azure AD who has access to Screencast-O -Matic.
Enable your users to be automatically signed-in to Screencast-O -Matic with their Azure AD accounts.
Prerequisites
Screencast-O -Matic single sign-on (SSO ) enabled subscription.
Screencast-O -Matic supports SP initiated SSO
Screencast-O -Matic supports Just In Time user provisioning
Adding Screencast-O-Matic from the gallery

To configure the integration of Screencast-O -Matic into Azure AD, you need to add Screencast-O -Matic from the
5. In the Add from the gallery section, type Screencast-O -Matic in the search box.
6. Select Screencast-O -Matic from results panel and then add the app. Wait a few seconds while the app is
Configure and test Azure AD single sign-on for Screencast-O-Matic

Configure and test Azure AD SSO with Screencast-O -Matic using a test user called B.Simon. For SSO to work,
you need to establish a link relationship between an Azure AD user and the related user in Screencast-O -Matic.
To configure and test Azure AD SSO with Screencast-O -Matic, complete the following building blocks:
2. Configure Screencast-O -Matic SSO - to configure the single sign-on settings on application side.
Create Screencast-O -Matic test user - to have a counterpart of B.Simon in Screencast-O -Matic that is

1. In the Azure portal, on the Screencast-O -Matic application integration page, find the Manage section and
edit the settings.
https://screencast-o-matic.com/<InstanceName>
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact Screencast-O-Matic Client support team
portal.
computer.
6. On the Set up Screencast-O -Matic section, copy the appropriate URL (s) based on your requirement.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Screencast-O -Matic.
2. In the applications list, select Screencast-O -Matic.
Configure Screencast-O-Matic SSO

1. To automate the configuration within Screencast-O -Matic, you need to install My Apps Secure Sign-in
2. After adding extension to the browser, click on Set up Screencast-O -Matic will direct you to the
Screencast-O -Matic application. From there, provide the admin credentials to sign into Screencast-O -Matic.
The browser extension will automatically configure the application for you and automate steps 3-11.
3. If you want to setup Screencast-O -Matic manually, open a new web browser window and sign into your
Screencast-O -Matic company site as an administrator and perform the following steps:
4. Click on Subscription.
5. Under Access page section, Click Setup.
6. On the Setup Access Page, perform the following steps.

7. Under Access URL section, type your instancename in the specified textbox.
8. Select Require Domain User under SAML User Restriction (optional) section.
9. Under Upload IDP Metadata XML File, Click Choose File to upload the metadata which you have
downloaded from Azure portal.
10. Click OK.
Create Screencast-O -Matic test user

In this section, a user called Britta Simon is created in Screencast-O -Matic. Screencast-O -Matic supports just-in-
already exist in Screencast-O -Matic, a new one is created after authentication. If you need to create a user
manually, contact Screencast-O -Matic Client support team.
Test SSO
When you click the Screencast-O -Matic tile in the Access Panel, you should be automatically signed in to the
Screencast-O -Matic for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
Try Screencast-O -Matic with Azure AD
Schoox
In this tutorial, you learn how to integrate Schoox with Azure Active Directory (Azure AD ). Integrating Schoox with
You can control in Azure AD who has access to Schoox.
You can enable your users to be automatically signed-in to Schoox (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Schoox, you need the following items:
Schoox single sign-on enabled subscription
Schoox supports SP and IDP initiated SSO
Adding Schoox from the gallery

To configure the integration of Schoox into Azure AD, you need to add Schoox from the gallery to your list of
managed SaaS apps.
To add Schoox from the gallery, perform the following steps:
4. In the search box, type Schoox, select Schoox from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Schoox based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Schoox
To configure and test Azure AD single sign-on with Schoox, you need to complete the following building blocks:
2. Configure Schoox Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Schoox test user - to have a counterpart of Britta Simon in Schoox that is linked to the Azure AD
To configure Azure AD single sign-on with Schoox, perform the following steps:
1. In the Azure portal, on the Schoox application integration page, select Single sign-on.
dialog.
In the Identifier text box, type a URL: https://saml.schoox.com/saml/adfsmetadata
initiated mode:
https://saml.schoox.com/saml/login?idpUrl=<entityID>
NOTE
<entityID> is the SAML Entity ID copied from the Quick Reference section, described later in tutorial.
7. On the Set up Schoox section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Schoox Single Sign-On
To configure single sign-on on Schoox side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to Schoox support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Schoox.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Schoox.
2. In the applications list, select Schoox.

5. In the Users and groups dialo,g select Britta Simon in the Users list, then click the Select button at the
Create Schoox test user
In this section, you create a user called Britta Simon in Schoox. Work with Schoox support team to add the users in
the Schoox platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Schoox tile in the Access Panel, you should be automatically signed in to the Schoox for which
Sciforma
In this tutorial, you learn how to integrate Sciforma with Azure Active Directory (Azure AD ). Integrating Sciforma
You can control in Azure AD who has access to Sciforma.
You can enable your users to be automatically signed-in to Sciforma (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Sciforma, you need the following items:
Sciforma single sign-on enabled subscription
Sciforma supports SP initiated SSO
Sciforma supports Just In Time user provisioning
Adding Sciforma from the gallery

To configure the integration of Sciforma into Azure AD, you need to add Sciforma from the gallery to your list of
managed SaaS apps.
To add Sciforma from the gallery, perform the following steps:
4. In the search box, type Sciforma, select Sciforma from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Sciforma based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Sciforma
To configure and test Azure AD single sign-on with Sciforma, you need to complete the following building blocks:
2. Configure Sciforma Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Sciforma test user - to have a counterpart of Britta Simon in Sciforma that is linked to the Azure AD
To configure Azure AD single sign-on with Sciforma, perform the following steps:
1. In the Azure portal, on the Sciforma application integration page, select Single sign-on.
dialog.

https://<subdomain>.sciforma.net/sciforma/main.html
https://<subdomain>.sciforma.net/sciforma/saml
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Sciforma Client
6. On the Set up Sciforma section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Sciforma Single Sign-On
To configure single sign-on on Sciforma side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to Sciforma support team. They set this setting to have the SAML

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Sciforma.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Sciforma.
2. In the applications list, select Sciforma.
Create Sciforma test user
In this section, a user called Britta Simon is created in Sciforma. Sciforma supports just-in-time user provisioning,
Sciforma, a new one is created after authentication.
Test single sign-on
When you click the Sciforma tile in the Access Panel, you should be automatically signed in to the Sciforma for
SciQuest Spend Director
In this tutorial, you learn how to integrate SciQuest Spend Director with Azure Active Directory (Azure AD ).
Integrating SciQuest Spend Director with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to SciQuest Spend Director.
You can enable your users to be automatically signed-in to SciQuest Spend Director (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with SciQuest Spend Director, you need the following items:
SciQuest Spend Director single sign-on enabled subscription
SciQuest Spend Director supports SP initiated SSO
SciQuest Spend Director supports Just In Time user provisioning
Adding SciQuest Spend Director from the gallery

To configure the integration of SciQuest Spend Director into Azure AD, you need to add SciQuest Spend Director
To add SciQuest Spend Director from the gallery, perform the following steps:
4. In the search box, type SciQuest Spend Director, select SciQuest Spend Director from result panel then

In this section, you configure and test Azure AD single sign-on with SciQuest Spend Director based on a test user
in SciQuest Spend Director needs to be established.
To configure and test Azure AD single sign-on with SciQuest Spend Director, you need to complete the following
building blocks:
2. Configure SciQuest Spend Director Single Sign-On - to configure the Single Sign-On settings on
application side.
5. Create SciQuest Spend Director test user - to have a counterpart of Britta Simon in SciQuest Spend
Director that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with SciQuest Spend Director, perform the following steps:
1. In the Azure portal, on the SciQuest Spend Director application integration page, select Single sign-on.
dialog.

https://<companyname>.sciquest.com/apps/Router/SAMLAuth/<instancename>
b. In the Identifier box, type a URL using the following pattern: https://<companyname>.sciquest.com
https://<companyname>.sciquest.com/apps/Router/ExternalAuth/Login/<instancename>
NOTE
SciQuest Spend Director Client support team to get these values. You can also refer to the patterns shown in the
6. On the Set up SciQuest Spend Director section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure SciQuest Spend Director Single Sign-On
To configure single sign-on on SciQuest Spend Director side, you need to send the downloaded Federation
Metadata XML and appropriate copied URLs from Azure portal to SciQuest Spend Director support team. They

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to SciQuest Spend Director.
1. In the Azure portal, select Enterprise Applications, select All applications, then select SciQuest Spend
Director.
2. In the applications list, select SciQuest Spend Director.

Create SciQuest Spend Director test user
The objective of this section is to create a user called Britta Simon in SciQuest Spend Director.
You need to contact your SciQuest Spend Director support team and provide them with the details about your test
account to get it created.
Alternatively, you can also leverage just-in-time provisioning, a single sign-on feature that is supported by
SciQuest Spend Director.
If just-in-time provisioning is enabled, users are automatically created by SciQuest Spend Director during a single
sign-on attempt if they don't exist. This feature eliminates the need to manually create single sign-on counterpart
users.
To get just-in-time provisioning enabled, you need to contact your SciQuest Spend Director support team.
Test single sign-on
When you click the SciQuest Spend Director tile in the Access Panel, you should be automatically signed in to the
SciQuest Spend Director for which you set up SSO. For more information about the Access Panel, see Introduction
ScreenSteps
In this tutorial, you learn how to integrate ScreenSteps with Azure Active Directory (Azure AD ). Integrating
ScreenSteps with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to ScreenSteps.
You can enable your users to be automatically signed-in to ScreenSteps (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with ScreenSteps, you need the following items:
ScreenSteps single sign-on enabled subscription
ScreenSteps supports SP initiated SSO
Adding ScreenSteps from the gallery

To configure the integration of ScreenSteps into Azure AD, you need to add ScreenSteps from the gallery to your
To add ScreenSteps from the gallery, perform the following steps:
4. In the search box, type ScreenSteps, select ScreenSteps from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with ScreenSteps based on a test user called Britta
ScreenSteps needs to be established.
To configure and test Azure AD single sign-on with ScreenSteps, you need to complete the following building
blocks:
2. Configure ScreenSteps Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create ScreenSteps test user - to have a counterpart of Britta Simon in ScreenSteps that is linked to the
To configure Azure AD single sign-on with ScreenSteps, perform the following steps:
1. In the Azure portal, on the ScreenSteps application integration page, select Single sign-on.
dialog.

In the Sign-on URL text box, type a URL using the following pattern: https://<tenantname>.ScreenSteps.com
NOTE
This value is not real. Update this value with the actual Sign-On URL, which is explained later in this tutorial.
6. On the Set up ScreenSteps section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure ScreenSteps Single Sign-On
1. In a different web browser window, log into your ScreenSteps company site as an administrator.
2. Click Account Settings.
3. Click Single Sign-on.
4. Click Create Single Sign-on Endpoint.
5. In the Create Single Sign-on Endpoint section, perform the following steps:
a. In the Title textbox, type a title.

b. From the Mode list, select SAML.
c. Click Create.
6. Edit the new endpoint.
7. In the Edit Single Sign-on Endpoint section, perform the following steps:
a. Click Upload new SAML Certificate file, and then upload the certificate, which you have downloaded
from Azure portal.
b. Paste Login URL value, which you have copied from the Azure portal into the Remote Login URL
textbox.
c. Paste Logout URL value, which you have copied from the Azure portal into the Log out URL textbox.
d. Select a Group to assign users to when they are provisioned.
e. Click Update.
f. Copy the SAML Consumer URL to the clipboard and paste in to the Sign-on URL textbox in Basic
g. Return to the Edit Single Sign-on Endpoint.
h. Click the Make default for account button to use this endpoint for all users who log into ScreenSteps.
Alternatively you can click the Add to Site button to use this endpoint for specific sites in ScreenSteps.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to ScreenSteps.
1. In the Azure portal, select Enterprise Applications, select All applications, then select ScreenSteps.
2. In the applications list, select ScreenSteps.
Create ScreenSteps test user
In this section, you create a user called Britta Simon in ScreenSteps. Work with ScreenSteps Client support team to
add the users in the ScreenSteps platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the ScreenSteps tile in the Access Panel, you should be automatically signed in to the ScreenSteps
integration with SD Elements
In this tutorial, you'll learn how to integrate SD Elements with Azure Active Directory (Azure AD ). When you
integrate SD Elements with Azure AD, you can:
Control in Azure AD who has access to SD Elements.
Enable your users to be automatically signed-in to SD Elements with their Azure AD accounts.
Prerequisites
SD Elements single sign-on (SSO ) enabled subscription.
SD Elements supports IDP initiated SSO
Adding SD Elements from the gallery

To configure the integration of SD Elements into Azure AD, you need to add SD Elements from the gallery to your
5. In the Add from the gallery section, type SD Elements in the search box.
6. Select SD Elements from results panel and then add the app. Wait a few seconds while the app is added to
your tenant.
Configure and test Azure AD single sign-on for SD Elements

Configure and test Azure AD SSO with SD Elements using a test user called B.Simon. For SSO to work, you need
to establish a link relationship between an Azure AD user and the related user in SD Elements.
To configure and test Azure AD SSO with SD Elements, complete the following building blocks:
2. Configure SD Elements SSO - to configure the single sign-on settings on application side.
Create SD Elements test user - to have a counterpart of B.Simon in SD Elements that is linked to the

1. In the Azure portal, on the SD Elements application integration page, find the Manage section and select
single sign-on.
edit the settings.
https://<tenantname>.sdelements.com/sso/saml2/metadata
https://<tenantname>.sdelements.com/sso/saml2/acs/
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact SD Elements Client
5. SD Elements application expects the SAML assertions in a specific format, which requires you to add
6. In addition to above, SD Elements application expects few more attributes to be passed back in SAML
your requirements.
email user.mail
8. On the Set up SD Elements section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to SD Elements.
2. In the applications list, select SD Elements.
Configure SD Elements SSO

1. To get single sign-on enabled, contact your SD Elements support team and provide them with the
downloaded certificate file.
2. In a different browser window, sign-on to your SD Elements tenant as an administrator.
3. In the menu on the top, click System, and then Single Sign-on.
4. On the Single Sign-On Settings dialog, perform the following steps:

a. As SSO Type, select SAML.
b. In the Identity Provider Entity ID textbox, paste the value of Azure AD Identifier, which you have
c. In the Identity Provider Single Sign-On Service textbox, paste the value of Login URL, which you
have copied from Azure portal.
d. Click Save.
Create SD Elements test user
The objective of this section is to create a user called B.Simon in SD Elements. In the case of SD Elements, creating
SD Elements users is a manual task.
To create B.Simon in SD Elements, perform the following steps:
1. In a web browser window, sign-on to your SD Elements company site as an administrator.
2. In the menu on the top, click User Management, and then Users.
4. On the Add New User dialog, perform the following steps:
a. In the E -mail textbox, enter the email of user like **b.simon@contoso.com**.

b. In the First Name textbox, enter the first name of user like B..
c. In the Last Name textbox, enter the last name of user like Simon.
d. As Role, select User.
e. Click Create User.
Test SSO
When you click the SD Elements tile in the Access Panel, you should be automatically signed in to the SD Elements
Try SD Elements with Azure AD
Tutorial: Integrate Secret Server (On-Premises) with
In this tutorial, you'll learn how to integrate Secret Server (On-Premises) with Azure Active Directory (Azure AD ).
When you integrate Secret Server (On-Premises) with Azure AD, you can:
Control in Azure AD who has access to Secret Server (On-Premises).
Enable your users to be automatically signed-in to Secret Server (On-Premises) with their Azure AD accounts.
Prerequisites
Secret Server (On-Premises) single sign-on (SSO ) enabled subscription.
Secret Server (On-Premises) supports SP and IDP initiated SSO
Adding Secret Server (On-Premises) from the gallery

To configure the integration of Secret Server (On-Premises) into Azure AD, you need to add Secret Server (On-
Premises) from the gallery to your list of managed SaaS apps.
5. In the Add from the gallery section, type Secret Server (On-Premises) in the search box.
6. Select Secret Server (On-Premises) from results panel and then add the app. Wait a few seconds while the

Configure and test Azure AD SSO with Secret Server (On-Premises) using a test user called B.Simon. For SSO to
work, you need to establish a link relationship between an Azure AD user and the related user in Secret Server
(On-Premises).
To configure and test Azure AD SSO with Secret Server (On-Premises), complete the following building blocks:
2. Configure Secret Server (On-Premises) SSO - to configure the Single Sign-On settings on application side.
5. Create Secret Server (On-Premises) test user - to have a counterpart of B.Simon in Secret Server (On-
Premises) that is linked to the Azure AD representation of user.
1. In the Azure portal, on the Secret Server (On-Premises) application integration page, find the Manage
a. In the Identifier text box, enter the user chosen value as an example:
https://secretserveronpremises.azure
https://<SecretServerURL>/SAML/AssertionConsumerService.aspx
NOTE
The Entity ID shown above is an example only and you are free to choose any unique value that identifies your Secret
Server instance in Azure AD. You need to send this Entity ID to Secret Server (On-Premises) Client support team and
they configure it on their side. For more details, please read this article.
initiated mode:
In the Sign-on URL text box, type a URL using the following pattern: https://<SecretServerURL>/login.aspx
NOTE
These values are not real. Update these values with the actual Reply URL and Sign-On URL. Contact Secret Server
(On-Premises) Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
7. On the Set up Single Sign-On with SAML page, click the Edit icon to open SAML Signing Certificate
dialog.
8. Select Signing Option as Sign SAML response and assertion.
9. On the Set up Secret Server (On-Premises) section, copy the appropriate URL (s) based on your
requirement.
Configure Secret Server (On-Premises) SSO

To configure single sign-on on the Secret Server (On-Premises) side, you need to send the downloaded
Certificate (Base64) and appropriate copied URLs from the Azure portal to the Secret Server (On-Premises)
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Secret Server (On-
Premises).
2. In the applications list, select Secret Server (On-Premises).
Create Secret Server (On-Premises) test user
In this section, you create a user called Britta Simon in Secret Server (On-Premises). Work with Secret Server (On-
Premises) support team to add the users in the Secret Server (On-Premises) platform. Users must be created and
Test SSO
When you click the Secret Server (On-Premises) tile in the Access Panel, you should be automatically signed in to
the Secret Server (On-Premises) for which you set up SSO. For more information about the Access Panel, see
Sectigo Certificate Manager
In this tutorial, you learn how to integrate Sectigo Certificate Manager with Azure Active Directory (Azure AD ).
Integrating Sectigo Certificate Manager with Azure AD gives you the following benefits:
You can use Azure AD to control who has access to Sectigo Certificate Manager.
Users can be automatically signed in to Sectigo Certificate Manager with their Azure AD accounts (single sign-
on).
Prerequisites
To configure Azure AD integration with Sectigo Certificate Manager, you need the following items:
Sectigo Certificate Manager subscription with single sign-on enabled.
In this tutorial, you configure and test Azure AD single sign-on in a test environment and integrate Sectigo
Certificate Manager with Azure AD.
Sectigo Certificate Manager supports the following features:
Add Sectigo Certificate Manager in the Azure portal

To integrate Sectigo Certificate Manager with Azure AD, you must add Sectigo Certificate Manager to your list of
managed SaaS apps.

5. In the search box, enter Sectigo Certificate Manager. In the search results, select Sectigo Certificate
Manager, and then select Add.

In this section, you configure and test Azure AD single sign-on with Sectigo Certificate Manager based on a test
user named Britta Simon. For single sign-on to work, you must establish a linked relationship between an Azure
AD user and the related user in Sectigo Certificate Manager.
To configure and test Azure AD single sign-on with Sectigo Certificate Manager, you must complete the following
building blocks:
TASK DESCRIPTION
Configure Sectigo Certificate Manager single sign-on Configures the single sign-on settings in the application.
Create a Sectigo Certificate Manager test user Creates a counterpart of Britta Simon in Sectigo Certificate
Manager that is linked to the Azure AD representation of the
user.
TASK DESCRIPTION

In this section, you configure Azure AD single sign-on with Sectigo Certificate Manager in the Azure portal.
1. In the Azure portal, in the Sectigo Certificate Manager application integration pane, select Single sign-
on.
on.
Configuration pane.
4. In the Basic SAML Configuration pane, to configure IDP -initiated mode, complete the following steps:
a. In the Identifier box, enter one of these URLs:
https://cert-manager.com/shibboleth
https://hard.cert-manager.com/shibboleth
b. In the Reply URL box, enter one of these URLs:
https://cert-manager.com/Shibboleth.sso/SAML2/POST
https://hard.cert-manager.com/Shibboleth.sso/SAML2/POST
c. Select Set additional URLs.
d. In the Relay State box, enter one of these URLs:
https://cert-manager.com/customer/SSLSupport/idp
https://hard.cert-manager.com/customer/SSLSupport/idp
5. To configure the application in SP -initiated mode, complete the following steps:

In the Sign on URL box, enter one of these URLs:
https://cert-manager.com/Shibboleth.sso/Login
https://hard.cert-manager.com/Shibboleth.sso/Login
Download next to Certificate (Base64). Select a download option based on your requirements. Save the
certificate on your computer.
7. In the Set up Sectigo Certificate Manager section, copy the following URLs based on your requirements:
Login URL
Azure AD Identifier
Logout URL
Configure Sectigo Certificate Manager single sign-on

To configure single sign-on on the Sectigo Certificate Manager side, send the downloaded Certificate (Base64) file
and the relevant URLs that you copied from the Azure portal to the Sectigo Certificate Manager support team. The
Sectigo Certificate Manager support team uses the information you send them to ensure that the SAML single
sign-on connection is set properly on both sides.
2. Select New user.

d. Select Create.

In this section, you grant Britta Simon access to Sectigo Certificate Manager so she can use Azure single sign-on.
1. In the Azure portal, select Enterprise applications > All applications > Sectigo Certificate Manager.
2. In the applications list, select Sectigo Certificate Manager.

Create a Sectigo Certificate Manager test user
In this section, you create a user named Britta Simon in Sectigo Certificate Manager. Work with the Sectigo
Certificate Manager support team to add the user in the Sectigo Certificate Manager platform. Users must be
Test single sign-on
After you set up single sign-on, when you select Sectigo Certificate Manager in the My Apps portal, you are
automatically signed in to Sectigo Certificate Manager. For more information about the My Apps portal, see
Access and use apps in the My Apps portal.
Next steps
SECURE DELIVER
In this tutorial, you learn how to integrate SECURE DELIVER with Azure Active Directory (Azure AD ). Integrating
SECURE DELIVER with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to SECURE DELIVER.
You can enable your users to be automatically signed-in to SECURE DELIVER (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with SECURE DELIVER, you need the following items:
SECURE DELIVER single sign-on enabled subscription
SECURE DELIVER supports SP initiated SSO
Adding SECURE DELIVER from the gallery

To configure the integration of SECURE DELIVER into Azure AD, you need to add SECURE DELIVER from the
To add SECURE DELIVER from the gallery, perform the following steps:
4. In the search box, type SECURE DELIVER, select SECURE DELIVER from result panel then click Add

In this section, you configure and test Azure AD single sign-on with SECURE DELIVER based on a test user called
SECURE DELIVER needs to be established.
To configure and test Azure AD single sign-on with SECURE DELIVER, you need to complete the following
building blocks:
2. Configure SECURE DELIVER Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create SECURE DELIVER test user - to have a counterpart of Britta Simon in SECURE DELIVER that is
To configure Azure AD single sign-on with SECURE DELIVER, perform the following steps:
1. In the Azure portal, on the SECURE DELIVER application integration page, select Single sign-on.
dialog.

https://<companyname>.i-securedeliver.jp/sd/<tenantname>/jsf/login/sso
https://<companyname>.i-securedeliver.jp/sd/<tenantname>/postResponse
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact SECURE DELIVER
6. On the Set up SECURE DELIVER section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure SECURE DELIVER Single Sign-On
To configure single sign-on on SECURE DELIVER side, you need to send the downloaded Certificate (Base64)
and appropriate copied URLs from Azure portal to SECURE DELIVER support team. They set this setting to have

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to SECURE DELIVER.
1. In the Azure portal, select Enterprise Applications, select All applications, then select SECURE
DELIVER.
2. In the applications list, select SECURE DELIVER.
Create SECURE DELIVER test user
In this section, you create a user called Britta Simon in SECURE DELIVER. Work with SECURE DELIVER support
team to add the users in the SECURE DELIVER platform. Users must be created and activated before you use
single sign-on.
Test single sign-on
When you click the SECURE DELIVER tile in the Access Panel, you should be automatically signed in to the
SECURE DELIVER for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
Tutorial: Integrate SecureW2 JoinNow Connector with
In this tutorial, you'll learn how to integrate SecureW2 JoinNow Connector with Azure Active Directory (Azure
AD ). When you integrate SecureW2 JoinNow Connector with Azure AD, you can:
Control in Azure AD who has access to SecureW2 JoinNow Connector.
Enable your users to be automatically signed-in to SecureW2 JoinNow Connector with their Azure AD
accounts.
Prerequisites
SecureW2 JoinNow Connector single sign-on (SSO ) enabled subscription.
SecureW2 JoinNow Connector supports SP initiated SSO
Adding SecureW2 JoinNow Connector from the gallery

To configure the integration of SecureW2 JoinNow Connector into Azure AD, you need to add SecureW2 JoinNow
Connector from the gallery to your list of managed SaaS apps.
5. In the Add from the gallery section, type SecureW2 JoinNow Connector in the search box.
6. Select SecureW2 JoinNow Connector from results panel and then add the app. Wait a few seconds while the

Configure and test Azure AD SSO with SecureW2 JoinNow Connector using a test user called B.Simon. For SSO
to work, you need to establish a link relationship between an Azure AD user and the related user in SecureW2
JoinNow Connector.
To configure and test Azure AD SSO with SecureW2 JoinNow Connector, complete the following building blocks:
2. Configure SecureW2 JoinNow Connector SSO - to configure the Single Sign-On settings on application
side.
5. Create SecureW2 JoinNow Connector test user - to have a counterpart of B.Simon in SecureW2 JoinNow
Connector that is linked to the Azure AD representation of user.
1. In the Azure portal, on the SecureW2 JoinNow Connector application integration page, find the Manage
https://<organization-identifier>-auth.securew2.com/auth/saml/SSO
https://<organization-identifier>-auth.securew2.com/auth/saml
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact SecureW2 JoinNow
Connector Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
6. On the Set up SecureW2 JoinNow Connector section, copy the appropriate URL (s) based on your
requirement.
Configure SecureW2 JoinNow Connector SSO

To configure single sign-on on SecureW2 JoinNow Connector side, you need to send the downloaded
Metadata XML and appropriate copied URLs from Azure portal to SecureW2 JoinNow Connector support team.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to SecureW2 JoinNow
Connector.
2. In the applications list, select SecureW2 JoinNow Connector.
Create SecureW2 JoinNow Connector test user
In this section, you create a user called Britta Simon in SecureW2 JoinNow Connector. Work with SecureW2
JoinNow Connector support team to add the users in the SecureW2 JoinNow Connector platform. Users must be
Test SSO
When you click the SecureW2 JoinNow Connector tile in the Access Panel, you should be automatically signed in
to the SecureW2 JoinNow Connector for which you set up SSO. For more information about the Access Panel, see
Sedgwick CMS
In this tutorial, you learn how to integrate Sedgwick CMS with Azure Active Directory (Azure AD ). Integrating
Sedgwick CMS with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Sedgwick CMS.
You can enable your users to be automatically signed-in to Sedgwick CMS (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Sedgwick CMS, you need the following items:
Sedgwick CMS single sign-on enabled subscription
Sedgwick CMS supports IDP initiated SSO
Adding Sedgwick CMS from the gallery

To configure the integration of Sedgwick CMS into Azure AD, you need to add Sedgwick CMS from the gallery to
To add Sedgwick CMS from the gallery, perform the following steps:
4. In the search box, type Sedgwick CMS, select Sedgwick CMS from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with Sedgwick CMS based on a test user called
Sedgwick CMS needs to be established.
To configure and test Azure AD single sign-on with Sedgwick CMS, you need to complete the following building
blocks:
2. Configure Sedgwick CMS Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Sedgwick CMS test user - to have a counterpart of Britta Simon in Sedgwick CMS that is linked to the
To configure Azure AD single sign-on with Sedgwick CMS, perform the following steps:
1. In the Azure portal, on the Sedgwick CMS application integration page, select Single sign-on.
dialog.
expresspreview.sedgwickcms.net/voe/sso
claimlookup.com/Voe/sso
https://<subdomain>.sedgwickcms.net/voe/sso
https://claimlookup.com/Voe/sso
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact Sedgwick CMS Client
6. On the Set up Sedgwick CMS section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Sedgwick CMS Single Sign-On
To configure single sign-on on Sedgwick CMS side, you need to send the downloaded FederationMetadata
XML and appropriate copied URLs from Azure portal to Sedgwick CMS support team. They set this setting to

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Sedgwick CMS.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Sedgwick CMS.
2. In the applications list, select Sedgwick CMS.

Create Sedgwick CMS test user
In this section, you create a user called Britta Simon in Sedgwick CMS. Work with Sedgwick CMS support team to
add the users in the Sedgwick CMS platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Sedgwick CMS tile in the Access Panel, you should be automatically signed in to the Sedgwick
CMS for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Seismic
In this tutorial, you learn how to integrate Seismic with Azure Active Directory (Azure AD ). Integrating Seismic
You can control in Azure AD who has access to Seismic.
You can enable your users to be automatically signed-in to Seismic (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Seismic, you need the following items:
Seismic single sign-on enabled subscription
Seismic supports SP initiated SSO
Adding Seismic from the gallery

To configure the integration of Seismic into Azure AD, you need to add Seismic from the gallery to your list of
managed SaaS apps.
To add Seismic from the gallery, perform the following steps:
4. In the search box, type Seismic, select Seismic from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Seismic based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Seismic
To configure and test Azure AD single sign-on with Seismic, you need to complete the following building blocks:
2. Configure Seismic Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Seismic test user - to have a counterpart of Britta Simon in Seismic that is linked to the Azure AD
To configure Azure AD single sign-on with Seismic, perform the following steps:
1. In the Azure portal, on the Seismic application integration page, select Single sign-on.
dialog.

a. In the Sign on URL text box, type a URL using the following pattern: https://<SUBDOMAIN>.seismic.com
https://<SUBDOMAIN>.seismic.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Seismic Client
support team to get these values. You can also upload the Service Provider Metadata to auto populate the
Identifier value, for more information about Service Provider Metadata, contact to Seismic Client support team.
6. On the Set up Seismic section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Seismic Single Sign-On
To configure single sign-on on Seismic side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to Seismic support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Seismic.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Seismic.
2. In the applications list, select Seismic.
Create Seismic test user
In this section, you create a user called Britta Simon in Seismic. Work with Seismic support team to add the users
in the Seismic platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Seismic tile in the Access Panel, you should be automatically signed in to the Seismic for which
SensoScientific Wireless Temperature Monitoring
System
In this tutorial, you learn how to integrate SensoScientific Wireless Temperature Monitoring System with Azure
Active Directory (Azure AD ). Integrating SensoScientific Wireless Temperature Monitoring System with Azure AD
provides you with the following benefits:
You can control in Azure AD who has access to SensoScientific Wireless Temperature Monitoring System.
You can enable your users to be automatically signed-in to SensoScientific Wireless Temperature Monitoring
System (Single Sign-On) with their Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with SensoScientific Wireless Temperature Monitoring System, you need the
following items:
SensoScientific Wireless Temperature Monitoring System single sign-on enabled subscription
SensoScientific Wireless Temperature Monitoring System supports IDP initiated SSO
Adding SensoScientific Wireless Temperature Monitoring System from

the gallery
To configure the integration of SensoScientific Wireless Temperature Monitoring System into Azure AD, you need
to add SensoScientific Wireless Temperature Monitoring System from the gallery to your list of managed SaaS
apps.
To add SensoScientific Wireless Temperature Monitoring System from the gallery, perform the
following steps:
4. In the search box, type SensoScientific Wireless Temperature Monitoring System, select
SensoScientific Wireless Temperature Monitoring System from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with SensoScientific Wireless Temperature
Monitoring System based on a test user called Britta Simon. For single sign-on to work, a link relationship
between an Azure AD user and the related user in SensoScientific Wireless Temperature Monitoring System needs
to be established.
To configure and test Azure AD single sign-on with SensoScientific Wireless Temperature Monitoring System, you
need to complete the following building blocks:
2. Configure SensoScientific Wireless Temperature Monitoring System Single Sign-On - to configure the
Single Sign-On settings on application side.
5. Create SensoScientific Wireless Temperature Monitoring System test user - to have a counterpart of
Britta Simon in SensoScientific Wireless Temperature Monitoring System that is linked to the Azure AD
To configure Azure AD single sign-on with SensoScientific Wireless Temperature Monitoring System, perform the
following steps:
1. In the Azure portal, on the SensoScientific Wireless Temperature Monitoring System application
integration page, select Single sign-on.
dialog.
6. On the Set up SensoScientific Wireless Temperature Monitoring System section, copy the appropriate
URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure SensoScientific Wireless Temperature Monitoring System Single Sign-On
1. Sign on to your SensoScientific Wireless Temperature Monitoring System application as an administrator.
2. In the navigation menu on the top, click Configuration and goto Configure under Single Sign On to
open the Single Sign On Settings and perform the following steps:
a. Select Issuer Name as Azure AD.
b. In the Issuer URL textbox, paste the Azure AD Identifier which you have copied from Azure portal.
c. In the Single Sign-On Service URL textbox, paste the Login URL which you have copied from Azure
portal.
d. In the Single Sign-Out Service URL textbox, paste the Logout URL which you have copied from Azure
portal.
e. Browse the certificate which you have downloaded from Azure portal and upload here.
f. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to SensoScientific Wireless
Temperature Monitoring System.
1. In the Azure portal, select Enterprise Applications, select All applications, then select SensoScientific
Wireless Temperature Monitoring System.
2. In the applications list, select SensoScientific Wireless Temperature Monitoring System.

Create SensoScientific Wireless Temperature Monitoring System test user
To enable Azure AD users to sign in to SensoScientific Wireless Temperature Monitoring System, they must be
provisioned into SensoScientific Wireless Temperature Monitoring System. Work with SensoScientific Wireless
Temperature Monitoring System support team to add the users in the SensoScientific Wireless Temperature
Monitoring System platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the SensoScientific Wireless Temperature Monitoring System tile in the Access Panel, you should
be automatically signed in to the SensoScientific Wireless Temperature Monitoring System for which you set up
Sequr
In this tutorial, you learn how to integrate Sequr with Azure Active Directory (Azure AD ). Integrating Sequr with
You can control in Azure AD who has access to Sequr.
You can enable your users to be automatically signed-in to Sequr (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Sequr, you need the following items:
Sequr single sign-on enabled subscription
Sequr supports SP and IDP initiated SSO
Adding Sequr from the gallery

To configure the integration of Sequr into Azure AD, you need to add Sequr from the gallery to your list of
managed SaaS apps.
To add Sequr from the gallery, perform the following steps:
4. In the search box, type Sequr, select Sequr from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Sequr based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Sequr
To configure and test Azure AD single sign-on with Sequr, you need to complete the following building blocks:
2. Configure Sequr Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Sequr test user - to have a counterpart of Britta Simon in Sequr that is linked to the Azure AD
To configure Azure AD single sign-on with Sequr, perform the following steps:
1. In the Azure portal, on the Sequr application integration page, select Single sign-on.
dialog.
In the Identifier text box, type the URL: https://login.sequr.io
initiated mode:
a. In the Sign-on URL text box, type the URL: https://login.sequr.io
b. In the Relay State textbox, you will get this value, which is explained later in the tutorial.
7. On the Set up Sequr section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Sequr Single Sign-On
1. In a different web browser window, sign in to your Sequr company site as an administrator.
2. Click on the Integrations from the left navigation panel.
3. Scroll down to the Single Sign-On section and click Manage.
4. In the Manage Single Sign-On section, perform the following steps:

a. In the Identity Provider Single Sign-On URL textbox, paste the Login URL value, which you have
b. Drag and drop the Certificate file, which you have downloaded from the Azure portal or manually enter
the content of the certificate.
c. After saving the configuration, the relay state value will be generated. Copy the relay state value and
paste it in the Relay State textbox of Basic SAML Configuration section in the Azure portal.
d. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Sequr.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Sequr.
2. In the applications list, select Sequr.

Create Sequr test user
In this section, you create a user called Britta Simon in Sequr. Work with Sequr Client support team to add the
users in the Sequr platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Sequr tile in the Access Panel, you should be automatically signed in to the Sequr for which you
integration with ServiceChannel
In this tutorial, you'll learn how to integrate ServiceChannel with Azure Active Directory (Azure AD ). When you
integrate ServiceChannel with Azure AD, you can:
Control in Azure AD who has access to ServiceChannel.
Enable your users to be automatically signed-in to ServiceChannel with their Azure AD accounts.
Prerequisites
ServiceChannel single sign-on (SSO ) enabled subscription.
ServiceChannel supports IDP initiated SSO
ServiceChannel supports Just In Time user provisioning
Adding ServiceChannel from the gallery

To configure the integration of ServiceChannel into Azure AD, you need to add ServiceChannel from the gallery to
5. In the Add from the gallery section, type ServiceChannel in the search box.
6. Select ServiceChannel from results panel and then add the app. Wait a few seconds while the app is added to
your tenant.
Configure and test Azure AD single sign-on for ServiceChannel

Configure and test Azure AD SSO with ServiceChannel using a test user called B.Simon. For SSO to work, you
need to establish a link relationship between an Azure AD user and the related user in ServiceChannel.
To configure and test Azure AD SSO with ServiceChannel, complete the following building blocks:
2. Configure ServiceChannel SSO - to configure the single sign-on settings on application side.
a. Create ServiceChannel test user - to have a counterpart of B.Simon in ServiceChannel that is linked to

1. In the Azure portal, on the ServiceChannel application integration page, find the Manage section and
edit the settings.
a. In the Identifier text box, type the value as: http://adfs.<domain>.com/adfs/service/trust
https://<customer domain>.servicechannel.com/saml/acs
NOTE
the unique value of string in the Identifier. Contact ServiceChannel Client support team to get these values. You can
also refer to the patterns shown in the Basic SAML Configuration section in the Azure portal.
5. The role claim is pre-configured so you don't have to configure it but you still need to create them in Azure
AD using this article. You can refer ServiceChannel guide here for more guidance on claims.
7. On the Set up ServiceChannel section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to ServiceChannel.
2. In the applications list, select ServiceChannel.
Configure ServiceChannel SSO

To configure single sign-on on ServiceChannel side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to ServiceChannel support team. They set this setting to have the
Create ServiceChannel test user
Application supports Just in time user provisioning and after authentication users will be created in the application
automatically. For full user provisioning, please contact ServiceChannel support team.
Test SSO
When you click the ServiceChannel tile in the Access Panel, you should be automatically signed in to the
ServiceChannel for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Try ServiceChannel with Azure AD
integration with ServiceNow
In this tutorial, you'll learn how to integrate ServiceNow with Azure Active Directory (Azure AD ). When you
integrate ServiceNow with Azure AD, you can:
Control in Azure AD who has access to ServiceNow.
Enable your users to be automatically signed-in to ServiceNow with their Azure AD accounts.
To learn more about software as a service (SaaS ) app integration with Azure AD, see What is application access
and single sign-on with Azure Active Directory.
Prerequisites
A ServiceNow single sign-on (SSO ) enabled subscription.
For ServiceNow, an instance or tenant of ServiceNow, Calgary version or later.
For ServiceNow Express, an instance of ServiceNow Express, Helsinki version or later.
The ServiceNow tenant must have the Multiple Provider Single Sign On Plugin enabled. You can do this by
submitting a service request.
For automatic configuration, enable the multi-provider plugin for ServiceNow.
To install the ServiceNow Classic (Mobile) application, go to the appropriate store, and search for the
ServiceNow Classic application. Then download it.
In this tutorial, you configure and test Azure AD SSO in a test environment. ServiceNow supports SP initiated
SSO, and Automated user provisioning.
You can configure the ServiceNow Classic (Mobile) application with Azure AD for enabling SSO. It supports both
Android and iOS users. In this tutorial, you configure and test Azure AD SSO in a test environment.
Add ServiceNow from the gallery

To configure the integration of ServiceNow into Azure AD, you need to add ServiceNow from the gallery to your
1. Sign in to the Azure portal by using either a work or school account, or by using a personal Microsoft account.
3. Go to Enterprise Applications, and select All Applications.
5. In the Add from the gallery section, enter ServiceNow in the search box.
6. Select ServiceNow from results panel, and then add the app. Wait a few seconds while the app is added to
your tenant.
Configure and test Azure AD single sign-on for ServiceNow
Configure and test Azure AD SSO with ServiceNow by using a test user called B.Simon. For SSO to work, you
need to establish a link relationship between an Azure AD user and the related user in ServiceNow.
To configure and test Azure AD SSO with ServiceNow, complete the following building blocks:
c. Configure Azure AD SSO for ServiceNow Express to enable your users to use this feature.
2. Configure ServiceNow to configure the SSO settings on the application side.
a. Create a ServiceNow test user to have a counterpart of B.Simon in ServiceNow, linked to the Azure AD
b. Configure ServiceNow Express SSO to configure the single sign-on settings on the application side.
4. Test SSO for ServiceNow Classic (Mobile) to verify whether the configuration works.

1. In the Azure portal, on the ServiceNow application integration page, find the Manage section. Select
single sign-on.
3. On the Set up single sign-on with SAML page, select the pen icon for Basic SAML Configuration to
edit the settings.
4. In the Basic SAML Configuration section, perform the following steps:

a. In Sign on URL, enter a URL that uses the following pattern:
https://<instance-name>.service-now.com/navpage.do
b. In Identifier (Entity ID ), enter a URL that uses the following pattern:

https://<instance-name>.service-now.com
NOTE
These values aren't real. You need to update these values with the actual sign-on URL and identifier, which is
the Azure portal.
Certificate (Base64). Select Download to download the certificate and save it on your computer.
a. Select the copy button to copy App Federation Metadata Url, and paste it into Notepad. This URL will
be used later in the tutorial.
b. Select Download to download Certificate(Base64), and then save the certificate file on your computer.
6. In the Set up ServiceNow section, copy the appropriate URLs, based on your requirement.

In this section, you'll create a test user, called B.Simon, in the Azure portal.
1. From the left pane in the Azure portal, select Azure Active Directory > Users > All users.
a. For Name, enter B.Simon .
b. For User name, enter the username@companydomain.extension. For example, B.Simon@contoso.com .
c. Select Show password, and then write down the value that's shown in the Password box.
d. Select Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to ServiceNow.
1. In the Azure portal, select Enterprise Applications > All applications.
2. In the applications list, select ServiceNow.
3. In the app's overview page, find the Manage section, and select Users and groups.
5. In the Users and groups dialog box, select B.Simon from the users list, and then choose Select.
appropriate role for the user from the list. Then choose Select.
Configure Azure AD SSO for ServiceNow Express
1. In the Azure portal, on the ServiceNow application integration page, select single sign-on.
2. In the Select a single sign-on method dialog box, select SAML/WS -Fed mode to enable single sign-on.
3. On the Set up single sign-on with SAML page, select the pen icon to open the Basic SAML
4. In the Basic SAML Configuration section, perform the following steps:

a. For Sign on URL, enter a URL that uses the following pattern:
https://<instance-name>.service-now.com/navpage.do
b. For Identifier (Entity ID ), enter a URL that uses the following pattern:
https://<instance-name>.service-now.com
NOTE
These values aren't real. You need to update these values with the actual sign-on URL and identifier, which is
the Azure portal.
5. On the Set up single sign-on with SAML page, in the SAML Signing Certificate section, select
Download to download the Certificate (Base64) from the specified options, as per your requirement.
Save it on your computer.
6. You can have Azure AD automatically configure ServiceNow for SAML -based authentication. To enable this
service, go to the Set up ServiceNow section, and select View step-by-step instructions to open the
Configure sign-on window.
7. In the Configure sign-on form, enter your ServiceNow instance name, admin username, and admin
password. Select Configure Now. The admin username provided must have the security_admin role
assigned in ServiceNow for this to work. Otherwise, to manually configure ServiceNow to use Azure AD as
a SAML Identity Provider, select Manually configure single sign-on. Copy the Logout URL, Azure AD
Identifier, and Login URL from the Quick Reference section.
Configure ServiceNow
1. Sign on to your ServiceNow application as an administrator.
2. Activate the Integration - Multiple Provider single sign-on Installer plug-in by following these steps:
a. In the left pane, search for the System Definition section from the search box, and then select Plugins.
b. Search for Integration - Multiple Provider single sign-on Installer.
c. Select the plug-in. Right-click, and select Activate/Upgrade.
d. Select Activate.
3. In the left pane, search for the Multi-Provider SSO section from the search bar, and then select
Properties.
4. In the Multiple Provider SSO Properties dialog box, perform the following steps:
For Enable multiple provider SSO, select Yes.
For Enable Auto Importing of users from all identity providers into the user table, select Yes.
For Enable debug logging for the multiple provider SSO integration, select Yes.
For The field on the user table that..., enter user_name.
Select Save.
5. You can configure ServiceNow automatically or manually. To configure ServiceNow automatically, follow
these steps:
a. Return to the ServiceNow single sign-on page in the Azure portal.
b. One-click configure service is provided for ServiceNow. To enable this service, go to the
ServiceNow Configuration section, and select Configure ServiceNow to open the Configure
sign-on window.
c. In the Configure sign-on form, enter your ServiceNow instance name, admin username, and admin
password. Select Configure Now. The admin username provided must have the security_admin
role assigned in ServiceNow for this to work. Otherwise, to manually configure ServiceNow to use
Azure AD as a SAML Identity Provider, select Manually configure single sign-on. Copy the Sign-
Out URL, SAML Entity ID, and SAML single sign-on Service URL from the Quick Reference
section.
d. Sign on to your ServiceNow application as an administrator.
In the automatic configuration, all the necessary settings are configured on the ServiceNow
side, but the X.509 Certificate isn't enabled by default. You have to map it manually to your
identity provider in ServiceNow. Follow these steps:
a. In the left pane, search for the Multi-Provider SSO section from the search box, and
select Identity Providers.
b. Select the automatically generated identity provider.
c. On the Identity Provider section, perform the following steps:

For Name, enter a name for your configuration (for example, Microsoft Azure
Federated single sign-on).
Remove the populated Identity Provider's SingleLogoutRequest value from
the textbox.
Copy the ServiceNow Homepage value, and paste it in Sign-on URL in the
ServiceNow Basic SAML Configuration section of the Azure portal.
NOTE
The ServiceNow instance homepage is a concatenation of your ServiceNow tenant
URL and /navpage.do (for example:
https://fabrikam.service-now.com/navpage.do ).
Copy the Entity ID / Issuer value, and paste it in Identifier in the ServiceNow
Basic SAML Configuration section of the Azure portal.
Confirm that NameID Policy is set to
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified value.
d. Scroll down to the X.509 Certificate section, and select Edit.
e. Select the certificate, and select the right arrow icon to add the certificate
f. Select Save.
g. At the upper-right corner of the page, select Test Connection.
h. When asked for your credentials, enter them. You'll see the following page. The SSO
Logout Test Results error is expected. Ignore the error and select Activate.
6. To configure ServiceNow manually, follow these steps:

a. Sign on to your ServiceNow application as an administrator.
b. In the left pane, select Identity Providers.
c. In the Identity Providers dialog box, select New.
d. In the Identity Providers dialog box, select SAML.
e. In Import Identity Provider Metadata, perform the following steps:
a. Enter the App Federation Metadata Url that you've copied from the Azure portal.
b. Select Import.
f. It reads the IdP metadata URL, and populates all the fields information.
For Name, enter a name for your configuration (for example, Microsoft Azure Federated
single sign-on).
Remove the populated Identity Provider's SingleLogoutRequest value from the text box.
Copy the ServiceNow Homepage value. Paste it in Sign-on URL in the ServiceNow Basic
SAML Configuration section of the Azure portal.
NOTE
The ServiceNow instance homepage is a concatenation of your ServiceNow tenant URL and
/navpage.do (for example: https://fabrikam.service-now.com/navpage.do ).
Copy the Entity ID / Issuer value. Paste it in Identifier in ServiceNow Basic SAML
Configuration section of the Azure portal.
Confirm that NameID Policy is set to
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified value.
Select Advanced. In User Field, enter email or user_name, depending on which field is
used to uniquely identify users in your ServiceNow deployment.
NOTE
You can configure Azure AD to emit either the Azure AD user ID (user principal name) or the email
address as the unique identifier in the SAML token. Do this by going to the ServiceNow >
Attributes > Single sign-on section of the Azure portal, and mapping the desired field to the
nameidentifier attribute. The value stored for the selected attribute in Azure AD (for example, user
principal name) must match the value stored in ServiceNow for the entered field (for example,
user_name).
Select Test Connection at the upper-right corner of the page.

When asked for your credentials, enter them. You'll see the following page. The SSO Logout
Test Results error is expected. Ignore the error and select Activate.
Create ServiceNow test user

The objective of this section is to create a user called B.Simon in ServiceNow. ServiceNow supports automatic
user provisioning, which is enabled by default.
NOTE
If you need to create a user manually, contact the ServiceNow Client support team.
Configure ServiceNow Express SSO

1. Sign on to your ServiceNow Express application as an administrator.
2. In the left pane, select Single Sign-On.
3. In the Single Sign-On dialog box, select the configuration icon on the upper right, and set the following
properties:
a. Toggle Enable multiple provider SSO to the right.

b. Toggle Enable debug logging for the multiple provider SSO integration to the right.
c. In The field on the user table that..., enter user_name.
4. In the Single Sign-On dialog box, select Add New Certificate.
5. In the X.509 Certificates dialog box, perform the following steps:
a. For Name, enter a name for your configuration (for example: TestSAML2.0).
b. Select Active.
c. For Format, select PEM.
d. For Type, select Trust Store Cert.
e. Open your Base64 encoded certificate downloaded from Azure portal in Notepad. Copy the content of it
into your clipboard, and then paste it to the PEM Certificate text box.
f. Select Update
6. In the Single Sign-On dialog box, select Add New IdP.
7. In the Add New Identity Provider dialog box, under Configure Identity Provider, perform the
following steps:
a. For Name, enter a name for your configuration (for example: SAML 2.0).
b. For Identity Provider URL, paste the value of the identity provider ID that you copied from the Azure
portal.
c. For Identity Provider's AuthnRequest, paste the value of the authentication request URL that you
d. For Identity Provider's SingleLogoutRequest, paste the value of the logout URL that you copied from
the Azure portal.
e. For Identity Provider Certificate, select the certificate you created in the previous step.
8. Select Advanced Settings. Under Additional Identity Provider Properties, perform the following steps:
a. For Protocol Binding for the IDP's SingleLogoutRequest, enter

urn:oasis:names:tc:SAML:2.0:bindings:HTTP -Redirect.
b. For NameID Policy, enter urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified.
c. For AuthnContextClassRef Method, enter
http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password .
d. For Create an AuthnContextClass, toggle it to off (unselected).
9. Under Additional Service Provider Properties, perform the following steps:
a. For ServiceNow Homepage, enter the URL of your ServiceNow instance homepage.
NOTE
The ServiceNow instance homepage is a concatenation of your ServiceNow tenant URL and /navpage.do (for
example: https://fabrikam.service-now.com/navpage.do ).
b. For Entity ID / Issuer, enter the URL of your ServiceNow tenant.

c. For Audience URI, enter the URL of your ServiceNow tenant.
d. For Clock Skew, enter 60.
e. For User Field, enter email or user_name, depending on which field is used to uniquely identify users in
your ServiceNow deployment.
NOTE
You can configure Azure AD to emit either the Azure AD user ID (user principal name) or the email address as the
unique identifier in the SAML token. Do this by going to the ServiceNow > Attributes > Single sign-on section of
the Azure portal, and mapping the desired field to the nameidentifier attribute. The value stored for the selected
attribute in Azure AD (for example, user principal name) must match the value stored in ServiceNow for the entered
field (for example, user_name).
f. Select Save.
Test SSO
When you select the ServiceNow tile in the Access Panel, you should be automatically signed in to the ServiceNow
Test SSO for ServiceNow Classic (Mobile)

1. Open your ServiceNow Classic (Mobile) application, and perform the following steps:
a. Select the plus sign in the lower-right corner.
b. Enter your ServiceNow instance name, and select Continue.

c. On the Log in page, perform the following steps:
Enter Username, like B.simon@contoso.com.

Select USE EXTERNAL LOGIN. You're redirected to the Azure AD page for sign-in.
Enter your credentials. If there is any third-party authentication, or any other security feature
enabled, the user must respond accordingly. The application Home page appears.
List of tutorials on how to integrate SaaS Apps with Azure Active Directory
Configure user provisioning
Try ServiceNow with Azure AD
Settling music
In this tutorial, you learn how to integrate Settling music with Azure Active Directory (Azure AD ). Integrating
Settling music with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Settling music.
You can enable your users to be automatically signed-in to Settling music (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Settling music, you need the following items:
Settling music single sign-on enabled subscription
Settling music supports SP initiated SSO
Adding Settling music from the gallery

To configure the integration of Settling music into Azure AD, you need to add Settling music from the gallery to
To add Settling music from the gallery, perform the following steps:
4. In the search box, type Settling music, select Settling music from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with Settling music based on a test user called
Settling music needs to be established.
To configure and test Azure AD single sign-on with Settling music, you need to complete the following building
blocks:
2. Configure Settling music Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Settling music test user - to have a counterpart of Britta Simon in Settling music that is linked to the
To configure Azure AD single sign-on with Settling music, perform the following steps:
1. In the Azure portal, on the Settling music application integration page, select Single sign-on.
dialog.

https://<SUBDOMAIN>.rakurakuseisan.jp/<USERACCOUNT>/
https://<SUBDOMAIN>.rakurakuseisan.jp/<USERACCOUNT>/
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Settling music
6. On the Set up Settling music section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Settling music Single Sign-On
1. In a different web browser window, sign in to Settling music as a Security Administrator.
2. On top of the page, click management tab.
3. Click on System setting tab.
4. Switch to Security tab.
5. On the Single sign-on setting section, perform the following steps:

a. Click To enable.
b. In the Login URL of the ID provider textbox, paste the value of Login URL which you have copied from
Azure portal.
c. In the ID provider logout URL textbox, paste the value of Logout URL which you have copied from
Azure portal.
d. Click Choose File to upload the Certificate (Base64) which you have downloaded form Azure portal.
e. Click the Save button.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Settling music.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Settling music.
2. In the applications list, select Settling music.

Create Settling music test user
In this section, you create a user called Britta Simon in Settling music. Work with Settling music Client support
team to add the users in the Settling music platform. Users must be created and activated before you use single
sign-on.
Test single sign-on
When you click the Settling music tile in the Access Panel, you should be automatically signed in to the Settling
music for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
SharePoint on-premises
In this tutorial, you learn how to integrate SharePoint on-premises with Azure Active Directory (Azure AD ).
Integrating SharePoint on-premises with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to SharePoint on-premises.
You can enable your users to be automatically signed-in to SharePoint on-premises (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with SharePoint on-premises, you need the following items:
SharePoint on-premises single sign-on enabled subscription
SharePoint on-premises supports SP initiated SSO
Adding SharePoint on-premises from the gallery

To configure the integration of SharePoint on-premises into Azure AD, you need to add SharePoint on-premises
To add SharePoint on-premises from the gallery, perform the following steps:
NOTE
If the element should not be available, it can also be opened through the fixed All services link at the top of the left
navigation panel. In the following overview, the Azure Active Directory link is located in the Identity section or it
can be searched for by using the filter text box.
4. In the search box, type SharePoint on-premises, select SharePoint on-premises from result panel then

In this section, you configure and test Azure AD single sign-on with SharePoint on-premises based on a test user
in SharePoint on-premises needs to be established.
To configure and test Azure AD single sign-on with SharePoint on-premises, you need to complete the following
building blocks:
2. Configure SharePoint on-premises Single Sign-On - to configure the Single Sign-On settings on
application side.
4. Create an Azure AD Security Group in the Azure portal - to enable a new security group in Azure AD for
single sign-on.
5. Grant access to SharePoint on-premises Security Group - grant access for particular group to Azure AD.
6. Assign the Azure AD Security Group in the Azure portal - to assign the particular group to Azure AD for
authentication.
To configure Azure AD single sign-on with SharePoint on-premises, perform the following steps:
1. In the Azure portal, on the SharePoint on-premises application integration page, select Single sign-on.
dialog.

https://<YourSharePointServerURL>/_trust/default.aspx
b. In the Identifier box, type a URL using the following pattern: urn:sharepoint:federation
https://<YourSharePointServerURL>/_trust/default.aspx
NOTE
SharePoint on-premises Client support team to get these values. You can also refer to the patterns shown in the
NOTE
Please note down the file path to which you have downloaded the certificate file, as you need to use it later in the
PowerShell script for configuration.
6. On the Set up SharePoint on-premises section, copy the appropriate URL (s) as per your requirement. For
Single Sign-On Service URL, use a value of the following pattern:
https://login.microsoftonline.com/_my_directory_id_/wsfed
NOTE
my_directory_id is the tenant id of Azure Ad subscription.
a. Login URL
c. Logout URL
NOTE
Sharepoint On-Premises application uses SAML 1.1 token, so Azure AD expects WS Fed request from SharePoint
server and after authentication, it issues the SAML 1.1. token.
Configure SharePoint on-premises Single Sign-On

1. In a different web browser window, sign in to your SharePoint on-premises company site as an
administrator.
2. Configure a new trusted identity provider in SharePoint Server 2016
Sign into the SharePoint Server 2016 server and open the SharePoint 2016 Management Shell. Fill in the
values of $realm (Identifier value from the SharePoint on-premises Domain and URLs section in the Azure
portal), $wsfedurl (Single Sign-On Service URL ), and $filepath (file path to which you have downloaded the
certificate file) from Azure portal and run the following commands to configure a new trusted identity
provider.
TIP
If you're new to using PowerShell or want to learn more about how PowerShell works, see SharePoint PowerShell.
$realm = "<Identifier value from the SharePoint on-premises Domain and URLs section in the Azure
portal>"
$wsfedurl="<SAML single sign-on service URL value which you have copied from the Azure portal>"
$filepath="<Full path to SAML signing certificate file which you have downloaded from the Azure
portal>"
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($filepath)
New-SPTrustedRootAuthority -Name "AzureAD" -Certificate $cert
$map = New-SPClaimTypeMapping -IncomingClaimType
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" -IncomingClaimTypeDisplayName "name" -
LocalClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"
$map2 = New-SPClaimTypeMapping -IncomingClaimType
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" -IncomingClaimTypeDisplayName
"GivenName" -SameAsIncoming
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" -IncomingClaimTypeDisplayName "SurName"
-SameAsIncoming
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" -IncomingClaimTypeDisplayName
"Email" -SameAsIncoming
"http://schemas.microsoft.com/ws/2008/06/identity/claims/role" -IncomingClaimTypeDisplayName "Role" -
SameAsIncoming
$ap = New-SPTrustedIdentityTokenIssuer -Name "AzureAD" -Description "SharePoint secured by Azure AD" -
realm $realm -ImportTrustCertificate $cert -ClaimsMappings $map,$map2,$map3,$map4,$map5 -SignInUrl
$wsfedurl -IdentifierClaim "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
Next, follow these steps to enable the trusted identity provider for your application:
a. In Central Administration, navigate to Manage Web Application and select the web application that you
wish to secure with Azure AD.
b. In the ribbon, click Authentication Providers and choose the zone that you wish to use.
c. Select Trusted Identity provider and select the identify provider you just registered named AzureAD.
d. On the sign-in page URL setting, select Custom sign in page and provide the value “/_trust/”.
e. Click OK.
NOTE
Some of the external users will not able to use this single sign-on integration as their UPN will have mangled value
something like MYEMAIL_outlook.com#ext#@TENANT.onmicrosoft.com . Soon we will allow customers app config on
how to handle the UPN depending on the user type. After that all your guest users should be able to use SSO
seamlessly as the organization employees.


d. Click Create.
Create an Azure AD Security Group in the Azure portal
1. Click on Azure Active Directory > All Groups.
2. Click New group:
3. Fill in Group type, Group name, Group description, Membership type. Click on the arrow to select
members, then search for or click on the member you will like to add to the group. Click on Select to add
the selected members, then click on Create.
NOTE
In order to assign Azure Active Directory Security Groups to SharePoint on-premises, it will be necessary to install and
configure AzureCP in the on-premises SharePoint farm OR develop and configure an alternative custom claims
provider for SharePoint. See the more information section at the end of the document for creating your own custom
claims provider, if you don’t use AzureCP.
Grant access to SharePoint on-premises Security Group

Configure Security Groups and Permissions on the App Registration
1. In the Azure portal, select Azure Active Directory, then select App registrations.
2. In the search box, type and select SharePoint on-premises.
3. Click on Manifest.
4. Modify groupMembershipClaims : NULL , To groupMembershipClaims : SecurityGroup . Then, click on Save

5. Click on Settings, then click on Required permissions.
6. Click on Add and then Select an API.
7. Add both Windows Azure Active Directory and Microsoft Graph API, but it’s only possible to select
one at a time.
8. Select Windows Azure Active Directory, check Read directory data and click on Select. Go back and add
Microsoft Graph and select Read directory data for it, as well. Click on Select and click on Done.
9. Now, under Required Settings, click on Grant permissions and then Click Yes to Grant permissions.
NOTE
Check under notifications to determine if the permissions were successfully granted. If they are not, then the AzureCP
will not work properly and it won’t be possible to configure SharePoint on-premises with Azure Active Directory
Security Groups.
10. Configure the AzureCP on the SharePoint on-premises farm or an alternative custom claims provider
solution. In this example, we are using AzureCP.
NOTE
Please note that AzureCP is not a Microsoft product or supported by Microsoft Technical Support. Download, install
and configure AzureCP on the on-premises SharePoint farm per https://yvand.github.io/AzureCP/
11. Grant access to the Azure Active Directory Security Group in the on-premises SharePoint :- The
groups must be granted access to the application in SharePoint on-premises. Use the following steps to set
the permissions to access the web application.
12. In Central Administration, click on Application Management, Manage web applications, then select the web
application to activate the ribbon and click on User Policy.
13. Under Policy for Web Application, click on Add Users, then select the zone, click on Next. Click on the
Address Book.
14. Then, search for and add the Azure Active Directory Security Group and click on OK.
15. Select the Permissions, then click on Finish.

16. See under Policy for Web Application, the Azure Active Directory Group is added. The group claim shows
the Azure Active Directory Security Group Object ID for the User Name.
17. Browse to the SharePoint site collection and add the Group there, as well. Click on Site Settings, then click
Site permissions and Grant Permissions. Search for the Group Role claim, assign the permission level and
click Share.
Configuring one trusted identity provider for multiple web applications
The configuration works for a single web application, but needs additional configuration if you intend to use the
same trusted identity provider for multiple web applications. For example, assume we had extended a web
application to use the URL https://portal.contoso.local and now want to authenticate the users to
https://sales.contoso.local as well. To do this, we need to update the identity provider to honor the WReply
parameter and update the application registration in Azure AD to add a reply URL.
1. In the Azure portal, open the Azure AD directory. Click App registrations, then click View all
applications. Click the application that you created previously (SharePoint SAML Integration).
2. Click Settings.
3. In the settings blade, click Reply URLs.
4. Add the URL for the additional web application with /_trust/default.aspx appended to the URL (such as
https://sales.contoso.local/_trust/default.aspx ) and click Save.
5. On the SharePoint server, open the SharePoint 2016 Management Shell and execute the following
commands, using the name of the trusted identity token issuer that you used previously.
$t = Get-SPTrustedIdentityTokenIssuer "AzureAD"
$t.UseWReplyParameter=$true
$t.Update()
6. In Central Administration, go to the web application and enable the existing trusted identity provider.
Remember to also configure the sign-in page URL as a custom sign in page /_trust/ .
7. In Central Administration, click the web application and choose User Policy. Add a user with the
appropriate permissions as demonstrated previously in this article.
Fixing People Picker
Users can now sign into SharePoint 2016 using identities from Azure AD, but there are still opportunities for
improvement to the user experience. For instance, searching for a user presents multiple search results in the
people picker. There is a search result for each of the 3 claim types that were created in the claim mapping. To
choose a user using the people picker, you must type their user name exactly and choose the name claim result.
There is no validation on the values you search for, which can lead to misspellings or users accidentally choosing
the wrong claim type to assign such as the SurName claim. This can prevent users from successfully accessing
resources.
To assist with this scenario, there is an open-source solution called AzureCP that provides a custom claims provider
for SharePoint 2016. It will use the Azure AD Graph to resolve what users enter and perform validation. Learn
more at AzureCP.
Assign the Azure AD Security Group in the Azure portal
1. In the Azure portal, select Enterprise Applications, select All applications, then select SharePoint on-
premises.
2. In the applications list, type and select SharePoint on-premises.

4. Click the Add user.
5. Search for the Security Group you want to use, then click on the group to add it to the Select members
section. Click Select, then click Assign.
NOTE
Check the notifications in the menu bar to be notified that the Group was successfully assigned to the Enterprise
application in the Azure portal.
Create SharePoint on-premises test user

In this section, you create a user called Britta Simon in SharePoint on-premises. Work with SharePoint on-premises
support team to add the users in the SharePoint on-premises platform. Users must be created and activated before
Test single sign-on
When you click the SharePoint on-premises tile in the Access Panel, you should be automatically signed in to the
SharePoint on-premises for which you set up SSO. For more information about the Access Panel, see Introduction
Shibumi
In this tutorial, you learn how to integrate Shibumi with Azure Active Directory (Azure AD ). Integrating Shibumi
You can control in Azure AD who has access to Shibumi.
You can enable your users to be automatically signed-in to Shibumi (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Shibumi, you need the following items:
Shibumi single sign-on enabled subscription
Shibumi supports SP and IDP initiated SSO
Shibumi supports Just-In-Time user provisioning
Adding Shibumi from the gallery

To configure the integration of Shibumi into Azure AD, you need to add Shibumi from the gallery to your list of
managed SaaS apps.
To add Shibumi from the gallery, perform the following steps:
4. In the search box, type Shibumi, select Shibumi from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Shibumi based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Shibumi
To configure and test Azure AD single sign-on with Shibumi, you need to complete the following building blocks:
2. Configure Shibumi Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Shibumi test user - to have a counterpart of Britta Simon in Shibumi that is linked to the Azure AD
To configure Azure AD single sign-on with Shibumi, perform the following steps:
1. In the Azure portal, on the Shibumi application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type a URL using the following pattern: https://<SUBDOMAIN>.shibumi.com
https://<SUBDOMAIN>.shibumi.com/saml/SSO
initiated mode:
https://<SUBDOMAIN>.shibumi.com/saml/SSO
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact Shibumi
7. On the Set up Shibumi section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Shibumi Single Sign-On
To configure single sign-on on Shibumi side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to Shibumi support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Shibumi.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Shibumi.
2. In the applications list, select Shibumi.

Create Shibumi test user
In this section, a user called Britta Simon is created in Shibumi. Shibumi supports just-in-time user provisioning,
which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Shibumi,
Test single sign-on
When you click the Shibumi tile in the Access Panel, you should be automatically signed in to the Shibumi for
integration with ShipHazmat
In this tutorial, you'll learn how to integrate ShipHazmat with Azure Active Directory (Azure AD ). When you
integrate ShipHazmat with Azure AD, you can:
Control in Azure AD who has access to ShipHazmat.
Enable your users to be automatically signed-in to ShipHazmat with their Azure AD accounts.
Prerequisites
ShipHazmat single sign-on (SSO ) enabled subscription.
ShipHazmat supports IDP initiated SSO
ShipHazmat supports Just In Time user provisioning
Adding ShipHazmat from the gallery

To configure the integration of ShipHazmat into Azure AD, you need to add ShipHazmat from the gallery to your
5. In the Add from the gallery section, type ShipHazmat in the search box.
6. Select ShipHazmat from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for ShipHazmat

Configure and test Azure AD SSO with ShipHazmat using a test user called B.Simon. For SSO to work, you need
to establish a link relationship between an Azure AD user and the related user in ShipHazmat.
To configure and test Azure AD SSO with ShipHazmat, complete the following building blocks:
2. Configure ShipHazmat SSO - to configure the single sign-on settings on application side.
Create ShipHazmat test user - to have a counterpart of B.Simon in ShipHazmat that is linked to the

1. In the Azure portal, on the ShipHazmat application integration page, find the Manage section and select
single sign-on.
edit the settings.
a. In the Identifier text box, type a URL using the following pattern: ShipHazmat<CustomOrganization>Sso
https://www.shiphazmat.net/<CustomOrganization>/sso/saml/v1/ConsumerService.aspx
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact ShipHazmat Client

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to ShipHazmat.
2. In the applications list, select ShipHazmat.
Configure ShipHazmat SSO

To configure single sign-on on ShipHazmat side, you need to send the App Federation Metadata Url to
ShipHazmat support team. They set this setting to have the SAML SSO connection set properly on both sides.
Create ShipHazmat test user
In this section, a user called B.Simon is created in ShipHazmat. ShipHazmat supports just-in-time user
exist in ShipHazmat, a new one is created after authentication.
Test SSO
When you click the ShipHazmat tile in the Access Panel, you should be automatically signed in to the ShipHazmat
Try ShipHazmat with Azure AD
Tutorial: Integrate Shmoop For Schools with Azure
Active Directory
In this tutorial, you'll learn how to integrate Shmoop For Schools with Azure Active Directory (Azure AD ). When
you integrate Shmoop For Schools with Azure AD, you can:
Control in Azure AD who has access to Shmoop For Schools.
Enable your users to be automatically signed-in to Shmoop For Schools with their Azure AD accounts.
Prerequisites
Shmoop For Schools single sign-on (SSO ) enabled subscription.
Shmoop For Schools supports SP initiated SSO
Shmoop For Schools supports Just In Time user provisioning
Adding Shmoop For Schools from the gallery

To configure the integration of Shmoop For Schools into Azure AD, you need to add Shmoop For Schools from
5. In the Add from the gallery section, type Shmoop For Schools in the search box.
6. Select Shmoop For Schools from results panel and then add the app. Wait a few seconds while the app is
Configure and test Azure AD single sign-on for Shmoop For Schools
Configure and test Azure AD SSO with Shmoop For Schools using a test user called B.Simon. For SSO to work,
you need to establish a link relationship between an Azure AD user and the related user in Shmoop For Schools.
To configure and test Azure AD SSO with Shmoop For Schools, complete the following building blocks:
2. Configure Shmoop For Schools SSO - to configure the Single Sign-On settings on application side.
Create Shmoop For Schools test user - to have a counterpart of B.Simon in Shmoop For Schools that

1. In the Azure portal, on the Shmoop For Schools application integration page, find the Manage section

https://schools.shmoop.com/public-api/saml2/start/<uniqueid>
https://schools.shmoop.com/<uniqueid>
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Shmoop For
Schools Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
5. Shmoop For Schools application expects the SAML assertions in a specific format, which requires you to
NOTE
Shmoop for School supports two roles for users: Teacher and Student. Set up these roles in Azure AD so that users
can be assigned the appropriate roles. To understand how to configure roles in Azure AD, see here.
6. In addition to above, Shmoop For Schools application expects few more attributes to be passed back in
role user.assignedroles

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Shmoop For Schools.
2. In the applications list, select Shmoop For Schools.
Configure Shmoop For Schools SSO

To configure single sign-on on Shmoop For Schools side, you need to send the App Federation Metadata Url
to Shmoop For Schools support team. They set this setting to have the SAML SSO connection set properly on
both sides.
Create Shmoop For Schools test user
In this section, a user called B.Simon is created in Shmoop For Schools. Shmoop For Schools supports just-in-time
already exist in Shmoop For Schools, a new one is created after authentication.
NOTE
If you need to create a user manually, contact the Shmoop For Schools support team.
Test SSO
When you click the Shmoop For Schools tile in the Access Panel, you should be automatically signed in to the
Shmoop For Schools for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
Try Shmoop For Schools with Azure AD
Showpad
In this tutorial, you learn how to integrate Showpad with Azure Active Directory (Azure AD ). Integrating Showpad
You can control in Azure AD who has access to Showpad.
You can enable your users to be automatically signed-in to Showpad (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Showpad, you need the following items:
Showpad single sign-on enabled subscription
Showpad supports SP initiated SSO
Showpad supports Just In Time user provisioning
Adding Showpad from the gallery

To configure the integration of Showpad into Azure AD, you need to add Showpad from the gallery to your list of
managed SaaS apps.
To add Showpad from the gallery, perform the following steps:
4. In the search box, type Showpad, select Showpad from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Showpad based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Showpad
To configure and test Azure AD single sign-on with Showpad, you need to complete the following building blocks:
2. Configure Showpad Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Showpad test user - to have a counterpart of Britta Simon in Showpad that is linked to the Azure AD
To configure Azure AD single sign-on with Showpad, perform the following steps:
1. In the Azure portal, on the Showpad application integration page, select Single sign-on.
dialog.

https://<comapany-name>.showpad.biz/login
https://<company-name>.showpad.biz
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Showpad Client
6. On the Set up Showpad section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Showpad Single Sign-On
1. Sign in to your Showpad tenant as an administrator.
2. In the menu on the top, click the Settings.
3. Navigate to Single Sign-On and click Enable.
4. On the Add a SAML 2.0 Service dialog, perform the following steps:
a. In the Name textbox, type the name of Identifier Provider (for example: your company name).
b. As Metadata Source, select XML.
c. Copy the content of metadata XML file, which you have downloaded from the Azure portal, and then
paste it into the Metadata XML textbox.
d. Select Auto-provision accounts for new users when they log in.
e. Click Submit.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Showpad.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Showpad.
2. In the applications list, select Showpad.

Create Showpad test user
In this section, a user called Britta Simon is created in Showpad. Showpad supports just-in-time user provisioning,
Showpad, a new one is created after authentication.
Test single sign-on
When you click the Showpad tile in the Access Panel, you should be automatically signed in to the Showpad for
Shuccho Navi
In this tutorial, you learn how to integrate Shuccho Navi with Azure Active Directory (Azure AD ). Integrating
Shuccho Navi with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Shuccho Navi.
You can enable your users to be automatically signed-in to Shuccho Navi (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Shuccho Navi, you need the following items:
Shuccho Navi single sign-on enabled subscription
Shuccho Navi supports SP initiated SSO
Adding Shuccho Navi from the gallery

To configure the integration of Shuccho Navi into Azure AD, you need to add Shuccho Navi from the gallery to
To add Shuccho Navi from the gallery, perform the following steps:
4. In the search box, type Shuccho Navi, select Shuccho Navi from result panel then click Add button to add
the application.

In this section, you configure and test Azure AD single sign-on with Shuccho Navi based on a test user called
Shuccho Navi needs to be established.
To configure and test Azure AD single sign-on with Shuccho Navi, you need to complete the following building
blocks:
2. Configure Shuccho Navi Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Shuccho Navi test user - to have a counterpart of Britta Simon in Shuccho Navi that is linked to the
To configure Azure AD single sign-on with Shuccho Navi, perform the following steps:
1. In the Azure portal, on the Shuccho Navi application integration page, select Single sign-on.
dialog.

https://naviauth.nta.co.jp/saml/login?ENTP_CD=<Your company code>
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact Shuccho Navi Client support team to
6. On the Set up Shuccho Navi section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Shuccho Navi Single Sign-On
To configure single sign-on on Shuccho Navi side, you need to send the downloaded Metadata XML and
appropriate copied URLs from Azure portal to Shuccho Navi support team. They set this setting to have the SAML

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Shuccho Navi.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Shuccho Navi.
2. In the applications list, select Shuccho Navi.
Create Shuccho Navi test user
In this section, you create a user called Britta Simon in Shuccho Navi. Work with Shuccho Navi support team to
add the users in the Shuccho Navi platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Shuccho Navi tile in the Access Panel, you should be automatically signed in to the Shuccho
Navi for which you set up SSO. For more information about the Access Panel, see Introduction to the Access Panel.
Signagelive
In this tutorial, you learn how to integrate Signagelive with Azure Active Directory (Azure AD ). Integrating
Signagelive with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Signagelive.
You can enable your users to be automatically signed in to Signagelive (single sign-on) with their Azure AD
accounts.
For more information about SaaS app integration with Azure AD, see What is application access and single sign-
Prerequisites
To configure Azure AD integration with Signagelive, you need the following items:
An Azure AD subscription. If you don't have an Azure AD environment, you can get a one-month trial.
A Signagelive single-sign-on-enabled subscription.
Signagelive supports SP -initiated SSO.
Add Signagelive from the gallery

To configure the integration of Signagelive into Azure AD, first add Signagelive from the gallery to your list of
managed SaaS apps.
To add Signagelive from the gallery, take the following steps:
1. In the Azure portal, in the left pane, select the Azure Active Directory icon.
2. Go to Enterprise Applications, and then select the All Applications option.

3. To add a new application, select the New application button at the top of the dialog box.
4. In the search box, enter Signagelive.
5. Select Signagelive from the results pane, and then select the Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Signagelive based on a test user called Britta
Simon. For single sign-on to work, you must establish a link between an Azure AD user and the related user in
Signagelive.
To configure and test Azure AD single sign-on with Signagelive, first complete the following building blocks:
2. Configure Signagelive single sign-on to configure the single sign-on settings on the application side.
5. Create a Signagelive test user to have a counterpart of Britta Simon in Signagelive that is linked to the Azure
AD representation of the user.
To configure Azure AD single sign-on with Signagelive, take the following steps:
1. In the Azure portal, on the Signagelive application integration page, select Single sign-on.
2. In the Select a single sign-on method dialog box, select SAML to enable single sign-on.
3. On the Set up single sign-on with SAML page, select Edit to open the Basic SAML Configuration
dialog box.
4. In the Basic SAML Configuration section, take the following steps:

In the Sign-on URL box, enter a URL that uses the following pattern:
https://login.signagelive.com/sso/<ORGANIZATIONALUNITNAME>
NOTE
The value is not real. Update the value with the actual sign-on URL. To get the value, contact the Signagelive Client
support team . You can also refer to the patterns that are shown in the Basic SAML Configuration section in the
Azure portal.
Download to download the Certificate (Raw) from the given options per your requirement. Then save it
on your computer.
6. In the Set up Signagelive section, copy the URL (s) that you need.
a. Login URL
c. Logout URL
Configure Signagelive Single sign-on
To configure single sign-on on the Signagelive side, send the downloaded Certificate (Raw) and copied URLs
from the Azure portal to the Signagelive support team. They ensure that the SAML SSO connection is set properly
on both sides.

b. In the User name field, enter "brittasimon@yourcompanydomain.extension". For example, in this case,
you might enter "BrittaSimon@contoso.com".
c. Select the Show password check box, and then note the value that's displayed in the Password box.
d. Select Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Signagelive.
1. In the Azure portal, select Enterprise Applications, select All applications, and then select Signagelive.
2. In the applications list, select Signagelive.
4. Select the Add user button. Then, in the Add Assignment dialog box, select Users and groups.
5. In the Users and groups dialog box, in the Users list, select Britta Simon. Then click the Select button at
6. If you are expecting a role value in the SAML assertion, then, in the Select Role dialog box, select the
appropriate role for the user from the list. Next, click the Select button at the bottom of the screen.
Create a Signagelive test user
In this section, you create a user called Britta Simon in Signagelive. Work with the Signagelive support team to add
the users in the Signagelive platform. You must create and activate users before you use single sign-on.
Test single sign-on
In this section, you test your Azure AD single sign-on configuration by using the MyApps portal.
When you select the Signagelive tile in the MyApps portal, you should be automatically signed in. For more
information about the MyApps portal, see What is the MyApps portal?.
List of tutorials on how to integrate SaaS Apps with Azure Active Directory
SignalFx
In this tutorial, you learn how to integrate SignalFx with Azure Active Directory (Azure AD ). Integrating SignalFx
You can control in Azure AD who has access to SignalFx.
You can enable your users to be automatically signed-in to SignalFx (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with SignalFx, you need the following items:
SignalFx single sign-on enabled subscription
SignalFx supports IDP initiated SSO
SignalFx supports Just In Time user provisioning
Adding SignalFx from the gallery

To configure the integration of SignalFx into Azure AD, you need to add SignalFx from the gallery to your list of
managed SaaS apps.
To add SignalFx from the gallery, perform the following steps:
4. In the search box, type SignalFx, select SignalFx from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with SignalFx based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in SignalFx
To configure and test Azure AD single sign-on with SignalFx, you need to complete the following building blocks:
2. Configure SignalFx Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create SignalFx test user - to have a counterpart of Britta Simon in SignalFx that is linked to the Azure AD
To configure Azure AD single sign-on with SignalFx, perform the following steps:
1. In the Azure portal, on the SignalFx application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type a URL: https://api.signalfx.com/v1/saml/metadata
https://api.signalfx.com/v1/saml/acs/<integration ID>
NOTE
The preceding value is not real value. You update the value with the actual Reply URL, which is explained later in the
tutorial.
5. SignalFx application expects the SAML assertions in a specific format. Configure the following claims for
User.FirstName user.givenname
User.email user.mail
PersonImmutableID user.userprincipalname
User.LastName user.surname
f. Click Ok
g. Click Save.
8. On the Set up SignalFx section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure SignalFx Single Sign-On
1. Sign in to your SignalFx company site as administrator.
2. In SignalFx, on the top click Integrations to open the Integrations page.
3. Click on Azure Active Directory tile under Login Services section.
4. Click on NEW INTEGRATION and under the INSTALL tab perform the following steps:
a. In the Name textbox type, a new integration name, like OurOrgName SAML SSO.
b. Copy the Integration ID value and append to the Reply URL in the place of <integration ID> in the
Reply URL textbox of Basic SAML Configuration section in Azure portal.
c. Click on Upload File to upload the Base64 encoded certificate downloaded from Azure portal in the
d. In the Issuer URL textbox, paste the value of Azure AD Identifier, which you have copied from the
Azure portal.
e. In the Metadata URL textbox, paste the Login URL which you have copied from the Azure portal.
f. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to SignalFx.
1. In the Azure portal, select Enterprise Applications, select All applications, then select SignalFx.
2. In the applications list, select SignalFx.
Create SignalFx test user
The objective of this section is to create a user called Britta Simon in SignalFx. SignalFx supports just-in-time
provisioning, which is by default enabled. There is no action item for you in this section. A new user is created
during an attempt to access SignalFx if it doesn't exist yet.
When a user signs in to SignalFx from the SAML SSO for the first time, SignalFx support team sends them an
email containing a link that they must click through to authenticate. This will only happen the first time the user
signs in; subsequent login attempts will not require email validation.
NOTE
If you need to create a user manually, contact SignalFx support team
Test single sign-on

When you click the SignalFx tile in the Access Panel, you should be automatically signed in to the SignalFx for
integration with Sigstr
In this tutorial, you'll learn how to integrate Sigstr with Azure Active Directory (Azure AD ). When you integrate
Sigstr with Azure AD, you can:
Control in Azure AD who has access to Sigstr.
Enable your users to be automatically signed-in to Sigstr with their Azure AD accounts.
Prerequisites
Sigstr single sign-on (SSO ) enabled subscription.
Sigstr supports IDP initiated SSO
Sigstr supports Just In Time user provisioning
Adding Sigstr from the gallery

To configure the integration of Sigstr into Azure AD, you need to add Sigstr from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type Sigstr in the search box.
6. Select Sigstr from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
Configure and test Azure AD single sign-on for Sigstr

Configure and test Azure AD SSO with Sigstr using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Sigstr.
To configure and test Azure AD SSO with Sigstr, complete the following building blocks:
2. Configure Sigstr SSO - to configure the single sign-on settings on application side.
a. Create Sigstr test user - to have a counterpart of B.Simon in Sigstr that is linked to the Azure AD

1. In the Azure portal, on the Sigstr application integration page, find the Manage section and select single
sign-on.
edit the settings.
5. Sigstr application expects the SAML assertions in a specific format, which requires you to add custom
6. In addition to above, Sigstr application expects few more attributes to be passed back in SAML response. In
email user.mail
f. Click Ok
g. Click Save.
8. On the Set up Sigstr section, copy the appropriate URL (s) based on your requirement.
Configure Sigstr SSO

To configure single sign-on on Sigstr side, you need to send the downloaded Certificate (Raw) and appropriate
copied URLs from Azure portal to Sigstr support team. They set this setting to have the SAML SSO connection set
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Sigstr.
2. In the applications list, select Sigstr.
Create Sigstr test user
In this section, a user called Britta Simon is created in Sigstr. Sigstr supports just-in-time user provisioning, which
is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Sigstr, a new
Test SSO
When you click the Sigstr tile in the Access Panel, you should be automatically signed in to the Sigstr for which you
SilkRoad Life Suite
In this tutorial, you learn how to integrate SilkRoad Life Suite with Azure Active Directory (Azure AD ). Integrating
SilkRoad Life Suite with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to SilkRoad Life Suite.
You can enable your users to be automatically signed-in to SilkRoad Life Suite (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with SilkRoad Life Suite, you need the following items:
SilkRoad Life Suite single sign-on enabled subscription
SilkRoad Life Suite supports SP initiated SSO
Adding SilkRoad Life Suite from the gallery

To configure the integration of SilkRoad Life Suite into Azure AD, you need to add SilkRoad Life Suite from the
To add SilkRoad Life Suite from the gallery, perform the following steps:
4. In the search box, type SilkRoad Life Suite, select SilkRoad Life Suite from result panel then click Add

In this section, you configure and test Azure AD single sign-on with SilkRoad Life Suite based on a test user called
SilkRoad Life Suite needs to be established.
To configure and test Azure AD single sign-on with SilkRoad Life Suite, you need to complete the following
building blocks:
2. Configure SilkRoad Life Suite Single Sign-On - to configure the Single Sign-On settings on application
side.
5. Create SilkRoad Life Suite test user - to have a counterpart of Britta Simon in SilkRoad Life Suite that is
To configure Azure AD single sign-on with SilkRoad Life Suite, perform the following steps:
1. In the Azure portal, on the SilkRoad Life Suite application integration page, select Single sign-on.
dialog.
following steps:
NOTE
You will get the Service Provider metadata file explained later in this tutorial.

in Basic SAML Configuration section:
NOTE
If the Identifier and Reply URL values are not getting auto polulated, then fill in the values manually according to
your requirement.
https://<subdomain>.silkroad-eng.com/Authentication/
5. On the Basic SAML Configuration section, if you do not have Service Provider metadata file, perform
the following steps:
https://<subdomain>.silkroad-eng.com/Authentication/SP
https://<subdomain>.silkroad.com/Authentication/SP
https://<subdomain>.silkroad.com/Authentication/
NOTE
SilkRoad Life Suite Client support team to get these values. You can also refer to the patterns shown in the Basic
7. On the Set up SilkRoad Life Suite section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure SilkRoad Life Suite Single Sign-On
1. Sign in to your SilkRoad company site as administrator.
NOTE
To obtain access to the SilkRoad Life Suite Authentication application for configuring federation with Microsoft Azure
AD, please contact SilkRoad Support or your SilkRoad Services representative.
2. Go to Service Provider, and then click Federation Details.
3. Click Download Federation Metadata, and then save the metadata file on your computer. Use
Downloaded Federation Metadata as a Service Provider metadata file in the Basic SAML
4. In your SilkRoad application, click Authentication Sources.

5. Click Add Authentication Source.
6. In the Add Authentication Source section, perform the following steps:
a. Under Option 2 - Metadata File, click Browse to upload the downloaded metadata file from Azure
portal.
b. Click Create Identity Provider using File Data.
7. In the Authentication Sources section, click Edit.
8. On the Edit Authentication Source dialog, perform the following steps:

a. As Enabled, select Yes.
b. In the EntityId textbox, paste the value of Azure AD Identifier which you have copied from Azure
portal.
c. In the IdP Description textbox, type a description for your configuration (for example: Azure AD SSO ).
d. In the Metadata File textbox, Upload the metadata file which you have downloaded from Azure portal.
e. In the IdP Name textbox, type a name that is specific to your configuration (for example: Azure SP ).
f. In the Logout Service URL textbox, paste the value of Logout URL which you have copied from Azure
portal.
g. In the Sign-on service URL textbox, paste the value of Login URL which you have copied from Azure
portal.
h. Click Save.
9. Disable all other authentication sources.


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to SilkRoad Life Suite.
1. In the Azure portal, select Enterprise Applications, select All applications, then select SilkRoad Life
Suite.
2. In the applications list, select SilkRoad Life Suite.
Create SilkRoad Life Suite test user
In this section, you create a user called Britta Simon in SilkRoad Life Suite. Work with SilkRoad Life Suite Client
support team to add the users in the SilkRoad Life Suite platform. Users must be created and activated before you
use single sign-on.
Test single sign-on
When you click the SilkRoad Life Suite tile in the Access Panel, you should be automatically signed in to the
SilkRoad Life Suite for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
Silverback
In this tutorial, you learn how to integrate Silverback with Azure Active Directory (Azure AD ). Integrating
Silverback with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Silverback.
You can enable your users to be automatically signed-in to Silverback (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Silverback, you need the following items:
Silverback single sign-on enabled subscription
Silverback supports SP initiated SSO
Adding Silverback from the gallery

To configure the integration of Silverback into Azure AD, you need to add Silverback from the gallery to your list of
managed SaaS apps.
To add Silverback from the gallery, perform the following steps:
4. In the search box, type Silverback, select Silverback from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Silverback based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Silverback
To configure and test Azure AD single sign-on with Silverback, you need to complete the following building blocks:
2. Configure Silverback Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Silverback test user - to have a counterpart of Britta Simon in Silverback that is linked to the Azure
To configure Azure AD single sign-on with Silverback, perform the following steps:
1. In the Azure portal, on the Silverback application integration page, select Single sign-on.
dialog.

https://<YOURSILVERBACKURL>.com/ssp
b. In the Identifier box, type a URL using the following pattern: <YOURSILVERBACKURL>.com
https://<YOURSILVERBACKURL>.com/sts/authorize/login
NOTE
Silverback Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
Configure Silverback Single Sign-On

1. In a different web browser, login to your Silverback Server as an Administrator.
2. Navigate to Admin > Authentication Provider.
3. On the Authentication Provider Settings page, perform the following steps:
a. Click on Import from URL.
b. Paste the copied Metadata URL and click OK.
c. Confirm with OK then the values will be populated automatically.
d. Enable Show on Login Page.
e. Enable Dynamic User Creation if you want to add by Azure AD authorized users automatically
(optional).
f. Create a Title for the button on the Self Service Portal.
g. Upload an Icon by clicking on Choose File.
h. Select the background color for the button.
i. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Silverback.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Silverback.
2. In the applications list, select Silverback.
Create Silverback test user
To enable Azure AD users to log in to Silverback, they must be provisioned into Silverback. In Silverback,
1. Login to your Silverback Server as an Administrator.
2. Navigate to Users and add a new device user.
3. On the Basic page, perform the following steps:
a. In Username text box, enter the name of user like Britta.

c. In Last Name text box, enter the last name of user like Simon.
d. In E -mail Address text box, enter the email of user like **Brittasimon@contoso.com**.
e. In the Password text box, enter your password.
f. In the Confirm Password text box, Re-enter your password and confirm.
g. Click Save.
NOTE
If you don’t want to create each user manually Enable the Dynamic User Creation Checkbox under Admin >
Authentication Provider.
Test single sign-on

When you click the Silverback tile in the Access Panel, you should be automatically signed in to the Silverback for
SimpleNexus
In this tutorial, you learn how to integrate SimpleNexus with Azure Active Directory (Azure AD ). Integrating
SimpleNexus with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to SimpleNexus.
You can enable your users to be automatically signed-in to SimpleNexus (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with SimpleNexus, you need the following items:
SimpleNexus single sign-on enabled subscription
SimpleNexus supports SP initiated SSO
Adding SimpleNexus from the gallery

To configure the integration of SimpleNexus into Azure AD, you need to add SimpleNexus from the gallery to your
To add SimpleNexus from the gallery, perform the following steps:
4. In the search box, type SimpleNexus, select SimpleNexus from result panel then click Add button to add
the application.

In this section, you configure and test Azure AD single sign-on with SimpleNexus based on a test user called Britta
SimpleNexus needs to be established.
To configure and test Azure AD single sign-on with SimpleNexus, you need to complete the following building
blocks:
2. Configure SimpleNexus Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create SimpleNexus test user - to have a counterpart of Britta Simon in SimpleNexus that is linked to the
To configure Azure AD single sign-on with SimpleNexus, perform the following steps:
1. In the Azure portal, on the SimpleNexus application integration page, select Single sign-on.
dialog.

https://simplenexus.com/<companyname>_login
https://simplenexus.com/<companyname>
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact SimpleNexus Client
6. On the Set up SimpleNexus section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure SimpleNexus Single Sign-On
To configure single sign-on on SimpleNexus side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to SimpleNexus support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to SimpleNexus.
1. In the Azure portal, select Enterprise Applications, select All applications, then select SimpleNexus.
2. In the applications list, select SimpleNexus.
Create SimpleNexus test user
In order to enable Azure AD users to log in to SimpleNexus, they must be provisioned into SimpleNexus. In the
case of SimpleNexus, provisioning is a manual task performed by the tenant administrator.
NOTE
You can use any other SimpleNexus user account creation tools or APIs provided by SimpleNexus to provision Azure AD user
accounts.
Test single sign-on

When you click the SimpleNexus tile in the Access Panel, you should be automatically signed in to the
SimpleNexus for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Simple Sign
In this tutorial, you learn how to integrate Simple Sign with Azure Active Directory (Azure AD ). Integrating Simple
Sign with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Simple Sign.
You can enable your users to be automatically signed-in to Simple Sign (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Simple Sign, you need the following items:
Simple Sign single sign-on enabled subscription
Simple Sign supports IDP initiated SSO
Adding Simple Sign from the gallery

To configure the integration of Simple Sign into Azure AD, you need to add Simple Sign from the gallery to your
To add Simple Sign from the gallery, perform the following steps:
4. In the search box, type Simple Sign, select Simple Sign from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Simple Sign based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Simple
Sign needs to be established.
To configure and test Azure AD single sign-on with Simple Sign, you need to complete the following building
blocks:
2. Configure Simple Sign Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Simple Sign test user - to have a counterpart of Britta Simon in Simple Sign that is linked to the Azure
To configure Azure AD single sign-on with Simple Sign, perform the following steps:
1. In the Azure portal, on the Simple Sign application integration page, select Single sign-on.
dialog.
https://<SUBDOMAIN>.simplesign.io/saml/simplesamlphp/www/module.php/saml/sp/metadata.php/cloudfish-sp
https://<SUBDOMAIN>.simplesign.io/saml/simplesamlphp/www/module.php/saml/sp/saml2-acs.php/cloudfish-sp
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact Simple Sign Client
6. On the Set up Simple Sign section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Simple Sign Single Sign-On
To configure single sign-on on Simple Sign side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to Simple Sign support team. They set this setting to have the SAML

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Simple Sign.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Simple Sign.
2. In the applications list, select Simple Sign.
Create Simple Sign test user
In this section, you create a user called Britta Simon in Simple Sign. Work with Simple Sign support team to add
the users in the Simple Sign platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Simple Sign tile in the Access Panel, you should be automatically signed in to the Simple Sign
Skilljar
In this tutorial, you learn how to integrate Skilljar with Azure Active Directory (Azure AD ). Integrating Skilljar with
You can control in Azure AD who has access to Skilljar.
You can enable your users to be automatically signed-in to Skilljar (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Skilljar, you need the following items:
Skilljar single sign-on enabled subscription
Skilljar supports SP initiated SSO
Skilljar supports Just In Time user provisioning
Adding Skilljar from the gallery

To configure the integration of Skilljar into Azure AD, you need to add Skilljar from the gallery to your list of
managed SaaS apps.
To add Skilljar from the gallery, perform the following steps:
4. In the search box, type Skilljar, select Skilljar from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Skilljar based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Skilljar
To configure and test Azure AD single sign-on with Skilljar, you need to complete the following building blocks:
2. Configure Skilljar Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Skilljar test user - to have a counterpart of Britta Simon in Skilljar that is linked to the Azure AD
To configure Azure AD single sign-on with Skilljar, perform the following steps:
1. In the Azure portal, on the Skilljar application integration page, select Single sign-on.
dialog.

https://<companyname>.skilljar.com/
https://<companyname>.skilljar.com/
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Skilljar Client
6. On the Set up Skilljar section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Skilljar Single Sign-On
To configure single sign-on on Skilljar side, you need to send the downloaded Federation Metadata XML, and
Name Identifier Format Value - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress to Skilljar

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Skilljar.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Skilljar.
2. In the applications list, select Skilljar.
Create Skilljar test user
In this section, a user called Britta Simon is created in Skilljar. Skilljar supports just-in-time user provisioning,
which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Skilljar, a
NOTE
If you need to create a user manually, you need to contact the Skilljar support team.
Test single sign-on

When you click the Skilljar tile in the Access Panel, you should be automatically signed in to the Skilljar for which
Skillport
In this tutorial, you learn how to integrate Skillport with Azure Active Directory (Azure AD ). Integrating Skillport
You can control in Azure AD who has access to Skillport.
You can enable your users to be automatically signed-in to Skillport (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Skillport, you need the following items:
Skillport single sign-on enabled subscription
Skillport supports SP initiated SSO
Adding Skillport from the gallery

To configure the integration of Skillport into Azure AD, you need to add Skillport from the gallery to your list of
managed SaaS apps.
To add Skillport from the gallery, perform the following steps:
4. In the search box, type Skillport, select Skillport from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Skillport based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Skillport
To configure and test Azure AD single sign-on with Skillport, you need to complete the following building blocks:
2. Configure Skillport Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Skillport test user - to have a counterpart of Britta Simon in Skillport that is linked to the Azure AD
To configure Azure AD single sign-on with Skillport, perform the following steps:
1. In the Azure portal, on the Skillport application integration page, select Single sign-on.
dialog.

a. In the Sign-on URL text box, type the URL:
EU Datacenter: https://adfs.skillport.eu
US Datacenter: https://sso.skillport.com
b. In the Identifier box, type the URL:

EU Datacenter: http://adfs.skillport.eu/adfs/services/trust
US Datacenter: https://sso.skillport.com
c. In the Reply URL text box, type the URL:

EU Datacenter: https://adfs.skillport.eu/adfs/ls/
US Datacenter: https://sso.skillport.com/sp/ACS.saml2
6. On the Set up Skillport section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Skillport Single Sign-On
To configure single sign-on on Skillport side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to Skillport support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Skillport.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Skillport.
2. In the applications list, select Skillport.

Create Skillport test user
In order to create Skillport test user, you need to contact Skillport support team as they have multiple business
scenarios according to the requirement of end user. They will configure it after discussion with the users.
Test single sign-on
When you click the Skillport tile in the Access Panel, you should be automatically signed in to the Skillport for
Tutorial: Azure Active Directory integration with Skills
Base
In this tutorial, you learn how to integrate Skills Base with Azure Active Directory (Azure AD ). Integrating Skills
Base with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Skills Base.
You can enable your users to be automatically signed-in to Skills Base (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Skills Base, you need the following items:
Skills Base single sign-on enabled subscription
Skills Base supports SP initiated SSO
Skills Base supports Just In Time user provisioning
Adding Skills Base from the gallery

To configure the integration of Skills Base into Azure AD, you need to add Skills Base from the gallery to your list
To add Skills Base from the gallery, perform the following steps:
4. In the search box, type Skills Base, select Skills Base from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Skills Base based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Skills
Base needs to be established.
To configure and test Azure AD single sign-on with Skills Base, you need to complete the following building blocks:
2. Configure Skills Base Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Skills Base test user - to have a counterpart of Britta Simon in Skills Base that is linked to the Azure
To configure Azure AD single sign-on with Skills Base, perform the following steps:
1. In the Azure portal, on the Skills Base application integration page, select Single sign-on.
dialog.

https://app.skills-base.com/o/<customer-unique-key>
NOTE
You can get the Sign-On URL from Skills Base application. Please login as an Administrator and to go to Admin->
Settings-> Instance details -> Shortcut link. Copy the Sign-On URL and paste it in above textbox.
6. On the Set up Skills Base section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Skills Base Single Sign-On
1. In a different web browser window, login to Skills Base as a Security Administrator.
2. From the left side of menu, under ADMIN click Authentication.
3. On the Authentication Page, select Single Sign-On as SAML 2.
4. On the Authentication Page, Perform the following steps:
a. Click on Update IdP metadata button next to Status option and paste the contents of Metadata XML
that you downloaded from the Azure portal in the specified textbox.
NOTE
You can also validate idp metadata through the Metadata validator tool as highlighted in screenshot above.
b. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Skills Base.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Skills Base.
2. In the applications list, select Skills Base.
Create Skills Base test user
In this section, a user called Britta Simon is created in Skills Base. Skills Base supports just-in-time user
exist in Skills Base, a new one is created after authentication.
NOTE
If you need to create a user manually, follow the instructions here.
Test single sign-on

When you click the Skills Base tile in the Access Panel, you should be automatically signed in to the Skills Base for
Tutorial: Azure Active Directory integration with Skills
Manager
In this tutorial, you learn how to integrate Skills Manager with Azure Active Directory (Azure AD ). Integrating Skills
You can control in Azure AD who has access to Skills Manager.
You can enable your users to be automatically signed-in to Skills Manager (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Skills Manager, you need the following items:
Skills Manager single sign-on enabled subscription
Skills Manager supports IDP initiated SSO
Adding Skills Manager from the gallery

To configure the integration of Skills Manager into Azure AD, you need to add Skills Manager from the gallery to
To add Skills Manager from the gallery, perform the following steps:
4. In the search box, type Skills Manager, select Skills Manager from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with Skills Manager based on a test user called
Skills Manager needs to be established.
To configure and test Azure AD single sign-on with Skills Manager, you need to complete the following building
blocks:
2. Configure Skills Manager Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Skills Manager test user - to have a counterpart of Britta Simon in Skills Manager that is linked to the
To configure Azure AD single sign-on with Skills Manager, perform the following steps:
1. In the Azure portal, on the Skills Manager application integration page, select Single sign-on.
dialog.
https://<SUBDOMAIN>.skills-manager.com/kennametal
https://<SUBDOMAIN>.skills-manager.com/public/SamlLogin2.aspx
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact Skills Manager Client
6. On the Set up Skills Manager section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Skills Manager Single Sign-On
To configure single sign-on on Skills Manager side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to Skills Manager support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Skills Manager.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Skills Manager.
2. In the applications list, select Skills Manager.
Create Skills Manager test user
In this section, you create a user called Britta Simon in Skills Manager. Work with Skills Manager support team to
add the users in the Skills Manager platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Skills Manager tile in the Access Panel, you should be automatically signed in to the Skills
Manager for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
SkyDesk Email
In this tutorial, you learn how to integrate SkyDesk Email with Azure Active Directory (Azure AD ). Integrating
SkyDesk Email with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to SkyDesk Email.
You can enable your users to be automatically signed-in to SkyDesk Email (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with SkyDesk Email, you need the following items:
SkyDesk Email single sign-on enabled subscription
SkyDesk Email supports SP initiated SSO
Adding SkyDesk Email from the gallery

To configure the integration of SkyDesk Email into Azure AD, you need to add SkyDesk Email from the gallery to
To add SkyDesk Email from the gallery, perform the following steps:
4. In the search box, type SkyDesk Email, select SkyDesk Email from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with SkyDesk Email based on a test user called
SkyDesk Email needs to be established.
To configure and test Azure AD single sign-on with SkyDesk Email, you need to complete the following building
blocks:
2. Configure SkyDesk Email Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create SkyDesk Email test user - to have a counterpart of Britta Simon in SkyDesk Email that is linked to the
To configure Azure AD single sign-on with SkyDesk Email, perform the following steps:
1. In the Azure portal, on the SkyDesk Email application integration page, select Single sign-on.
dialog.

https://mail.skydesk.jp/portal/<companyname>
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact SkyDesk Email Client support team to
6. On the Set up SkyDesk Email section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure SkyDesk Email Single Sign-On
1. In a different web browser, sign-on to your SkyDesk Email account as administrator.
2. In the menu on the top, click Setup, and select Org.
3. Click on Domains from the left panel.
4. Click on Add Domain.
5. Enter your Domain name, and then verify the Domain.
6. Click on SAML Authentication from the left panel.
7. On the SAML Authentication dialog page, perform the following steps:

NOTE
To use SAML based authentication, you should either have verified domain or portal URL setup. You can set the
portal URL with the unique name.
a. In the Login URL textbox, paste the value of Login URL, which you have copied from Azure portal.
b. In the Logout URL textbox, paste the value of Logout URL, which you have copied from Azure portal.
c. Change Password URL is optional so leave it blank.
d. Click on Get Key From File to select your downloaded certificate from Azure portal, and then click Open
to upload the certificate.
e. As Algorithm, select RSA.
f. Click Ok to save the changes.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to SkyDesk Email.
1. In the Azure portal, select Enterprise Applications, select All applications, then select SkyDesk Email.
2. In the applications list, select SkyDesk Email.

Create SkyDesk Email test user
In this section, you create a user called Britta Simon in SkyDesk Email.
Click on User Access from the left panel in SkyDesk Email and then enter your username.
NOTE
If you need to create bulk users, you need to contact the SkyDesk Email Client support team.
Test single sign-on

When you click the SkyDesk Email tile in the Access Panel, you should be automatically signed in to the SkyDesk
Email for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Skyhigh Networks
In this tutorial, you learn how to integrate Skyhigh Networks with Azure Active Directory (Azure AD ). Integrating
Skyhigh Networks with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Skyhigh Networks.
You can enable your users to be automatically signed-in to Skyhigh Networks (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Skyhigh Networks, you need the following items:
Skyhigh Networks single sign-on enabled subscription
Skyhigh Networks supports SP and IDP initiated SSO
Adding Skyhigh Networks from the gallery

To configure the integration of Skyhigh Networks into Azure AD, you need to add Skyhigh Networks from the
To add Skyhigh Networks from the gallery, perform the following steps:
4. In the search box, type Skyhigh Networks, select Skyhigh Networks from result panel then click Add

In this section, you configure and test Azure AD single sign-on with Skyhigh Networks based on a test user called
Skyhigh Networks needs to be established.
To configure and test Azure AD single sign-on with Skyhigh Networks, you need to complete the following
building blocks:
2. Configure Skyhigh Networks Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Skyhigh Networks test user - to have a counterpart of Britta Simon in Skyhigh Networks that is
To configure Azure AD single sign-on with Skyhigh Networks, perform the following steps:
1. In the Azure portal, on the Skyhigh Networks application integration page, select Single sign-on.
dialog.
https://<ENV>.myshn.net/shndash/saml/Azure_SSO
https://<ENV>.myshn.net/shndash/response/saml-postlogin
initiated mode:
https://<ENV>.myshn.net/shndash/saml/Azure_SSO
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact Skyhigh
Networks Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
7. On the Set up Skyhigh Networks section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Skyhigh Networks Single Sign-On
To configure single sign-on on Skyhigh Networks side, you need to send the downloaded Certificate (Base64)
and appropriate copied URLs from Azure portal to Skyhigh Networks support team. They set this setting to have

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Skyhigh Networks.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Skyhigh
Networks.
2. In the applications list, select Skyhigh Networks.

Create Skyhigh Networks test user
In this section, you create a user called Britta Simon in Skyhigh Networks. Work with Skyhigh Networks support
team to add the users in the Skyhigh Networks platform. Users must be created and activated before you use
single sign-on.
Test single sign-on
When you click the Skyhigh Networks tile in the Access Panel, you should be automatically signed in to the
Skyhigh Networks for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
integration with SKYSITE
In this tutorial, you'll learn how to integrate SKYSITE with Azure Active Directory (Azure AD ). When you integrate
SKYSITE with Azure AD, you can:
Control in Azure AD who has access to SKYSITE.
Enable your users to be automatically signed-in to SKYSITE with their Azure AD accounts.
Prerequisites
SKYSITE single sign-on (SSO ) enabled subscription.
SKYSITE supports IDP initiated SSO
SKYSITE supports Just In Time user provisioning
Adding SKYSITE from the gallery

To configure the integration of SKYSITE into Azure AD, you need to add SKYSITE from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type SKYSITE in the search box.
6. Select SKYSITE from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for SKYSITE

Configure and test Azure AD SSO with SKYSITE using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in SKYSITE.
To configure and test Azure AD SSO with SKYSITE, complete the following building blocks:
2. Configure SKYSITE SSO - to configure the single sign-on settings on application side.
a. Create SKYSITE test user - to have a counterpart of B.Simon in SKYSITE that is linked to the Azure AD

1. In the Azure portal, on the SKYSITE application integration page, click on Properties tab and perform the
following step:
Copy the User access URL and you have to paste it in Configure SKYSITE SSO section, which is
2. On the SKYSITE application integration page, navigate to single sign-on.
edit the settings.
the Save button.
6. SKYSITE application expects the SAML assertions in a specific format, which requires you to add custom
7. In addition to above, SKYSITE application expects few more attributes to be passed back in SAML response.
In the User Attributes & Claims section on the Group Claims (Preview) dialog, perform the following
steps:

d. Click Save.
9. On the Set up SKYSITE section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to SKYSITE.
2. In the applications list, select SKYSITE.
Configure SKYSITE SSO
1. Open a new web browser window and sign into your SKYSITE company site as an administrator and
2. Click on Settings on the top right side of page and then navigate to Account setting.
3. Switch to Single sign on (SSO ) tab, perform the following steps:

a. In the Identity Provider sign in URL text box, paste the value of User access URL, which you have
copied from the properties tab in Azure portal.
b. Click Upload certificate, to upload the Base64 encoded certificate which you have downloaded from the
Azure portal.
c. Click Save.
Create SKYSITE test user
In this section, a user called Britta Simon is created in SKYSITE. SKYSITE supports just-in-time user provisioning,
SKYSITE, a new one is created after authentication.
Test SSO
When you click the SKYSITE tile in the Access Panel, you should be automatically signed in to the SKYSITE for
Try SKYSITE with Azure AD
Skytap
In this tutorial, you learn how to integrate Skytap with Azure Active Directory (Azure AD ). Integrating Skytap with
You can control in Azure AD who has access to Skytap.
You can enable your users to be automatically signed-in to Skytap (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Skytap, you need the following items:
Skytap single sign-on enabled subscription
Skytap supports SP and IDP initiated SSO
Adding Skytap from the gallery

To configure the integration of Skytap into Azure AD, you need to add Skytap from the gallery to your list of
managed SaaS apps.
To add Skytap from the gallery, perform the following steps:
4. In the search box, type Skytap, select Skytap from the result panel then click the Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Skytap based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Skytap
To configure and test Azure AD single sign-on with Skytap, you need to complete the following building blocks:
2. Configure Skytap Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Skytap test user - to have a counterpart of Britta Simon in Skytap that is linked to the Azure AD
To configure Azure AD single sign-on with Skytap, perform the following steps:
1. In the Azure portal, on the Skytap application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type a URL using the following pattern: http://pingone.com/<custom EntityID>
https://sso.connect.pingidentity.com/sso/sp/ACS.saml2
initiated mode:
https://sso.connect.pingidentity.com/sso/sp/initsso?saasid=<saasid>&idpid=<idpid>
e. In the Relay State text box, type a URL using the following pattern: https://pingone.com/1.0/<custom ID>
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL, Sign-on URL and Relay State.
Contact Skytap Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
7. On the Set up Skytap section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Skytap Single Sign-On
To configure single sign-on on Skytap side, you need to send the downloaded Federation Metadata XML and
appropriate copied URLs from Azure portal to Skytap support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Skytap.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Skytap.
2. In the applications list, select Skytap.

Create Skytap test user
In this section, you create a user called Britta Simon in Skytap. Any Admininstrator or User Manager within a
Skytap Account can create users. More information on how to do this is in Skytap's help files, see:
https://help.skytap.com/users-create.html
Test single sign-on
When you click the Skytap tile in the Access Panel, you should be automatically signed in to the Skytap for which
Skyward Qmlativ
In this tutorial, you learn how to integrate Skyward Qmlativ with Azure Active Directory (Azure AD ). Integrating
Skyward Qmlativ with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Skyward Qmlativ.
You can enable your users to be automatically signed-in to Skyward Qmlativ (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Skyward Qmlativ, you need the following items:
Skyward Qmlativ single sign-on enabled subscription
Skyward Qmlativ supports SP initiated SSO
Adding Skyward Qmlativ from the gallery

To configure the integration of Skyward Qmlativ into Azure AD, you need to add Skyward Qmlativ from the
To add Skyward Qmlativ from the gallery, perform the following steps:
4. In the search box, type Skyward Qmlativ, select Skyward Qmlativ from result panel then click Add

In this section, you configure and test Azure AD single sign-on with Skyward Qmlativ based on a test user called
Skyward Qmlativ needs to be established.
To configure and test Azure AD single sign-on with Skyward Qmlativ, you need to complete the following building
blocks:
2. Configure Skyward Qmlativ Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Skyward Qmlativ test user - to have a counterpart of Britta Simon in Skyward Qmlativ that is linked
To configure Azure AD single sign-on with Skyward Qmlativ, perform the following steps:
1. In the Azure portal, on the Skyward Qmlativ application integration page, select Single sign-on.
dialog.

https://<SUBDOMAIN>.skyward.com/<CUSTOMERIDENTIFIERSTS>
https://<BASEURL>/customeridentifierSTS
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Skyward Qmlativ
Configure Skyward Qmlativ Single Sign-On

To configure single sign-on on Skyward Qmlativ side, you need to send the App Federation Metadata Url to
Skyward Qmlativ support team. They set this setting to have the SAML SSO connection set properly on both
sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Skyward Qmlativ.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Skyward Qmlativ.
2. In the applications list, select Skyward Qmlativ.
Create Skyward Qmlativ test user
In this section, you create a user called Britta Simon in Skyward Qmlativ. Work with Skyward Qmlativ support
team to add the users in the Skyward Qmlativ platform. Users must be created and activated before you use single
sign-on.
Test single sign-on
When you click the Skyward Qmlativ tile in the Access Panel, you should be automatically signed in to the Skyward
Qmlativ for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
integration with Slack
In this tutorial, you'll learn how to integrate Slack with Azure Active Directory (Azure AD ). When you integrate
Slack with Azure AD, you can:
Control in Azure AD who has access to Slack.
Enable your users to be automatically signed-in to Slack with their Azure AD accounts.
Prerequisites
Slack single sign-on (SSO ) enabled subscription.
Slack supports SP initiated SSO
Slack supports Just In Time user provisioning
Slack supports Automated user provisioning
NOTE
Adding Slack from the gallery

To configure the integration of Slack into Azure AD, you need to add Slack from the gallery to your list of managed
SaaS apps.
5. In the Add from the gallery section, type Slack in the search box.
6. Select Slack from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
Configure and test Azure AD single sign-on for Slack

Configure and test Azure AD SSO with Slack using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Slack.
To configure and test Azure AD SSO with Slack, complete the following building blocks:
2. Configure Slack SSO - to configure the single sign-on settings on application side.
a. Create Slack test user - to have a counterpart of B.Simon in Slack that is linked to the Azure AD
1. In the Azure portal, on the Slack application integration page, find the Manage section and select single
sign-on.
edit the settings.
https://<your Slack company>.slack.com
b. In the Identifier (Entity ID ) text box, type a URL: https://slack.com
NOTE
The Sign on URL value is not real. Update the value with the actual Sign on URL. Contact Slack Client support team
portal.
6. On the Set up Slack section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Slack.
2. In the applications list, select Slack.
Configure Slack SSO

1. In a different web browser window, sign in to your Slack company site as an administrator.
2. Navigate to your slack company name on the left which, in our case has been setup as Microsoft Azure
AD and then go to Team Settings as shown in the following screenshot.
3. In the Team Settings section, click the Authentication tab, and then click Change Settings.
4. On the SAML Authentication Settings dialog, perform the following steps:

a. In the SAML 2.0 Endpoint (HTTP ) textbox, paste the value of Login URL, which you have copied from
Azure portal.
b. In the Identity Provider Issuer textbox, paste the value of Azure Ad Identifier, which you have copied
from Azure portal.
c. Open your downloaded certificate file in notepad, copy the content of it into your clipboard, and then
paste it to the Public Certificate textbox.
d. Configure the above three settings as appropriate for your Slack team. For more information about the
settings, please find the Slack's SSO configuration guide here.
https://get.slack.help/hc/articles/220403548-Guide-to-single-sign-on-with-Slack%60
e. Click Save Configuration.

Create Slack test user
The objective of this section is to create a user called B.Simon in Slack. Slack supports just-in-time provisioning,
which is by default enabled. There is no action item for you in this section. A new user is created during an attempt
to access Slack if it doesn't exist yet. Slack also supports automatic user provisioning, you can find more details
here on how to configure automatic user provisioning.
NOTE
If you need to create a user manually, you need to contact Slack support team.
NOTE
Azure AD Connect is the synchronization tool which can sync on premises Active Directory Identities to Azure AD and then
these synced users can also use the applications as like other cloud users.
Test SSO
When you click the Slack tile in the Access Panel, you should be automatically signed in to the Slack for which you
Tutorial: Azure Active Directory integration with Small
Improvements
In this tutorial, you learn how to integrate Small Improvements with Azure Active Directory (Azure AD ).
Integrating Small Improvements with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Small Improvements.
You can enable your users to be automatically signed-in to Small Improvements (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Small Improvements, you need the following items:
Small Improvements single sign-on enabled subscription
Small Improvements supports SP initiated SSO
Adding Small Improvements from the gallery

To configure the integration of Small Improvements into Azure AD, you need to add Small Improvements from the
To add Small Improvements from the gallery, perform the following steps:
4. In the search box, type Small Improvements, select Small Improvements from result panel then click

In this section, you configure and test Azure AD single sign-on with Small Improvements based on a test user
in Small Improvements needs to be established.
To configure and test Azure AD single sign-on with Small Improvements, you need to complete the following
building blocks:
2. Configure Small Improvements Single Sign-On - to configure the Single Sign-On settings on application
side.
5. Create Small Improvements test user - to have a counterpart of Britta Simon in Small Improvements that is
To configure Azure AD single sign-on with Small Improvements, perform the following steps:
1. In the Azure portal, on the Small Improvements application integration page, select Single sign-on.
dialog.

https://<subdomain>.small-improvements.com
https://<subdomain>.small-improvements.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Small
Improvements Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
6. On the Set up Small Improvements section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Small Improvements Single Sign-On
1. In another browser window, sign on to your Small Improvements company site as an administrator.
2. From the main dashboard page, click Administration button on the left.
3. Click the SAML SSO button from Integrations section.

a. In the HTTP Endpoint textbox, paste the value of Login URL, which you have copied from Azure portal.
b. Open your downloaded certificate in Notepad, copy the content, and then paste it into the x509
c. If you wish to have SSO and Login form authentication option available for users, then check the Enable
access via login/password too option.
d. Enter the appropriate value to Name the SSO Login button in the SAML Prompt textbox.
e. Click Save.


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Small Improvements.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Small
Improvements.
2. In the applications list, select Small Improvements.

Create Small Improvements test user
To enable Azure AD users to log in to Small Improvements, they must be provisioned into Small Improvements. In
the case of Small Improvements, provisioning is a manual task.
1. Sign-on to your Small Improvements company site as an administrator.
2. From the Home page, go to the menu on the left, click Administration.
3. Click the User Directory button from User Management section.
4. Click Add users.
5. On the Add Users dialog, perform the following steps:
a. Enter the first name of user like Britta.

b. Enter the Last name of user like Simon.
c. Enter the Email of user like **brittasimon@contoso.com**.
d. You can also choose to enter the personal message in the Send notification email box. If you do not
wish to send the notification, then uncheck this checkbox.
e. Click Create Users.
Test single sign-on
When you click the Small Improvements tile in the Access Panel, you should be automatically signed in to the
Small Improvements for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
SmartDraw
In this tutorial, you learn how to integrate SmartDraw with Azure Active Directory (Azure AD ). Integrating
SmartDraw with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to SmartDraw.
You can enable your users to be automatically signed-in to SmartDraw (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with SmartDraw, you need the following items:
SmartDraw single sign-on enabled subscription
SmartDraw supports SP and IDP initiated SSO
SmartDraw supports Just In Time user provisioning
Adding SmartDraw from the gallery

To configure the integration of SmartDraw into Azure AD, you need to add SmartDraw from the gallery to your list
To add SmartDraw from the gallery, perform the following steps:
4. In the search box, type SmartDraw, select SmartDraw from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with SmartDraw based on a test user called Britta
SmartDraw needs to be established.
To configure and test Azure AD single sign-on with SmartDraw, you need to complete the following building
blocks:
2. Configure SmartDraw Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create SmartDraw test user - to have a counterpart of Britta Simon in SmartDraw that is linked to the Azure
To configure Azure AD single sign-on with SmartDraw, perform the following steps:
1. In the Azure portal, on the SmartDraw application integration page, select Single sign-on.
dialog.
4. On the Basic SAML Configuration section, if you wish to configure the application in IDP initiated mode
initiated mode:
https://cloud.smartdraw.com/sso/saml/login/<domain>
NOTE
The Sign-on URL value is not real. You will update the Sign-on URL value with the actual Sign-on URL, which is
the Azure portal.
6. SmartDraw application expects the SAML assertions in a specific format, which requires you to add custom
7. In addition to above, SmartDraw application expects few more attributes to be passed back in SAML
Email user.mail
Groups user.groups
f. Click Ok
g. Click Save.
9. On the Set up SmartDraw section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure SmartDraw Single Sign-On
1. In a different web browser window, login to SmartDraw as an Administrator.
2. Click on Single Sign-On under Manage your SmartDraw License.
3. On the Configuration page, perform the following steps:

a. In the Your Domain (like acme.com ) textbox, type your domain.
b. Copy the Your SP Initiated Login Url will be for your instance and paste it in Sign-on URL textbox in
Basic SAML Configuration on Azure portal.
c. In the Security Groups to Allow SmartDraw Access textbox, type Everyone.
d. In the Your SAML Issuer Url textbox, paste the value of Azure AD Identifier which you have copied
e. In Notepad, open the Metadata XML file that you downloaded from the Azure portal, copy its content, and
then paste it into the Your SAML MetaData box.
f. Click Save Configuration

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to SmartDraw.
1. In the Azure portal, select Enterprise Applications, select All applications, then select SmartDraw.
2. In the applications list, select SmartDraw.

Create SmartDraw test user
In this section, a user called Britta Simon is created in SmartDraw. SmartDraw supports just-in-time user
exist in SmartDraw, a new one is created after authentication.
Test single sign-on
When you click the SmartDraw tile in the Access Panel, you should be automatically signed in to the SmartDraw
SmarterU
In this tutorial, you learn how to integrate SmarterU with Azure Active Directory (Azure AD ). Integrating SmarterU
You can control in Azure AD who has access to SmarterU.
You can enable your users to be automatically signed-in to SmarterU (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with SmarterU, you need the following items:
SmarterU single sign-on enabled subscription
SmarterU supports IDP initiated SSO
Adding SmarterU from the gallery

To configure the integration of SmarterU into Azure AD, you need to add SmarterU from the gallery to your list of
managed SaaS apps.
To add SmarterU from the gallery, perform the following steps:
4. In the search box, type SmarterU, select SmarterU from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with SmarterU based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in SmarterU
To configure and test Azure AD single sign-on with SmarterU, you need to complete the following building blocks:
2. Configure SmarterU Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create SmarterU test user - to have a counterpart of Britta Simon in SmarterU that is linked to the Azure AD
To configure Azure AD single sign-on with SmarterU, perform the following steps:
1. In the Azure portal, on the SmarterU application integration page, select Single sign-on.
dialog.

In the Identifier text box, type the URL: https://www.smarteru.com/
6. On the Set up SmarterU section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure SmarterU Single Sign-On
1. In a different web browser window, sign in to your SmarterU company site as an administrator.
2. In the toolbar on the top, click Account Settings.
3. On the account configuration page, perform the following steps:

a. Select Enable External Authorization.
b. In the Master Login Control section, select the SmarterU tab.
c. In the User Default Login section, select the SmarterU tab.
d. Select Enable SAML.
e. Copy the content of the downloaded metadata file, and then paste it into the IdP Metadata textbox.
f. Select an Identifier Attribute/Claim.
g. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to SmarterU.
1. In the Azure portal, select Enterprise Applications, select All applications, then select SmarterU.
2. In the applications list, select SmarterU.

Create SmarterU test user
To enable Azure AD users to sign in to SmarterU, they must be provisioned into SmarterU. In the case of
SmarterU, provisioning is a manual task.
1. sign in to your SmarterU tenant.
2. Go to Users.
3. In the user section, perform the following steps:
a. Click +User.
b. Type the related attribute values of the Azure AD user account into the following textboxes: Primary
Email, Employee ID, Password, Verify Password, Given Name, Surname.
c. Click Active.
d. Click Save.
NOTE
You can use any other SmarterU user account creation tools or APIs provided by SmarterU to provision Azure AD user
accounts.
Test single sign-on

When you click the SmarterU tile in the Access Panel, you should be automatically signed in to the SmarterU for
SmartFile
In this tutorial, you learn how to integrate SmartFile with Azure Active Directory (Azure AD ). Integrating SmartFile
You can control in Azure AD who has access to SmartFile.
You can enable your users to be automatically signed-in to SmartFile (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with SmartFile, you need the following items:
SmartFile single sign-on enabled subscription
SmartFile supports SP initiated SSO
Adding SmartFile from the gallery

To configure the integration of SmartFile into Azure AD, you need to add SmartFile from the gallery to your list of
managed SaaS apps.
To add SmartFile from the gallery, perform the following steps:
4. In the search box, type SmartFile, select SmartFile from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with SmartFile based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in SmartFile
To configure and test Azure AD single sign-on with SmartFile, you need to complete the following building blocks:
2. Configure SmartFile Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create SmartFile test user - to have a counterpart of Britta Simon in SmartFile that is linked to the Azure AD
To configure Azure AD single sign-on with SmartFile, perform the following steps:
1. In the Azure portal, on the SmartFile application integration page, select Single sign-on.
dialog.

https://<SUBDOMAIN>.smartfile.com/ftp/login
b. In the Identifier (Entity ID ) text box, type a URL using the following pattern: <SUBDOMAIN>.smartfile.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact SmartFile Client
6. On the Set up SmartFile section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure SmartFile Single Sign-On
To configure single sign-on on SmartFile side, you need to send the downloaded Federation Metadata XML
and appropriate copied URLs from Azure portal to SmartFile support team. They set this setting to have the SAML

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to SmartFile.
1. In the Azure portal, select Enterprise Applications, select All applications, then select SmartFile.
2. In the applications list, select SmartFile.
Create SmartFile test user
In this section, you create a user called Britta Simon in SmartFile. Work with SmartFile support team to add the
users in the SmartFile platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the SmartFile tile in the Access Panel, you should be automatically signed in to the SmartFile for
SmartLPA
In this tutorial, you learn how to integrate SmartLPA with Azure Active Directory (Azure AD ). Integrating
SmartLPA with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to SmartLPA.
You can enable your users to be automatically signed-in to SmartLPA (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with SmartLPA, you need the following items:
SmartLPA single sign-on enabled subscription
SmartLPA supports SP initiated SSO
Adding SmartLPA from the gallery

To configure the integration of SmartLPA into Azure AD, you need to add SmartLPA from the gallery to your list of
managed SaaS apps.
To add SmartLPA from the gallery, perform the following steps:
4. In the search box, type SmartLPA, select SmartLPA from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with SmartLPA based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in SmartLPA
To configure and test Azure AD single sign-on with SmartLPA, you need to complete the following building blocks:
2. Configure SmartLPA Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create SmartLPA test user - to have a counterpart of Britta Simon in SmartLPA that is linked to the Azure AD
To configure Azure AD single sign-on with SmartLPA, perform the following steps:
1. In the Azure portal, on the SmartLPA application integration page, select Single sign-on.
dialog.

a. In the Sign on URL text box, type a URL using the following pattern: https://<TENANTNAME>.smartlpa.com/
https://<TENANTNAME>.smartlpa.com/<UNIQUE ID>
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact SmartLPA Client
6. On the Set up SmartLPA section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure SmartLPA Single Sign-On
To configure single sign-on on SmartLPA side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to SmartLPA support team. They set this setting to have the SAML

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to SmartLPA.
1. In the Azure portal, select Enterprise Applications, select All applications, then select SmartLPA.
2. In the applications list, select SmartLPA.
Create SmartLPA test user
In this section, you create a user called Britta Simon in SmartLPA. Work with SmartLPA support team to add the
users in the SmartLPA platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the SmartLPA tile in the Access Panel, you should be automatically signed in to the SmartLPA for
SmartRecruiters
In this tutorial, you learn how to integrate SmartRecruiters with Azure Active Directory (Azure AD ). Integrating
SmartRecruiters with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to SmartRecruiters.
You can enable your users to be automatically signed-in to SmartRecruiters (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with SmartRecruiters, you need the following items:
SmartRecruiters single sign-on enabled subscription
SmartRecruiters supports SP and IDP initiated SSO
Adding SmartRecruiters from the gallery

To configure the integration of SmartRecruiters into Azure AD, you need to add SmartRecruiters from the gallery
To add SmartRecruiters from the gallery, perform the following steps:
4. In the search box, type SmartRecruiters, select SmartRecruiters from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with SmartRecruiters based on a test user called
SmartRecruiters needs to be established.
To configure and test Azure AD single sign-on with SmartRecruiters, you need to complete the following building
blocks:
2. Configure SmartRecruiters Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create SmartRecruiters test user - to have a counterpart of Britta Simon in SmartRecruiters that is linked to
To configure Azure AD single sign-on with SmartRecruiters, perform the following steps:
1. In the Azure portal, on the SmartRecruiters application integration page, select Single sign-on.
dialog.
https://www.smartrecruiters.com/web-sso/saml/<companyname>
https://www.smartrecruiters.com/web-sso/saml/<companyname>/callback
initiated mode:
https://www.smartrecruiters.com/web-sso/saml/<companyname>/login
NOTE
SmartRecruiters Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
7. On the Set up SmartRecruiters section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure SmartRecruiters Single Sign-On
1. In a different web browser window, log in to your SmartRecruiters company site as an administrator.
2. Go to Settings / Admin.
3. In the Configuration section, click Web SSO.

4. Toggle Enable Web SSO.
5. In Identity Provider Configuration, perform the following steps:
a. In Identity Provider URL textbox, paste the value of Login URL which you have copied from Azure
portal.
b. Open certificate(Base64) which you have downloaded from Azure portal in the Notepad, copy the
content of it and paste into Identity Provider certificate textbox.
6. Click Save Web SSO configuration.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to SmartRecruiters.
1. In the Azure portal, select Enterprise Applications, select All applications, then select SmartRecruiters.
2. In the applications list, select SmartRecruiters.
Create SmartRecruiters test user
In this section, you create a user called Britta Simon in SmartRecruiters. Work with SmartRecruiters support
team to add the users in the SmartRecruiters platform. Users must be created and activated before you use single
sign-on.
Test single sign-on
When you click the SmartRecruiters tile in the Access Panel, you should be automatically signed in to the
SmartRecruiters for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
smartvid.io
In this tutorial, you learn how to integrate smartvid.io with Azure Active Directory (Azure AD ). Integrating
smartvid.io with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to smartvid.io.
You can enable your users to be automatically signed-in to smartvid.io (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with smartvid.io, you need the following items:
smartvid.io single sign-on enabled subscription
smartvid.io supports IDP initiated SSO
Adding smartvid.io from the gallery

To configure the integration of smartvid.io into Azure AD, you need to add smartvid.io from the gallery to your list
To add smartvid.io from the gallery, perform the following steps:
4. In the search box, type smartvid.io, select smartvid.io from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with smartvid.io based on a test user called Britta
smartvid.io needs to be established.
To configure and test Azure AD single sign-on with smartvid.io, you need to complete the following building
blocks:
2. Configure smartvid.io Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create smartvid.io test user - to have a counterpart of Britta Simon in smartvid.io that is linked to the Azure
To configure Azure AD single sign-on with smartvid.io, perform the following steps:
1. In the Azure portal, on the smartvid.io application integration page, select Single sign-on.
dialog.
on your computer.
6. On the Set up smartvid.io section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure smartvid.io Single Sign-On
To configure single sign-on on smartvid.io side, you need to send the downloaded Certificate (Raw) and
appropriate copied URLs from Azure portal to smartvid.io support team. They set this setting to have the SAML

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to smartvid.io.
1. In the Azure portal, select Enterprise Applications, select All applications, then select smartvid.io.
2. In the applications list, select smartvid.io.

Create smartvid.io test user
In this section, you create a user called Britta Simon in smartvid.io. Work with smartvid.io support team to add the
users in the smartvid.io platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the smartvid.io tile in the Access Panel, you should be automatically signed in to the smartvid.io for
Snowflake
In this tutorial, you learn how to integrate Snowflake with Azure Active Directory (Azure AD ). Integrating
Snowflake with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Snowflake.
You can enable your users to be automatically signed-in to Snowflake (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Snowflake, you need the following items:
Snowflake single sign-on enabled subscription
Snowflake supports SP and IDP initiated SSO
Adding Snowflake from the gallery

To configure the integration of Snowflake into Azure AD, you need to add Snowflake from the gallery to your list
To add Snowflake from the gallery, perform the following steps:
4. In the search box, type Snowflake, select Snowflake from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Snowflake based on a test user called Britta
Snowflake needs to be established.
To configure and test Azure AD single sign-on with Snowflake, you need to complete the following building blocks:
2. Configure Snowflake Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Snowflake test user - to have a counterpart of Britta Simon in Snowflake that is linked to the Azure
To configure Azure AD single sign-on with Snowflake, perform the following steps:
1. In the Azure portal, on the Snowflake application integration page, select Single sign-on.
dialog.
4. On the Basic SAML Configuration section, perform the following steps, if you wish to configure the
https://<SNOWFLAKE-URL>.snowflakecomputing.com
https://<SNOWFLAKE-URL>.snowflakecomputing.com/fed/login
initiated mode:
https://<SNOWFLAKE-URL>.snowflakecomputing.com
NOTE
Snowflake Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
6. On the Set up Snowflake section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Snowflake Single Sign-On
1. In a different web browser window, login to Snowflake as a Security Administrator.
2. Switch Role to ACCOUNTADMIN, by clicking on profile on the top right side of page.
NOTE
This is separate from the context you have selected in the top-right corner under your User Name
3. Open the downloaded Base 64 certificate in notepad. Copy the value between “-----BEGIN
CERTIFICATE -----” and “-----END CERTIFICATE -----" and paste this into the quotation marks next to
certificate below. In the ssoUrl, paste Login URL value which you have copied from the Azure portal.
Select the All Queries and click Run.
use role accountadmin;
alter account set saml_identity_provider = '{
"certificate": "<Paste the content of downloaded certificate from Azure portal>",
"ssoUrl":"<Login URL value which you have copied from the Azure portal>",
"type":"custom",
"label":"AzureAD"
}';
alter account set sso_login_page = TRUE;


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Snowflake.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Snowflake.
2. In the applications list, type and select Snowflake.
Create Snowflake test user
To enable Azure AD users to log in to Snowflake, they must be provisioned into Snowflake. In Snowflake,
1. Log in to Snowflake as a Security Administrator.
2. Switch Role to ACCOUNTADMIN, by clicking on profile on the top right side of page.
3. Create the user by running the below SQL query, ensuring "Login name" is set to the Azure AD username
on the worksheet as shown below.
use role accountadmin;

CREATE USER britta_simon PASSWORD = '' LOGIN_NAME = 'BrittaSimon@contoso.com' DISPLAY_NAME = 'Britta
Simon';
Test single sign-on

When you click the Snowflake tile in the Access Panel, you should be automatically signed in to the Snowflake for
Softeon WMS
In this tutorial, you learn how to integrate Softeon WMS with Azure Active Directory (Azure AD ). Integrating
Softeon WMS with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Softeon WMS.
You can enable your users to be automatically signed-in to Softeon WMS (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Softeon WMS, you need the following items:
Softeon WMS single sign-on enabled subscription
Softeon WMS supports SP initiated SSO
Softeon WMS supports Just In Time user provisioning
Adding Softeon WMS from the gallery

To configure the integration of Softeon WMS into Azure AD, you need to add Softeon WMS from the gallery to
To add Softeon WMS from the gallery, perform the following steps:
4. In the search box, type Softeon WMS, select Softeon WMS from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with Softeon WMS based on a test user called
Softeon WMS needs to be established.
To configure and test Azure AD single sign-on with Softeon WMS, you need to complete the following building
blocks:
2. Configure Softeon WMS Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Softeon WMS test user - to have a counterpart of Britta Simon in Softeon WMS that is linked to the
To configure Azure AD single sign-on with Softeon WMS, perform the following steps:
1. In the Azure portal, on the Softeon WMS application integration page, select Single sign-on.
dialog.

https://<companyname>.softeon.com/<instancename>
https://<companyname>.softeon.com/sp
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Softeon WMS
6. On the Set up Softeon WMS section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Softeon WMS Single Sign-On
To configure single sign-on on Softeon WMS side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to Softeon WMS support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Softeon WMS.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Softeon WMS.
2. In the applications list, select Softeon WMS.
Create Softeon WMS test user
In this section, a user called Britta Simon is created in Softeon WMS. Softeon WMS supports just-in-time user
exist in Softeon WMS, a new one is created after authentication.
Test single sign-on
When you click the Softeon WMS tile in the Access Panel, you should be automatically signed in to the Softeon
WMS for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Tutorial: Integrate Soloinsight-CloudGate SSO with
In this tutorial, you'll learn how to integrate Soloinsight-CloudGate SSO with Azure Active Directory (Azure AD ).
When you integrate Soloinsight-CloudGate SSO with Azure AD, you can:
Control in Azure AD who has access to Soloinsight-CloudGate SSO.
Enable your users to be automatically signed-in to Soloinsight-CloudGate SSO with their Azure AD accounts.
Prerequisites
Soloinsight-CloudGate SSO single sign-on (SSO ) enabled subscription.
In this tutorial, you configure and test Azure AD SSO in a test environment. Soloinsight-CloudGate SSO supports
SP initiated SSO.
Adding Soloinsight-CloudGate SSO from the gallery

To configure the integration of Soloinsight-CloudGate SSO into Azure AD, you need to add Soloinsight-
CloudGate SSO from the gallery to your list of managed SaaS apps.
5. In the Add from the gallery section, type Soloinsight-CloudGate SSO in the search box.
6. Select Soloinsight-CloudGate SSO from results panel and then add the app. Wait a few seconds while the

Configure and test Azure AD SSO with Soloinsight-CloudGate SSO using a test user called Britta Simon. For
SSO to work, you need to establish a link relationship between an Azure AD user and the related user in
Soloinsight-CloudGate SSO.
To configure and test Azure AD SSO with Soloinsight-CloudGate SSO, complete the following building blocks:
2. Configure Soloinsight-CloudGate SSO to configure the SSO settings on application side.
5. Create Soloinsight-CloudGate SSO test user to have a counterpart of Britta Simon in Soloinsight-
CloudGate SSO that is linked to the Azure AD representation of user.
1. In the Azure portal, on the Soloinsight-CloudGate SSO application integration page, find the Manage
https://<SUBDOMAIN>.sigateway.com/login
https://<SUBDOMAIN>.sigateway.com/process/sso
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier which is explained later in
the Configure Soloinsight-CloudGate SSO Single Sign-On section of the tutorial.
6. On the Set up Soloinsight-CloudGate SSO section, copy the appropriate URL (s) based on your
requirement.
Configure Soloinsight-CloudGate SSO
1. To automate the configuration within Soloinsight-CloudGate SSO, you need to install My Apps Secure
2. After adding extension to the browser, click on Setup Soloinsight-CloudGate SSO will direct you to the
Soloinsight-CloudGate SSO application. From there, provide the admin credentials to sign into Soloinsight-
CloudGate SSO. The browser extension will automatically configure the application for you and automate
steps 3-8.
3. If you want to setup Soloinsight-CloudGate SSO manually, open a new web browser window and sign into
your Soloinsight-CloudGate SSO company site as an administrator and perform the following steps:
4. To get the values that are to be pasted in the Azure portal while configuring Basic SAML, sign in to the
CloudGate Web Portal using your credentials then access the SSO settings, which can be found on the
following path Home>Administration>System settings>General.
5. SAML Consumer URL
Copy the links available against the Saml Consumer URL and the Redirect URL fields and paste
them in the Azure portal Basic SAML Configuration section for Identifier (Entity ID ) and Reply
URL fields respectively.
6. SAML Signing Certificate

Go to the source of the Certificate (Base64) file that was downloaded from Azure portal SAML
Signing Certificate lists and right-click on it. Choose Edit with Notepad++ option from the list.
Copy the content in the Certificate (Base64) Notepad++ file.

Paste the content in the CloudGate Web Portal SSO settings Certificate field and click on Save
button.
7. Default Group
Select Business Admin from the drop-down list of the Default Group option in the CloudGate
Web Portal
8. AD Identifier and Login URL

The copied Login URL from the Azure portal Set up Soloinsight-CloudGate SSO configurations
are to be entered in the CloudGate Web Portal SSO settings section.
Paste the Login URL link from Azure portal in the CloudGate Web Portal AD Login URL field.
Paste the Azure AD Identifier link from Azure portal in the CloudGate Web Portal AD Identifier
field

.
box.
d. Click Create.
In this section, you'll enable Britta Simon to use Azure single sign-on by granting access to Soloinsight-CloudGate
SSO.
2. In the applications list, select Soloinsight-CloudGate SSO.
Create Soloinsight-CloudGate SSO test user
To Create a test user, Select Employees from the main menu of your CloudGate Web Portal and fill out the Add
New employee form. The Authority Level that is to be assigned to the test user is Business Admin Click on
Create once all the required fields are filled.
Test SSO
When you select the Soloinsight-CloudGate SSO tile in the Access Panel, you should be automatically signed in to
the Soloinsight-CloudGate SSO for which you set up SSO. For more information about the Access Panel, see
integration with Sonarqube
In this tutorial, you'll learn how to integrate Sonarqube with Azure Active Directory (Azure AD ). When you
integrate Sonarqube with Azure AD, you can:
Control in Azure AD who has access to Sonarqube.
Enable your users to be automatically signed-in to Sonarqube with their Azure AD accounts.
Prerequisites
Sonarqube single sign-on (SSO ) enabled subscription.
Sonarqube supports SP initiated SSO
NOTE
Adding Sonarqube from the gallery

To configure the integration of Sonarqube into Azure AD, you need to add Sonarqube from the gallery to your list
5. In the Add from the gallery section, type Sonarqube in the search box.
6. Select Sonarqube from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Sonarqube

Configure and test Azure AD SSO with Sonarqube using a test user called B.Simon. For SSO to work, you need
to establish a link relationship between an Azure AD user and the related user in Sonarqube.
To configure and test Azure AD SSO with Sonarqube, complete the following building blocks:
2. Configure Sonarqube SSO - to configure the single sign-on settings on application side.
a. Create Sonarqube test user - to have a counterpart of B.Simon in Sonarqube that is linked to the

1. In the Azure portal, on the Sonarqube application integration page, find the Manage section and select
single sign-on.
edit the settings.
In the Sign-on URL text box, type a URL:
For Production Environment
https://servicessonar.corp.microsoft.com/
For Dev Environment

https://servicescode-dev.westus.cloudapp.azure.com
6. On the Set up Sonarqube section, copy the appropriate URL (s) based on your requirement.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Sonarqube.
2. In the applications list, select Sonarqube.
Configure Sonarqube SSO

1. Open a new web browser window and sign into your Sonarqube company site as an administrator.
2. Install the SAML plugin from the sonarqube market place.
3. On the top left of the page, click on ADMIN and then navigate to SAML.
4. On the SAML page, perform the following steps:
a. Toggle the Enabled option to yes.
b. In Application ID text box, enter the name like sonarqube.
c. In Provider Name text box, enter the name like SAML.
d. In Provider ID text box, paste the value of Azure AD Identifier, which you have copied from Azure
portal.
e. In SAML login url text box, paste the value of Login URL, which you have copied from Azure portal.
f. Open the Base64 encoded certificate in notepad, copy its content and paste it into the Provider
certificate text box.
g. In SAML user login attribute text box, enter the value
h. In SAML user name attribute text box, enter the value
http://schemas.microsoft.com/identity/claims/displayname .
i. In SAML user email attribute text box, enter the value
j. Click Save.
Create Sonarqube test user
In this section, you create a user called B.Simon in Sonarqube. Work with Sonarqube Client support team to add
the users in the Sonarqube platform. Users must be created and activated before you use single sign-on.
Test SSO
When you click the Sonarqube tile in the Access Panel, you should be automatically signed in to the Sonarqube for
Try Sonarqube with Azure AD
Soonr Workplace
In this tutorial, you learn how to integrate Soonr Workplace with Azure Active Directory (Azure AD ). Integrating
Soonr Workplace with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Soonr Workplace.
You can enable your users to be automatically signed-in to Soonr Workplace (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Soonr Workplace, you need the following items:
Soonr Workplace single sign-on enabled subscription
Soonr Workplace supports SP and IDP initiated SSO
Adding Soonr Workplace from the gallery

To configure the integration of Soonr Workplace into Azure AD, you need to add Soonr Workplace from the
To add Soonr Workplace from the gallery, perform the following steps:
4. In the search box, type Soonr Workplace, select Soonr Workplace from the result panel then click the

In this section, you configure and test Azure AD single sign-on with Soonr Workplace based on a test user called
Soonr Workplace needs to be established.
To configure and test Azure AD single sign-on with Soonr Workplace, you need to complete the following building
blocks:
2. Configure Soonr Workplace Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Soonr Workplace test user - to have a counterpart of Britta Simon in Soonr Workplace that is linked
To configure Azure AD single sign-on with Soonr Workplace, perform the following steps:
1. In the Azure portal, on the Soonr Workplace application integration page, select Single sign-on.
dialog.
https://<servername>.soonr.com/singlesignon/saml/metadata
https://<servername>.soonr.com/singlesignon/saml/SSO
initiated mode:
https://<servername>.soonr.com/singlesignon/saml/SSO
NOTE
These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact Soonr
Workplace Client support team to get these values. You can also refer to the patterns shown in the Basic SAML
7. On the Set up Soonr Workplace section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Soonr Workplace Single Sign-On
To configure single sign-on on Soonr Workplace side, you need to send the downloaded Federation Metadata
XML and appropriate copied URLs from Azure portal to Soonr Workplace support team. They set this setting to
NOTE
If you require assistance with configuring Autotask Workplace, please see this page to get assistance with your Workplace
account.


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Soonr Workplace.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Soonr Workplace.
2. In the applications list, select Soonr Workplace.

Create Soonr Workplace test user
In this section, you create a user called Britta Simon in Soonr Workplace. Work with Soonr Workplace support
team to add the users in the Soonr Workplace platform. Users must be created and activated before you use single
sign-on.
Test single sign-on
When you click the Soonr Workplace tile in the Access Panel, you should be automatically signed in to the Soonr
Workplace for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
SpaceIQ
In this tutorial, you learn how to integrate SpaceIQ with Azure Active Directory (Azure AD ). Integrating SpaceIQ
You can control in Azure AD who has access to SpaceIQ.
You can enable your users to be automatically signed-in to SpaceIQ (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with SpaceIQ, you need the following items:
SpaceIQ single sign-on enabled subscription
SpaceIQ supports IDP initiated SSO
Adding SpaceIQ from the gallery

To configure the integration of SpaceIQ into Azure AD, you need to add SpaceIQ from the gallery to your list of
managed SaaS apps.
To add SpaceIQ from the gallery, perform the following steps:
4. In the search box, type SpaceIQ, select SpaceIQ from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with SpaceIQ based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in SpaceIQ
To configure and test Azure AD single sign-on with SpaceIQ, you need to complete the following building blocks:
2. Configure SpaceIQ Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create SpaceIQ test user - to have a counterpart of Britta Simon in SpaceIQ that is linked to the Azure AD
To configure Azure AD single sign-on with SpaceIQ, perform the following steps:
1. In the Azure portal, on the SpaceIQ application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type the URL: https://api.spaceiq.com
https://api.spaceiq.com/saml/<instanceid>/callback
NOTE
Update these values with the actual Reply URL and identifier which is explained later in the tutorial.
6. On the Set up SpaceIQ section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure SpaceIQ Single Sign-On
1. Open a new browser window, and then sign in to your SpaceIQ environment as an administrator.
2. Once you are logged in, click on the puzzle sign at the top right, then click on Integrations
3. Under All PROVISIONING & SSO, click on the Azure tile to add an instance of Azure as IDP.
4. In the SSO dialog box, perform the following steps:

a. In the SAML Issuer URL box, paste the Azure AD Identifier value copied from the Azure AD
application configuration window.
b. Copy the SAML CallBack Endpoint URL (read-only) value and paste the value in the Reply URL box
c. Copy the SAML Audience URI (read-only) value and paste the value in the Identifier box in the Basic
d. Open the downloaded certificate file in notepad, copy the content, and then paste it in the X.509
Certificate box.
e. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to SpaceIQ.
1. In the Azure portal, select Enterprise Applications, select All applications, then select SpaceIQ.
2. In the applications list, select SpaceIQ.
Create SpaceIQ test user
In this section, you create a user called Britta Simon in SpaceIQ. Work SpaceIQ support team to add the users in
the SpaceIQ platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the SpaceIQ tile in the Access Panel, you should be automatically signed in to the SpaceIQ for
Spacio
In this tutorial, you learn how to integrate Spacio with Azure Active Directory (Azure AD ). Integrating Spacio with
You can control in Azure AD who has access to Spacio.
You can enable your users to be automatically signed-in to Spacio (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Spacio, you need the following items:
Spacio single sign-on enabled subscription
Spacio supports SP initiated SSO
Adding Spacio from the gallery

To configure the integration of Spacio into Azure AD, you need to add Spacio from the gallery to your list of
managed SaaS apps.
To add Spacio from the gallery, perform the following steps:
4. In the search box, type Spacio, select Spacio from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Spacio based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Spacio
To configure and test Azure AD single sign-on with Spacio, you need to complete the following building blocks:
2. Configure Spacio Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Spacio test user - to have a counterpart of Britta Simon in Spacio that is linked to the Azure AD
To configure Azure AD single sign-on with Spacio, perform the following steps:
1. In the Azure portal, on the Spacio application integration page, select Single sign-on.
dialog.

a. In the Sign on URL text box, type a URL using the following pattern: https://sso.spac.io/<brokerageID>
https://sso.spac.io/<brokerageID>
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Spacio Client
Configure Spacio Single Sign-On

To configure single sign-on on Spacio side, you need to send the App Federation Metadata Url to Spacio

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Spacio.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Spacio.
2. In the applications list, select Spacio.
Create Spacio test user
In this section, you create a user called Britta Simon in Spacio. Work with Spacio support team to add the users in
the Spacio platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Spacio tile in the Access Panel, you should be automatically signed in to the Spacio for which
Splunk Enterprise and Splunk Cloud
In this tutorial, you learn how to integrate Splunk Enterprise and Splunk Cloud with Azure Active Directory (Azure
AD ). Integrating Splunk Enterprise and Splunk Cloud with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Splunk Enterprise and Splunk Cloud.
You can enable your users to be automatically signed-in to Splunk Enterprise and Splunk Cloud (Single Sign-
you begin.
Prerequisites
To configure Azure AD integration with Splunk Enterprise and Splunk Cloud, you need the following items:
Splunk Enterprise and Splunk Cloud single sign-on enabled subscription
Splunk Enterprise and Splunk Cloud supports SP initiated SSO
Adding Splunk Enterprise and Splunk Cloud from the gallery

To configure the integration of Splunk Enterprise and Splunk Cloud into Azure AD, you need to add Splunk
Enterprise and Splunk Cloud from the gallery to your list of managed SaaS apps.
To add Splunk Enterprise and Splunk Cloud from the gallery, perform the following steps:
4. In the search box, type Splunk Enterprise and Splunk Cloud, select Splunk Enterprise and Splunk
Cloud from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Splunk Enterprise and Splunk Cloud based on
related user in Splunk Enterprise and Splunk Cloud needs to be established.
To configure and test Azure AD single sign-on with Splunk Enterprise and Splunk Cloud, you need to complete the
2. Configure Splunk Enterprise and Splunk Cloud Single Sign-On - to configure the Single Sign-On settings
5. Create Splunk Enterprise and Splunk Cloud test user - to have a counterpart of Britta Simon in Splunk
Enterprise and Splunk Cloud that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with Splunk Enterprise and Splunk Cloud, perform the following steps:
1. In the Azure portal, on the Splunk Enterprise and Splunk Cloud application integration page, select
Single sign-on.
dialog.

https://<splunkserverUrl>/en-US/app/launcher/home
b. In the Identifier box, type a URL using the following pattern: <splunkserverUrl>
c. In the Reply URL text box, type a URL using the following pattern: https://<splunkserver>/saml/acs
NOTE
These values are not real. Update these values with the actual Sign-On URL, Identifier and Reply URL. Contact Splunk
Enterprise and Splunk Cloud Client support team to get these values. You can also refer to the patterns shown in the
Configure Splunk Enterprise and Splunk Cloud Single Sign-On

To configure single sign-on on Splunk Enterprise and Splunk Cloud side, you need to send the downloaded
Federation Metadata XML and appropriate copied URLs from Azure portal to Splunk Enterprise and Splunk
Cloud support team. They set this setting to have the SAML SSO connection set properly on both sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Splunk Enterprise and
Splunk Cloud.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Splunk
Enterprise and Splunk Cloud.
2. In the applications list, type and select Splunk Enterprise and Splunk Cloud.
Create Splunk Enterprise and Splunk Cloud test user
In this section, you create a user called Britta Simon in Splunk Enterprise and Splunk Cloud. Work with Splunk
Enterprise and Splunk Cloud support team to add the users in the Splunk Enterprise and Splunk Cloud platform.
Test single sign-on
When you click the Splunk Enterprise and Splunk Cloud tile in the Access Panel, you should be automatically
signed in to the Splunk Enterprise and Splunk Cloud for which you set up SSO. For more information about the
Spotinst
In this tutorial, you learn how to integrate Spotinst with Azure Active Directory (Azure AD ). Integrating Spotinst
You can control in Azure AD who has access to Spotinst.
You can enable your users to be automatically signed-in to Spotinst (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Spotinst, you need the following items:
Spotinst single sign-on enabled subscription
Spotinst supports SP and IDP initiated SSO
Adding Spotinst from the gallery

To configure the integration of Spotinst into Azure AD, you need to add Spotinst from the gallery to your list of
managed SaaS apps.
To add Spotinst from the gallery, perform the following steps:
4. In the search box, type Spotinst, select Spotinst from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Spotinst based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Spotinst
To configure and test Azure AD single sign-on with Spotinst, you need to complete the following building blocks:
2. Configure Spotinst Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Spotinst test user - to have a counterpart of Britta Simon in Spotinst that is linked to the Azure AD
To configure Azure AD single sign-on with Spotinst, perform the following steps:
1. In the Azure portal, on the Spotinst application integration page, select Single sign-on.
dialog.
a. Check Set additional URLs.
b. In the Relay State textbox, type a value: <ID>
initiated mode:
In the Sign-on URL text box, type the URL: https://console.spotinst.com/auth/saml
NOTE
The Relay State value is not real. You will update the Relay State value with the actual Relay State value, which is
6. Spotinst application expects the SAML assertions in a specific format. Configure the following claims for
Email user.mail
f. Click Ok
g. Click Save.
9. On the Set up Spotinst section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Spotinst Single Sign-On
1. In a different web browser window, sign in to Spotinst as a Security Administrator.
2. Click on the user icon on the top right side of the screen and click Settings.
3. Click on the SECURITY tab on the top and then select Identity Providers and perform the following steps:
a. Copy the Relay State value for your instance and paste it in Relay State textbox in Basic SAML
b. Click BROWSE to upload the metadata xml file that you have downloaded from Azure portal
c. Click SAVE.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Spotinst.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Spotinst.
2. In the applications list, select Spotinst.

Create Spotinst test user
The objective of this section is to create a user called Britta Simon in Spotinst.
1. If you have configured the application in the SP initiated mode, perform the following steps:
a. In a different web browser window, sign in to Spotinst as a Security Administrator.
b. Click on the user icon on the top right side of the screen and click Settings.
c. Click Users and select ADD USER.
d. On the add user section, perform the following steps:
In the Full Name textbox, enter the full name of user like BrittaSimon.
In the Email textbox, enter the email address of the user like brittasimon\@contoso.com .
Select your organization-specific details for the Organization Role, Account Role, and Accounts.
2. If you have configured the application in the IDP initiated mode, There is no action item for you in this
section. Spotinst supports just-in-time provisioning, which is by default enabled. A new user is created
during an attempt to access Spotinst if it doesn't exist yet.
Test single sign-on
When you click the Spotinst tile in the Access Panel, you should be automatically signed in to the Spotinst for
SpringCM
In this tutorial, you learn how to integrate SpringCM with Azure Active Directory (Azure AD ). Integrating
SpringCM with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to SpringCM.
You can enable your users to be automatically signed-in to SpringCM (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with SpringCM, you need the following items:
SpringCM single sign-on enabled subscription
SpringCM supports SP initiated SSO
Adding SpringCM from the gallery

To configure the integration of SpringCM into Azure AD, you need to add SpringCM from the gallery to your list
To add SpringCM from the gallery, perform the following steps:
4. In the search box, type SpringCM, select SpringCM from the result panel then click the Add button to add
the application.

In this section, you configure and test Azure AD single sign-on with SpringCM based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in SpringCM
To configure and test Azure AD single sign-on with SpringCM, you need to complete the following building blocks:
2. Configure SpringCM Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create SpringCM test user - to have a counterpart of Britta Simon in SpringCM that is linked to the Azure AD
To configure Azure AD single sign-on with SpringCM, perform the following steps:
1. In the Azure portal, on the SpringCM application integration page, select Single sign-on.
dialog.

https://na11.springcm.com/atlas/SSO/SSOEndpoint.ashx?aid=<identifier>
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact SpringCM Client support team to get
on your computer.
6. On the Set up SpringCM section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure SpringCM Single Sign-On
1. In a different web browser window, sign on to your SpringCM company site as administrator.
2. In the menu on the top, click GO TO, click Preferences, and then, in the Account Preferences section, click
SAML SSO.
3. In the Identity Provider Configuration section, perform the following steps:

a. To upload your downloaded Azure Active Directory certificate, click Select Issuer Certificate or Change
Issuer Certificate.
b. In the Issuer textbox, paste Azure AD Identifier value, which you have copied from Azure portal.
c. In the Service Provider (SP ) Initiated Endpoint textbox, paste Login URL value, which you have
d. Select SAML Enabled as Enable.
e. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to SpringCM.
1. In the Azure portal, select Enterprise Applications, select All applications, then select SpringCM.
2. In the applications list, select SpringCM.

Create SpringCM test user
To enable Azure Active Directory users to sign in to SpringCM, they must be provisioned into SpringCM. In the
case of SpringCM, provisioning is a manual task.
NOTE
For more information, see Create and Edit a SpringCM User.
To provision a user account to SpringCM, perform the following steps:

1. Sign in to your SpringCM company site as administrator.
2. Click GOTO, and then click ADDRESS BOOK.
3. Click Create User.

4. Select a User Role.
5. Select Send Activation Email.
6. Type the first name, last name, and email address of a valid Azure Active Directory user account you want to
7. Add the user to a Security group.
8. Click Save.
NOTE
You can use any other SpringCM user account creation tools or APIs provided by SpringCM to provision Azure AD
user accounts.
Test single sign-on

When you click the SpringCM tile in the Access Panel, you should be automatically signed in to the SpringCM for
Springer Link
In this tutorial, you learn how to integrate Springer Link with Azure Active Directory (Azure AD ). Integrating
Springer Link with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Springer Link.
You can enable your users to be automatically signed-in to Springer Link (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Springer Link, you need the following items:
Springer Link single sign-on enabled subscription
Springer Link supports SP and IDP initiated SSO
Adding Springer Link from the gallery

To configure the integration of Springer Link into Azure AD, you need to add Springer Link from the gallery to
To add Springer Link from the gallery, perform the following steps:
4. In the search box, type Springer Link, select Springer Link from result panel then click Add button to add
the application.

In this section, you configure and test Azure AD single sign-on with Springer Link based on a test user called
Springer Link needs to be established.
To configure and test Azure AD single sign-on with Springer Link, you need to complete the following building
blocks:
2. Configure Springer Link Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Springer Link test user - to have a counterpart of Britta Simon in Springer Link that is linked to the
To configure Azure AD single sign-on with Springer Link, perform the following steps:
1. In the Azure portal, on the Springer Link application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type a URL: https://fsso.springer.com

https://fsso.springer.com/federation/Consumer/metaAlias/SpringerServiceProvider

d. In the Relay State text box, type a URL: https://link.springer.com
5. If you wish to configure the application in SP initiated mode, perform the following step:
https://fsso.springer.com/saml/login?idp=<entityID>&targetUrl=https://link.springer.com
NOTE
The Sign-on URL value is not real. Update the value with the actual Sign-On URL. <entityID> is the Azure AD
Identifier copied from the Set up Springer Link section, described later in tutorial. You can also refer to the patterns
icon to copy App Federation Metadata Url and save it on your computer.
7. On the Set up Springer Link section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Springer Link Single Sign-On
To configure single sign-on on Springer Link side, you need to send the copied App Federation Metadata Url
and appropriate copied URLs from Azure portal to Springer Link support team. They set this setting to have the

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Springer Link.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Springer Link.
2. In the applications list, select Springer Link.

Create Springer Link test user
In this section, you create a user called Britta Simon in Springer Link. Work with Springer Link support team to add
the users in the Springer Link platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Springer Link tile in the Access Panel, you should be automatically signed in to the Springer
Link for which you set up SSO. For more information about the Access Panel, see Introduction to the Access Panel.
Sprinklr
In this tutorial, you learn how to integrate Sprinklr with Azure Active Directory (Azure AD ). Integrating Sprinklr
You can control in Azure AD who has access to Sprinklr.
You can enable your users to be automatically signed-in to Sprinklr (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Sprinklr, you need the following items:
Sprinklr single sign-on enabled subscription
Sprinklr supports SP initiated SSO
Adding Sprinklr from the gallery

To configure the integration of Sprinklr into Azure AD, you need to add Sprinklr from the gallery to your list of
managed SaaS apps.
To add Sprinklr from the gallery, perform the following steps:
4. In the search box, type Sprinklr, select Sprinklr from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Sprinklr based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Sprinklr
To configure and test Azure AD single sign-on with Sprinklr, you need to complete the following building blocks:
2. Configure Sprinklr Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Sprinklr test user - to have a counterpart of Britta Simon in Sprinklr that is linked to the Azure AD
To configure Azure AD single sign-on with Sprinklr, perform the following steps:
1. In the Azure portal, on the Sprinklr application integration page, select Single sign-on.
dialog.

a. In the Sign on URL text box, type a URL using the following pattern: https://<subdomain>.sprinklr.com
https://<subdomain>.sprinklr.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Sprinklr Client
6. On the Set up Sprinklr section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Sprinklr Single Sign-On
1. In a different web browser window, log in to your Sprinklr company site as an administrator.
2. Go to Administration > Settings.
3. Go to Manage Partner > Single Sign on from the left pane.
4. Click +Add Single Sign Ons.
5. On the Single Sign on page, perform the following steps:

a. In the Name textbox, type a name for your configuration (for example: WAADSSOTest).
b. Select Enabled.
c. Select Use new SSO Certificate.
d. Open your base-64 encoded certificate in notepad, copy the content of it into your clipboard, and then
e. Paste the Azure AD Identifier value which you have copied from Azure Portal into the Entity Id textbox.
f. Paste the Login URL value which you have copied from Azure Portal into the Identity Provider Login
URL textbox.
g. Paste the Logout URL value which you have copied from Azure Portal into the Identity Provider
Logout URL textbox.
h. As SAML User ID Type, select Assertion contains User’s sprinklr.com username.
i. As SAML User ID Location, select User ID is in the Name Identifier element of the Subject
statement.
j. Click Save.


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Sprinklr.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Sprinklr.
2. In the applications list, select Sprinklr.
Create Sprinklr test user
1. Log in to your Sprinklr company site as an administrator.
2. Go to Administration > Settings.
3. Go to Manage Client > Users from the left pane.
4. Click Add User.
5. On the Edit user dialog, perform the following steps:

a. In the Email, First Name and Last Name textboxes, type the information of an Azure AD user account
you want to provision.
b. Select Password Disabled.
c. Select Language.
d. Select User Type.
e. Click Update.
IMPORTANT
Password Disabled must be selected to enable a user to log in via an Identity provider.
6. Go to Role, and then perform the following steps:

a. From the Global list, select ALL_Permissions.
b. Click Update.
NOTE
You can use any other Sprinklr user account creation tools or APIs provided by Sprinklr to provision Azure AD user accounts.
Test single sign-on

When you click the Sprinklr tile in the Access Panel, you should be automatically signed in to the Sprinklr for which
StatusPage
In this tutorial, you learn how to integrate StatusPage with Azure Active Directory (Azure AD ). Integrating
StatusPage with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to StatusPage.
You can enable your users to be automatically signed-in to StatusPage (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with StatusPage, you need the following items:
StatusPage single sign-on enabled subscription
StatusPage supports IDP initiated SSO
Adding StatusPage from the gallery

To configure the integration of StatusPage into Azure AD, you need to add StatusPage from the gallery to your list
To add StatusPage from the gallery, perform the following steps:
4. In the search box, type StatusPage, select StatusPage from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with StatusPage based on a test user called Britta
StatusPage needs to be established.
To configure and test Azure AD single sign-on with StatusPage, you need to complete the following building
blocks:
2. Configure StatusPage Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create StatusPage test user - to have a counterpart of Britta Simon in StatusPage that is linked to the Azure
To configure Azure AD single sign-on with StatusPage, perform the following steps:
1. In the Azure portal, on the StatusPage application integration page, select Single sign-on.
dialog.
https://<subdomain>.statuspagestaging.com/
https://<subdomain>.statuspage.io/
https://<subdomain>.statuspagestaging.com/sso/saml/consume
https://<subdomain>.statuspage.io/sso/saml/consume
NOTE
Contact the StatusPage support team at SupportTeam@statuspage.ioto request metadata necessary to configure
single sign-on.
a. From the metadata, copy the Issuer value, and then paste it into the Identifier textbox.
b. From the metadata, copy the Reply URL, and then paste it into the Reply URL textbox.
6. On the Set up StatusPage section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure StatusPage Single Sign-On
1. In another browser window, sign in to your StatusPage company site as an administrator.
2. In the main toolbar, click Manage Account.
3. Click the Single Sign-on tab.

a. In the SSO Target URL textbox, paste the value of Login URL, which you have copied from Azure portal.
b. Open your downloaded certificate in Notepad, copy the content, and then paste it into the Certificate
textbox.
c. Click SAVE CONFIGURATION.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to StatusPage.
1. In the Azure portal, select Enterprise Applications, select All applications, then select StatusPage.
2. In the applications list, select StatusPage.

Create StatusPage test user
The objective of this section is to create a user called Britta Simon in StatusPage.
StatusPage supports just-in-time provisioning. You have already enabled it in Configure Azure AD Single Sign-On.
To create a user called Britta Simon in StatusPage, perform the following steps:
1. Sign-on to your StatusPage company site as an administrator.
2. In the menu on the top, click Manage Account.
3. Click the Team Members tab.
4. Click ADD TEAM MEMBER.
5. Type the Email Address, First Name, and Surname of a valid user you want to provision into the related
textboxes.
6. As Role, choose Client Administrator.

7. Click CREATE ACCOUNT.
Test single sign-on
When you click the StatusPage tile in the Access Panel, you should be automatically signed in to the StatusPage for
Stormboard
In this tutorial, you learn how to integrate Stormboard with Azure Active Directory (Azure AD ). Integrating
Stormboard with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Stormboard.
You can enable your users to be automatically signed-in to Stormboard (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Stormboard, you need the following items:
Stormboard single sign-on enabled subscription
Stormboard supports SP and IDP initiated SSO
Stormboard supports Just In Time user provisioning
Adding Stormboard from the gallery

To configure the integration of Stormboard into Azure AD, you need to add Stormboard from the gallery to your
To add Stormboard from the gallery, perform the following steps:
4. In the search box, type Stormboard, select Stormboard from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Stormboard based on a test user called Britta
Stormboard needs to be established.
To configure and test Azure AD single sign-on with Stormboard, you need to complete the following building
blocks:
2. Configure Stormboard Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Stormboard test user - to have a counterpart of Britta Simon in Stormboard that is linked to the Azure
To configure Azure AD single sign-on with Stormboard, perform the following steps:
1. In the Azure portal, on the Stormboard application integration page, select Single sign-on.
dialog.
https://<SUBDOMAIN>.stormboard.com/saml2/ad/acs/<TEAMID>
initiated mode:
https://<SUBDOMAIN>.stormboard.com/saml2/ad/login/<TEAMID>
NOTE
These values are not real. Update these values with the actual Reply URL and Sign-On URL. Contact Stormboard
7. On the Set up Stormboard section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Stormboard Single Sign-On
To configure single sign-on on Stormboard side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to Stormboard support team. They set this setting to have the SAML

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Stormboard.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Stormboard.
2. In the applications list, select Stormboard.
Create Stormboard test user
In this section, a user called Britta Simon is created in Stormboard. Stormboard supports just-in-time user
exist in Stormboard, a new one is created after authentication.
Test single sign-on
When you click the Stormboard tile in the Access Panel, you should be automatically signed in to the Stormboard
integration with SuccessFactors
In this tutorial, you'll learn how to integrate SuccessFactors with Azure Active Directory (Azure AD ). When you
integrate SuccessFactors with Azure AD, you can:
Control in Azure AD who has access to SuccessFactors.
Enable your users to be automatically signed-in to SuccessFactors with their Azure AD accounts.
Prerequisites
SuccessFactors single sign-on (SSO ) enabled subscription.
SuccessFactors supports SP initiated SSO
Adding SuccessFactors from the gallery

To configure the integration of SuccessFactors into Azure AD, you need to add SuccessFactors from the gallery to
5. In the Add from the gallery section, type SuccessFactors in the search box.
6. Select SuccessFactors from results panel and then add the app. Wait a few seconds while the app is added to
your tenant.
Configure and test Azure AD SSO for SuccessFactors

Configure and test Azure AD SSO with SuccessFactors using a test user called B.Simon. For SSO to work, you
need to establish a link relationship between an Azure AD user and the related user in SuccessFactors.
To configure and test Azure AD SSO with SuccessFactors, complete the following building blocks:
2. Configure SuccessFactors SSO - to configure the Single Sign-On settings on application side.
a. Create SuccessFactors test user - to have a counterpart of B.Simon in SuccessFactors that is linked to

1. In the Azure portal, on the SuccessFactors application integration page, find the Manage section and

https://<companyname>.successfactors.com/<companyname>
https://<companyname>.sapsf.com/<companyname>
https://<companyname>.successfactors.eu/<companyname>
https://<companyname>.sapsf.eu
https://www.successfactors.com/<companyname>
https://www.successfactors.com
https://<companyname>.successfactors.eu
https://www.successfactors.eu/<companyname>
https://<companyname>.sapsf.com
https://hcm4preview.sapsf.com/<companyname>
https://www.successfactors.cn
https://www.successfactors.cn/<companyname>
https://<companyname>.successfactors.com/<companyname>
https://<companyname>.successfactors.com
https://<companyname>.sapsf.com/<companyname>
https://<companyname>.sapsf.com
https://<companyname>.successfactors.eu/<companyname>
https://<companyname>.successfactors.eu
https://<companyname>.sapsf.eu/<companyname>
https://<companyname>.sapsf.cn
https://<companyname>.sapsf.cn/<companyname>
NOTE
These values are not real. Update these values with the actual Sign-on URL, Identifier and Reply URL. Contact
SuccessFactors Client support team to get these values.
6. On the Set up SuccessFactors section, copy the appropriate URL (s) based on your requirement.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to SuccessFactors.
2. In the applications list, select SuccessFactors.
Configure SuccessFactors SSO

1. In a different web browser window, log in to your SuccessFactors admin portal as an administrator.
2. Visit Application Security and native to Single Sign On Feature.
3. Place any value in the Reset Token and click Save Token to enable SAML SSO.
NOTE
This value is used as the on/off switch. If any value is saved, the SAML SSO is ON. If a blank value is saved the SAML
SSO is OFF.
4. Native to below screenshot and perform the following actions:
a. Select the SAML v2 SSO Radio Button

b. Set the SAML Asserting Party Name(for example, SAML issuer + company name).
c. In the Issuer URL textbox, paste the Azure AD Identifier value which you have copied from the Azure
portal.
d. Select Assertion as Require Mandatory Signature.
e. Select Enabled as Enable SAML Flag.
f. Select No as Login Request Signature(SF Generated/SP/RP ).
g. Select Browser/Post Profile as SAML Profile.
h. Select No as Enforce Certificate Valid Period.
i. Copy the content of the downloaded certificate file from Azure portal, and then paste it into the SAML
Verifying Certificate textbox.
NOTE
The certificate content must have begin certificate and end certificate tags.
5. Navigate to SAML V2, and then perform the following steps:
a. Select Yes as Support SP -initiated Global Logout.

b. In the Global Logout Service URL (LogoutRequest destination) textbox, paste the Sign-Out URL
value which you have copied form the Azure portal.
c. Select No as Require sp must encrypt all NameID element.
d. Select unspecified as NameID Format.
e. Select Yes as Enable sp initiated login (AuthnRequest).
f. In the Send request as Company-Wide issuer textbox, paste Login URL value which you have copied
6. Perform these steps if you want to make the login usernames Case Insensitive.
a. Visit Company Settings(near the bottom).

b. Select checkbox near Enable Non-Case-Sensitive Username.
c. Click Save.
NOTE
If you try to enable this, the system checks if it creates a duplicate SAML login name. For example if the customer has
usernames User1 and user1. Taking away case sensitivity makes these duplicates. The system gives you an error
message and does not enable the feature. The customer needs to change one of the usernames so it’s spelled
different.
Create SuccessFactors test user

To enable Azure AD users to sign in to SuccessFactors, they must be provisioned into SuccessFactors. In the case
of SuccessFactors, provisioning is a manual task.
To get users created in SuccessFactors, you need to contact the SuccessFactors support team.
Test SSO
When you click the SuccessFactors tile in the Access Panel, you should be automatically signed in to the
SuccessFactors for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Try SuccessFactors with Azure AD
integration with Sugar CRM
In this tutorial, you'll learn how to integrate Sugar CRM with Azure Active Directory (Azure AD ). When you
integrate Sugar CRM with Azure AD, you can:
Control in Azure AD who has access to Sugar CRM.
Enable your users to be automatically signed-in to Sugar CRM with their Azure AD accounts.
Prerequisites
Sugar CRM single sign-on (SSO ) enabled subscription.
Sugar CRM supports SP initiated SSO
NOTE
Adding Sugar CRM from the gallery

To configure the integration of Sugar CRM into Azure AD, you need to add Sugar CRM from the gallery to your
5. In the Add from the gallery section, type Sugar CRM in the search box.
6. Select Sugar CRM from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Sugar CRM

Configure and test Azure AD SSO with Sugar CRM using a test user called B.Simon. For SSO to work, you need
to establish a link relationship between an Azure AD user and the related user in Sugar CRM.
To configure and test Azure AD SSO with Sugar CRM, complete the following building blocks:
2. Configure Sugar CRM SSO - to configure the single sign-on settings on application side.
a. Create Sugar CRM test user - to have a counterpart of B.Simon in Sugar CRM that is linked to the

1. In the Azure portal, on the Sugar CRM application integration page, find the Manage section and select
single sign-on.
edit the settings.
https://<companyname>.sugarondemand.com
https://<companyname>.trial.sugarcrm
https://<companyname>.sugarondemand.com/<companyname>
https://<companyname>.trial.sugarcrm.com/<companyname>
https://<companyname>.trial.sugarcrm.eu/<companyname>
NOTE
These values are not real. Update these values with the actual Sign-On URL and Reply URL. Contact Sugar CRM Client
6. On the Set up Sugar CRM section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Sugar CRM.
2. In the applications list, select Sugar CRM.
Configure Sugar CRM SSO

1. In a different web browser window, sign in to your Sugar CRM company site as an administrator.
2. Go to Admin.
3. In the Administration section, click Password Management.

4. Select Enable SAML Authentication.
a. In the Login URL textbox, paste the value of Login URL, which you have copied from Azure portal.
b. In the SLO URL textbox, paste the value of Logout URL, which you have copied from Azure portal.
paste the entire Certificate into X.509 Certificate textbox.
d. Click Save.
Create Sugar CRM test user
In order to enable Azure AD users to sign in to Sugar CRM, they must be provisioned to Sugar CRM. In the case of
Sugar CRM, provisioning is a manual task.
1. Sign in to your Sugar CRM company site as administrator.
2. Go to Admin.
3. In the Administration section, click User Management.
4. Go to Users > Create New User.
5. On the User Profile tab, perform the following steps:

Type the user name, last name, and email address of a valid Azure Active Directory user into the
related textboxes.
6. As Status, select Active.
7. On the Password tab, perform the following steps:
a. Type the password into the related textbox.

b. Click Save.
NOTE
You can use any other Sugar CRM user account creation tools or APIs provided by Sugar CRM to provision Azure AD user
accounts.
Test SSO
When you click the Sugar CRM tile in the Access Panel, you should be automatically signed in to the Sugar CRM
Try Sugar CRM with Azure AD
SumoLogic
In this tutorial, you learn how to integrate SumoLogic with Azure Active Directory (Azure AD ). Integrating
SumoLogic with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to SumoLogic.
You can enable your users to be automatically signed-in to SumoLogic (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with SumoLogic, you need the following items:
SumoLogic single sign-on enabled subscription
SumoLogic supports SP initiated SSO
Adding SumoLogic from the gallery

To configure the integration of SumoLogic into Azure AD, you need to add SumoLogic from the gallery to your list
To add SumoLogic from the gallery, perform the following steps:
4. In the search box, type SumoLogic, select SumoLogic from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with SumoLogic based on a test user called Britta
SumoLogic needs to be established.
To configure and test Azure AD single sign-on with SumoLogic, you need to complete the following building
blocks:
2. Configure SumoLogic Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create SumoLogic test user - to have a counterpart of Britta Simon in SumoLogic that is linked to the Azure
To configure Azure AD single sign-on with SumoLogic, perform the following steps:
1. In the Azure portal, on the SumoLogic application integration page, select Single sign-on.
dialog.

a. In the Sign on URL text box, type a URL using the following pattern: https://<tenantname>.SumoLogic.com
https://<tenantname>.us2.sumologic.com
https://<tenantname>.sumologic.com
https://<tenantname>.us4.sumologic.com
https://<tenantname>.eu.sumologic.com
https://<tenantname>.au.sumologic.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact SumoLogic Client
6. On the Set up SumoLogic section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure SumoLogic Single Sign-On
1. In a different web browser window, sign in to your SumoLogic company site as an administrator.
2. Go to Manage > Security.
3. Click SAML.
4. From the Select a configuration or create a new one list, select Azure AD, and then click Configure.
5. On the Configure SAML 2.0 dialog, perform the following steps:
a. In the Configuration Name textbox, type Azure AD.

b. Select Debug Mode.
c. In the Issuer textbox, paste the value of Azure AD Identifier, which you have copied from Azure portal.
d. In the Authn Request URL textbox, paste the value of Login URL, which you have copied from Azure
portal.
f. As Email Attribute, select Use SAML subject.
g. Select SP initiated Login Configuration.
h. In the Login Path textbox, type Azure and click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to SumoLogic.
1. In the Azure portal, select Enterprise Applications, select All applications, then select SumoLogic.
2. In the applications list, select SumoLogic.
Create SumoLogic test user
In order to enable Azure AD users to sign in to SumoLogic, they must be provisioned to SumoLogic. In the case of
SumoLogic, provisioning is a manual task.
1. Sign in to your SumoLogic tenant.
2. Go to Manage > Users.
3. Click Add.
4. On the New User dialog, perform the following steps:
a. Type the related information of the Azure AD account you want to provision into the First Name, Last
Name, and Email textboxes.
b. Select a role.
c. As Status, select Active.
d. Click Save.
NOTE
You can use any other SumoLogic user account creation tools or APIs provided by SumoLogic to provision Azure AD user
accounts.
Test single sign-on

When you click the SumoLogic tile in the Access Panel, you should be automatically signed in to the SumoLogic
SumTotalCentral
In this tutorial, you learn how to integrate SumTotalCentral with Azure Active Directory (Azure AD ). Integrating
SumTotalCentral with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to SumTotalCentral.
You can enable your users to be automatically signed-in to SumTotalCentral (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with SumTotalCentral, you need the following items:
SumTotalCentral single sign-on enabled subscription
SumTotalCentral supports SP initiated SSO
Adding SumTotalCentral from the gallery

To configure the integration of SumTotalCentral into Azure AD, you need to add SumTotalCentral from the gallery
To add SumTotalCentral from the gallery, perform the following steps:
4. In the search box, type SumTotalCentral, select SumTotalCentral from result panel then click Add button

In this section, you configure and test Azure AD single sign-on with SumTotalCentral based on a test user called
SumTotalCentral needs to be established.
To configure and test Azure AD single sign-on with SumTotalCentral, you need to complete the following building
blocks:
2. Configure SumTotalCentral Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create SumTotalCentral test user - to have a counterpart of Britta Simon in SumTotalCentral that is linked to
To configure Azure AD single sign-on with SumTotalCentral, perform the following steps:
1. In the Azure portal, on the SumTotalCentral application integration page, select Single sign-on.
dialog.

https://<subdomain>.sumtotalsystems.com/sites/default
b. In the Identifier (Entity ID ) text box, type a value: SumTotalFederationGateway
NOTE
The Sign-on URL value is not real. Update the value with the actual Sign-On URL. Contact SumTotalCentral Client
the Azure portal.
6. On the Set up SumTotalCentral section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure SumTotalCentral Single Sign-On
To configure single sign-on on SumTotalCentral side, you need to send the downloaded Federation Metadata
XML and appropriate copied URLs from Azure portal to SumTotalCentral support team. They set this setting to

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to SumTotalCentral.
1. In the Azure portal, select Enterprise Applications, select All applications, then select SumTotalCentral.
2. In the applications list, select SumTotalCentral.
Create SumTotalCentral test user
In this section, you create a user called Britta Simon in SumTotalCentral. Work with SumTotalCentral support team
to add the users in the SumTotalCentral platform. Users must be created and activated before you use single sign-
on.
Test single sign-on
When you click the SumTotalCentral tile in the Access Panel, you should be automatically signed in to the
SumTotalCentral for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Supermood
In this tutorial, you learn how to integrate Supermood with Azure Active Directory (Azure AD ). Integrating
Supermood with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Supermood.
You can enable your users to be automatically signed-in to Supermood (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Supermood, you need the following items:
Supermood single sign-on enabled subscription
Supermood supports SP and IDP initiated SSO
Supermood supports Just In Time user provisioning
Adding Supermood from the gallery

To configure the integration of Supermood into Azure AD, you need to add Supermood from the gallery to your
To add Supermood from the gallery, perform the following steps:
4. In the search box, type Supermood, select Supermood from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Supermood based on a test user called Britta
Supermood needs to be established.
To configure and test Azure AD single sign-on with Supermood, you need to complete the following building
blocks:
2. Configure Supermood Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Supermood test user - to have a counterpart of Britta Simon in Supermood that is linked to the Azure
To configure Azure AD single sign-on with Supermood, perform the following steps:
1. In the Azure portal, on the Supermood application integration page, select Single sign-on.
dialog.
a. Check Set additional URLs.
b. If you wish to configure the application in IDP initiated mode, in the Relay State textbox, type a URL:
https://supermood.co/auth/sso/saml20
initiated mode:
In the Sign-on URL text box, type the URL: https://supermood.co/app/#!/loginv2
6. Supermood application expects the SAML assertions in a specific format. Configure the following claims for
f. Click Ok
g. Click Save.
Configure Supermood Single Sign-On

1. Go to your Supermood.co admin panel as Security Administrator.
2. Click on My account (bottom left) and Single Sign On (SSO ).
3. On Your SAML 2.0 configurations, Click Add an SAML 2.0 configuration for an email domain.
4. On Add an SAML 2.0 configuration for an email domain. section, perform the following steps:
a. In the email domain for this Identity provider textbox, type your domain.
b. In the Use a metadata URL textbox, paste the App Federation Metadata Url which you have copied
from Azure portal.
c. Click Add.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Supermood.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Supermood.
2. In the applications list, select Supermood.
Create Supermood test user
In this section, a user called Britta Simon is created in Supermood. Supermood supports just-in-time user
exist in Supermood, a new one is created after authentication. If you need to create a user manually,
contact Supermood support team.
Test single sign-on
When you click the Supermood tile in the Access Panel, you should be automatically signed in to the Supermood
integration with SurveyMonkey Enterprise
In this tutorial, you'll learn how to integrate SurveyMonkey Enterprise with Azure Active Directory (Azure AD ).
When you integrate SurveyMonkey Enterprise with Azure AD, you can:
Control in Azure AD who has access to SurveyMonkey Enterprise.
Enable your users to be automatically signed-in to SurveyMonkey Enterprise with their Azure AD accounts.
Prerequisites
SurveyMonkey Enterprise single sign-on (SSO ) enabled subscription.
SurveyMonkey Enterprise supports IDP initiated SSO
NOTE
Adding SurveyMonkey Enterprise from the gallery

To configure the integration of SurveyMonkey Enterprise into Azure AD, you need to add SurveyMonkey
Enterprise from the gallery to your list of managed SaaS apps.
5. In the Add from the gallery section, type SurveyMonkey Enterprise in the search box.
6. Select SurveyMonkey Enterprise from results panel and then add the app. Wait a few seconds while the app
Configure and test Azure AD single sign-on for SurveyMonkey

Enterprise
Configure and test Azure AD SSO with SurveyMonkey Enterprise using a test user called B.Simon. For SSO to
work, you need to establish a link relationship between an Azure AD user and the related user in SurveyMonkey
Enterprise.
To configure and test Azure AD SSO with SurveyMonkey Enterprise, complete the following building blocks:
2. Configure SurveyMonkey Enterprise SSO - to configure the single sign-on settings on application side.
a. Create SurveyMonkey Enterprise test user - to have a counterpart of B.Simon in SurveyMonkey
Enterprise that is linked to the Azure AD representation of user.

1. In the Azure portal, on the SurveyMonkey Enterprise application integration page, find the Manage
edit the settings.
5. SurveyMonkey Enterprise application expects the SAML assertions in a specific format, which requires you
6. In addition to above, SurveyMonkey Enterprise application expects few more attributes to be passed back in
Email user.mail
computer.
8. On the Set up SurveyMonkey Enterprise section, copy the appropriate URL (s) based on your
requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to SurveyMonkey Enterprise.
2. In the applications list, select SurveyMonkey Enterprise.
Configure SurveyMonkey Enterprise SSO

To configure single sign-on on SurveyMonkey Enterprise side, you need to send the downloaded Federation
Metadata XML and appropriate copied URLs from Azure portal to SurveyMonkey Enterprise support team. They
Create SurveyMonkey Enterprise test user
It is not necessary to create a test user in SurveyMonkey Enterprise. User accounts will be provisioned, if the user
chooses to create a new account, based on the SAML assertion. Your SurveyMonkey Enterprise Customer Success
Manager will provide steps to complete this process after your Azure metadata has been added to the
SurveyMonkey Enterprise configuration and it's ready to be validated.
Test SSO
When you click the SurveyMonkey Enterprise tile in the Access Panel, you should be automatically signed in to the
SurveyMonkey Enterprise for which you set up SSO. For more information about the Access Panel, see
Try SurveyMonkey Enterprise with Azure AD
In this tutorial, you will learn how to integrate your Symantec Web Security Service (WSS ) account with your
Azure Active Directory (Azure AD ) account so that WSS can authenticate an end user provisioned in the Azure AD
using SAML authentication and enforce user or group level policy rules.
Integrating Symantec Web Security Service (WSS ) with Azure AD provides you with the following benefits:
Manage all of the end users and groups used by your WSS account from your Azure AD portal.
Allow the end users to authenticate themselves in WSS using their Azure AD credentials.
Enable the enforcement of user and group level policy rules defined in your WSS account.
you begin.
Prerequisites
To configure Azure AD integration with Symantec Web Security Service (WSS ), you need the following items:
Symantec Web Security Service (WSS ) single sign-on enabled subscription
Symantec Web Security Service (WSS ) supports IDP initiated SSO
Adding Symantec Web Security Service (WSS) from the gallery

To configure the integration of Symantec Web Security Service (WSS ) into Azure AD, you need to add Symantec
Web Security Service (WSS ) from the gallery to your list of managed SaaS apps.
To add Symantec Web Security Service (WSS ) from the gallery, perform the following steps:
4. In the search box, type Symantec Web Security Service (WSS ), select Symantec Web Security Service
(WSS ) from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Symantec Web Security Service (WSS ) based
the related user in Symantec Web Security Service (WSS ) needs to be established.
To configure and test Azure AD single sign-on with Symantec Web Security Service (WSS ), you need to complete
2. Configure Symantec Web Security Service (WSS ) Single Sign-On - to configure the Single Sign-On
5. Create Symantec Web Security Service (WSS ) test user - to have a counterpart of Britta Simon in
Symantec Web Security Service (WSS ) that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with Symantec Web Security Service (WSS ), perform the following steps:
1. In the Azure portal, on the Symantec Web Security Service (WSS ) application integration page, select
Single sign-on.
dialog.
4. On the Basic SAML Configuration dialog, perform the following steps:

a. In the Identifier text box, type a URL: https://saml.threatpulse.net:8443/saml/saml_realm
b. In the Reply URL text box, type a URL: https://saml.threatpulse.net:8443/saml/saml_realm/bcsamlpost
NOTE
Contact Symantec Web Security Service (WSS) Client support team f the values for the Identifier and Reply URL are
not working for some reason.. You can also refer to the patterns shown in the Basic SAML Configuration section in
the Azure portal.
Configure Symantec Web Security Service (WSS ) Single Sign-On

To configure single sign-on on the Symantec Web Security Service (WSS ) side, refer to the WSS online
documentation. The downloaded Federation Metadata XML will need to be imported into the WSS portal.
Contact the Symantec Web Security Service (WSS ) support team if you need assistance with the configuration on
the WSS portal.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Symantec Web Security
Service (WSS ).
1. In the Azure portal, select Enterprise Applications, select All applications, then select Symantec Web
Security Service (WSS ).
2. In the applications list, type and select Symantec Web Security Service (WSS ).
Create Symantec Web Security Service (WSS ) test user
In this section, you create a user called Britta Simon in Symantec Web Security Service (WSS ). The corresponding
end username can be manually created in the WSS portal or you can wait for the users/groups provisioned in the
Azure AD to be synchronized to the WSS portal after a few minutes (~15 minutes). Users must be created and
activated before you use single sign-on. The public IP address of the end user machine, which will be used to
browse websites also need to be provisioned in the Symantec Web Security Service (WSS ) portal.
NOTE
Please click here to get your machine's public IPaddress.
Test single sign-on

In this section, you'll test the single sign-on functionality now that you've configured your WSS account to use your
Azure AD for SAML authentication.
After you have configured your web browser to proxy traffic to WSS, when you open your web browser and try to
browse to a site then you'll be redirected to the Azure sign-on page. Enter the credentials of the test end user that
has been provisioned in the Azure AD (that is, BrittaSimon) and associated password. Once authenticated, you'll be
able to browse to the website that you chose. Should you create a policy rule on the WSS side to block BrittaSimon
from browsing to a particular site then you should see the WSS block page when you attempt to browse to that
site as user BrittaSimon.
Tutorial: Integrate Syncplicity with Azure Active
Directory
In this tutorial, you'll learn how to integrate Syncplicity with Azure Active Directory (Azure AD ). When you
integrate Syncplicity with Azure AD, you can:
Control in Azure AD who has access to Syncplicity.
Enable your users to be automatically signed-in to Syncplicity with their Azure AD accounts.
Prerequisites
Syncplicity single sign-on (SSO ) enabled subscription.
In this tutorial, you configure and test Azure AD SSO in a test environment. Syncplicity supports SP initiated SSO.
Adding Syncplicity from the gallery

To configure the integration of Syncplicity into Azure AD, you need to add Syncplicity from the gallery to your list
5. In the Add from the gallery section, type Syncplicity in the search box.
6. Select Syncplicity from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD SSO

Configure and test Azure AD SSO with Syncplicity using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in Syncplicity.
To configure and test Azure AD SSO with Syncplicity, complete the following building blocks:
2. Configure Syncplicity SSO - to configure the Single Sign-On settings on application side.
5. Create Syncplicity test user - to have a counterpart of B.Simon in Syncplicity that is linked to the Azure AD
1. In the Azure portal, on the Syncplicity application integration page, find the Manage section and select
Single sign-on.
https://<companyname>.syncplicity.com
https://<companyname>.syncplicity.com/sp
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Syncplicity Client
6. On the Set up Syncplicity section, copy the appropriate URL (s) based on your requirement.
Configure Syncplicity SSO
1. Sign in to your Syncplicity tenant.
2. In the menu on the top, click admin, select settings, and then click Custom domain and single sign-on.
3. On the Single Sign-On (SSO ) dialog page, perform the following steps:
a. In the Custom Domain textbox, type the name of your domain.

b. Select Enabled as Single Sign-On Status.
c. In the Entity Id textbox, Paste the Identifier (Entity ID ) value, which you have used in the Basic SAML
Configuration in the Azure portal.
d. In the Sign-in page URL textbox, Paste the Login URL which you have copied from Azure portal.
e. In the Logout page URL textbox, Paste the Logout URL which you have copied from Azure portal.
f. In Identity Provider Certificate, click Choose file, and then upload the certificate which you have
downloaded from the Azure portal.
g. Click SAVE CHANGES.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Syncplicity.
2. In the applications list, select Syncplicity.
Create Syncplicity test user
For Azure AD users to be able to sign in, they must be provisioned to Syncplicity application. This section describes
how to create Azure AD user accounts in Syncplicity.
To provision a user account to Syncplicity, perform the following steps:
1. Sign in to your Syncplicity tenant (for example: https://company.Syncplicity.com ).
2. Click admin and select user accounts and then click ADD A USER.
3. Type the Email addresses of an Azure AD account you want to provision, select User as Role, and then
click NEXT.
NOTE
The Azure AD account holder gets an email including a link to confirm and activate the account.
4. Select a group in your company that your new user should become a member of, and then click NEXT.
NOTE
If there are no groups listed, click NEXT.
5. Select the folders you would like to place under Syncplicity’s control on the user’s computer, and then click
NEXT.
NOTE
You can use any other Syncplicity user account creation tools or APIs provided by Syncplicity to provision Azure AD user
accounts.
Test SSO
When you select the Syncplicity tile in the Access Panel, you should be automatically signed in to the Syncplicity for
Synergi
In this tutorial, you learn how to integrate Synergi with Azure Active Directory (Azure AD ). Integrating Synergi with
You can control in Azure AD who has access to Synergi.
You can enable your users to be automatically signed-in to Synergi (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Synergi, you need the following items:
Synergi single sign-on enabled subscription
Synergi supports IDP initiated SSO
Adding Synergi from the gallery

To configure the integration of Synergi into Azure AD, you need to add Synergi from the gallery to your list of
managed SaaS apps.
To add Synergi from the gallery, perform the following steps:
4. In the search box, type Synergi, select Synergi from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Synergi based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Synergi
To configure and test Azure AD single sign-on with Synergi, you need to complete the following building blocks:
2. Configure Synergi Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Synergi test user - to have a counterpart of Britta Simon in Synergi that is linked to the Azure AD
To configure Azure AD single sign-on with Synergi, perform the following steps:
1. In the Azure portal, on the Synergi application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type a URL using the following pattern: https://<company name>.irmsecurity.com
https://<company name>.irmsecurity.com/sso/<organization id>
NOTE
These values are not real. Update these values with the actual Identifier and Reply URL. Contact Synergi Client
6. On the Set up Synergi section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Synergi Single Sign-On
To configure single sign-on on Synergi side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to Synergi support team. They set this setting to have the SAML SSO

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Synergi.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Synergi.
2. In the applications list, select Synergi.
Create Synergi test user
In this section, you create a user called Britta Simon in Synergi. Work with Synergi support team to add the users in
the Synergi platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Synergi tile in the Access Panel, you should be automatically signed in to the Synergi for which
Tutorial: Azure Active Directory integration with T&E
Express
In this tutorial, you learn how to integrate T&E Express with Azure Active Directory (Azure AD ). Integrating T&E
Express with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to T&E Express.
You can enable your users to be automatically signed-in to T&E Express (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with T&E Express, you need the following items:
T&E Express single sign-on enabled subscription
T&E Express supports IDP initiated SSO
Adding T&E Express from the gallery

To configure the integration of T&E Express into Azure AD, you need to add T&E Express from the gallery to your
To add T&E Express from the gallery, perform the following steps:
4. In the search box, type T&E Express, select T&E Express from result panel then click Add button to add
the application.

In this section, you configure and test Azure AD single sign-on with T&E Express based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in T&E
Express needs to be established.
To configure and test Azure AD single sign-on with T&E Express, you need to complete the following building
blocks:
2. Configure T&E Express Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create T&E Express test user - to have a counterpart of Britta Simon in T&E Express that is linked to the
To configure Azure AD single sign-on with T&E Express, perform the following steps:
1. In the Azure portal, on the T&E Express application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type the value as URL using the following pattern:
https://<domain>.tyeexpress.com
https://<domain>.tyeexpress.com/authorize/samlConsume.aspx
NOTE
the unique value of string in the Identifier. Contact T&E Express Client support team to get these values. You can also
refer to the patterns shown in the Basic SAML Configuration section in the Azure portal.
6. On the Set up T&E Express section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure T&E Express Single Sign-On
1. To configure single sign-on on T&E Express side, login to the T&E express application without SAML single
sign on using admin credentials.
2. Under the Admin Tab, Click on SAML domain to Open the SAML settings page.
3. Select the Activar(Activate) option from No to SI (Yes). In the Identity Provider Metadata textbox,
paste the metadata XML which you have downloaded from the Azure portal.
4. Click on the Guardar(Save) button to save the settings.


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to T&E Express.
1. In the Azure portal, select Enterprise Applications, select All applications, then select T&E Express.
2. In the applications list, select T&E Express.
Create T&E Express test user
In order to enable Azure AD users to log into T&E Express, they must be provisioned into T&E Express. In case of
T&E Express, provisioning is a manual task.
1. Log in to your T&E Express company site as an administrator.
2. Under Admin tag, click on Users to open the Users master page.
3. On the home page, click on + to add the users.
4. Enter all the mandatory details as asked in the form and click the save button to save the details.
Test single sign-on
When you click the T&E Express tile in the Access Panel, you should be automatically signed in to the T&E Express
Tableau Online
In this tutorial, you learn how to integrate Tableau Online with Azure Active Directory (Azure AD ). Integrating
Tableau Online with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Tableau Online.
You can enable your users to be automatically signed-in to Tableau Online (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Tableau Online, you need the following items:
Tableau Online single sign-on enabled subscription
Tableau Online supports SP initiated SSO
Adding Tableau Online from the gallery

To configure the integration of Tableau Online into Azure AD, you need to add Tableau Online from the gallery to
To add Tableau Online from the gallery, perform the following steps:
4. In the search box, type Tableau Online, select Tableau Online from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with Tableau Online based on a test user called
Tableau Online needs to be established.
To configure and test Azure AD single sign-on with Tableau Online, you need to complete the following building
blocks:
2. Configure Tableau Online Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Tableau Online test user - to have a counterpart of Britta Simon in Tableau Online that is linked to the
To configure Azure AD single sign-on with Tableau Online, perform the following steps:
1. In the Azure portal, on the Tableau Online application integration page, select Single sign-on.
dialog.

https://sso.online.tableau.com/public/sp/login?alias=<entityid>

https://sso.online.tableau.com/public/sp/metadata?alias=<entityid>
NOTE
You will get the <entityid> value from the Set up Tableau Online section in this tutorial. The entity ID value will
be Azure AD identifier value in Set up Tableau Online section.
6. On the Set up Tableau Online section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Tableau Online Single Sign-On
1. In a different browser window, sign-on to your Tableau Online application. Go to Settings and then
Authentication.
2. To enable SAML, Under Authentication types section. Check Enable an additional authentication
method and then check SAML checkbox.
3. Scroll down up to Import metadata file into Tableau Online section. Click Browse and import the
metadata file, which you have downloaded from Azure AD. Then, click Apply.
4. In the Match assertions section, insert the corresponding Identity Provider assertion name for email
address, first name, and last name. To get this information from Azure AD:
a. In the Azure portal, go on the Tableau Online application integration page.
b. In the User Attributes & Claims section, click on the edit icon.
c. Copy the namespace value for these attributes: givenname, email and surname by using the following
steps:
d. Click user.givenname value
e. Copy the value from the Namespace textbox.
f. To copy the namespace values for the email and surname repeat the above steps.
g. Switch to the Tableau Online application, then set the User Attributes & Claims section as follows:
Email: mail or userprincipalname
First name: givenname
Last name: surname

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Tableau Online.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Tableau Online.
2. In the applications list, select Tableau Online.
Create Tableau Online test user
In this section, you create a user called Britta Simon in Tableau Online.
1. On Tableau Online, click Settings and then Authentication section. Scroll down to Manage Users
section. Click Add Users and then click Enter Email Addresses.
2. Select Add users for (SAML ) authentication. In the Enter email addresses textbox add
britta.simon@contoso.com
3. Click Add Users.

Test single sign-on
When you click the Tableau Online tile in the Access Panel, you should be automatically signed in to the Tableau
Panel.
integration with Tableau Server
In this tutorial, you'll learn how to integrate Tableau Server with Azure Active Directory (Azure AD ). When you
integrate Tableau Server with Azure AD, you can:
Control in Azure AD who has access to Tableau Server.
Enable your users to be automatically signed-in to Tableau Server with their Azure AD accounts.
Prerequisites
Tableau Server single sign-on (SSO ) enabled subscription.
Tableau Server supports SP initiated SSO
Adding Tableau Server from the gallery

To configure the integration of Tableau Server into Azure AD, you need to add Tableau Server from the gallery to
5. In the Add from the gallery section, type Tableau Server in the search box.
6. Select Tableau Server from results panel and then add the app. Wait a few seconds while the app is added to
your tenant.
Configure and test Azure AD single sign-on for Tableau Server

Configure and test Azure AD SSO with Tableau Server using a test user called B.Simon. For SSO to work, you
need to establish a link relationship between an Azure AD user and the related user in Tableau Server.
To configure and test Azure AD SSO with Tableau Server, complete the following building blocks:
2. Configure Tableau Server SSO - to configure the single sign-on settings on application side.
a. Create Tableau Server test user - to have a counterpart of B.Simon in Tableau Server that is linked to

1. In the Azure portal, on the Tableau Server application integration page, find the Manage section and
edit the settings.
a. In the Sign-on URL text box, type a URL using the following pattern: https://azure.<domain name>.link
b. In the Identifier box, type a URL using the following pattern: https://azure.<domain name>.link
https://azure.<domain name>.link/wg/saml/SSO/index.html
NOTE
The preceding values are not real values. Update the values with the actual URL and identifier from the Tableau Server
configuration page which is explained later in the tutorial.
computer.
6. On the Set up Tableau Server section, copy the appropriate URL (s) based on your requirement.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Tableau Server.
2. In the applications list, select Tableau Server.
Configure Tableau Server SSO

1. To get SSO configured for your application, you need to sign in to your Tableau Server tenant as an
administrator.
2. On the CONFIGURATION tab, select User Identity & Access, and then select the Authentication
Method tab.
3. On the CONFIGURATION page, perform the following steps:
a. For Authentication Method, select SAML.

b. Select the checkbox of Enable SAML Authentication for the server.
c. Tableau Server return URL —The URL that Tableau Server users will be accessing, such as
http://tableau_server. Using http://localhost is not recommended. Using a URL with a trailing slash (for
example, http://tableau_server/ ) is not supported. Copy Tableau Server return URL and paste it in to
Sign On URL textbox in Basic SAML Configuration section in the Azure portal
d. SAML entity ID —The entity ID uniquely identifies your Tableau Server installation to the IdP. You can
enter your Tableau Server URL again here, if you like, but it does not have to be your Tableau Server URL.
Copy SAML entity ID and paste it in to Identifier textbox in Basic SAML Configuration section in the
Azure portal
e. Click the Download XML Metadata File and open it in the text editor application. Locate Assertion
Consumer Service URL with Http Post and Index 0 and copy the URL. Now paste it in to Reply URL textbox
in Basic SAML Configuration section in the Azure portal
f. Locate your Federation Metadata file downloaded from Azure portal, and then upload it in the SAML Idp
metadata file.
g. Enter the names for the attributes that the IdP uses to hold the user names, display names, and email
addresses.
h. Click Save
NOTE
Customer have to upload any certificate in the Tableau Server SAML SSO configuration and it will get ignored in the
SSO flow. If you need help configuring SAML on Tableau Server then please refer to this article Configure SAML.
Create Tableau Server test user

The objective of this section is to create a user called B.Simon in Tableau Server. You need to provision all the users
in the Tableau server.
That username of the user should match the value which you have configured in the Azure AD custom attribute of
username. With the correct mapping the integration should work Configuring Azure AD Single Sign-On.
NOTE
If you need to create a user manually, you need to contact the Tableau Server administrator in your organization.
Test SSO
When you click the Tableau Server tile in the Access Panel, you should be automatically signed in to the Tableau
Server for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Try Tableau Server with Azure AD
TalentLMS
In this tutorial, you learn how to integrate TalentLMS with Azure Active Directory (Azure AD ). Integrating
TalentLMS with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to TalentLMS.
You can enable your users to be automatically signed-in to TalentLMS (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with TalentLMS, you need the following items:
TalentLMS single sign-on enabled subscription
TalentLMS supports SP initiated SSO
Adding TalentLMS from the gallery

To configure the integration of TalentLMS into Azure AD, you need to add TalentLMS from the gallery to your list
To add TalentLMS from the gallery, perform the following steps:
4. In the search box, type TalentLMS, select TalentLMS from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with TalentLMS based on a test user called Britta
TalentLMS needs to be established.
To configure and test Azure AD single sign-on with TalentLMS, you need to complete the following building blocks:
2. Configure TalentLMS Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create TalentLMS test user - to have a counterpart of Britta Simon in TalentLMS that is linked to the Azure
To configure Azure AD single sign-on with TalentLMS, perform the following steps:
1. In the Azure portal, on the TalentLMS application integration page, select Single sign-on.
dialog.

https://<tenant-name>.TalentLMSapp.com
http://<tenant-name>.talentlms.com
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact TalentLMS Client
7. On the Set up TalentLMS section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure TalentLMS Single Sign-On
1. In a different web browser window, sign in to your TalentLMS company site as an administrator.
2. In the Account & Settings section, click the Users tab.
3. Click Single Sign-On (SSO ),

4. In the Single Sign-On section, perform the following steps:
a. From the SSO integration type list, select SAML 2.0.

b. In the Identity provider (IDP ) textbox, paste the value of Azure AD Identifier, which you have copied
from Azure portal.
c. Paste the Thumbprint value from Azure portal into the Certificate fingerprint textbox.
d. In the Remote sign-in URL textbox, paste the value of Login URL, which you have copied from Azure
portal.
e. In the Remote sign-out URL textbox, paste the value of Logout URL, which you have copied from Azure
portal.
f. Fill in the following:
In the TargetedID textbox, type http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
In the First name textbox, type http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
In the Last name textbox, type http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
In the Email textbox, type http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
5. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to TalentLMS.
1. In the Azure portal, select Enterprise Applications, select All applications, then select TalentLMS.
2. In the applications list, select TalentLMS.
Create TalentLMS test user
To enable Azure AD users to sign in to TalentLMS, they must be provisioned into TalentLMS. In the case of
TalentLMS, provisioning is a manual task.
1. Sign in to your TalentLMS tenant.
2. Click Users, and then click Add User.
3. On the Add user dialog page, perform the following steps:
c. In the Email address textbox, enter the email of user like brittasimon\@contoso.com .
d. Click Add User.
NOTE
You can use any other TalentLMS user account creation tools or APIs provided by TalentLMS to provision Azure AD user
accounts.
Test single sign-on

When you click the TalentLMS tile in the Access Panel, you should be automatically signed in to the TalentLMS for
Talent Palette
In this tutorial, you learn how to integrate Talent Palette with Azure Active Directory (Azure AD ). Integrating Talent
Palette with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Talent Palette.
You can enable your users to be automatically signed-in to Talent Palette (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Talent Palette, you need the following items:
Talent Palette single sign-on enabled subscription
Folloze supports IDP initiated SSO
Folloze supports Just In Time user provisioning
Adding Talent Palette from the gallery

To configure the integration of Talent Palette into Azure AD, you need to add Talent Palette from the gallery to your
To add Talent Palette from the gallery, perform the following steps:
4. In the search box, type Talent Palette, select Talent Palette from result panel then click Add button to add
the application.

In this section, you configure and test Azure AD single sign-on with Talent Palette based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Talent
Palette needs to be established.
To configure and test Azure AD single sign-on with Talent Palette, you need to complete the following building
blocks:
2. Configure Talent Palette Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Talent Palette test user - to have a counterpart of Britta Simon in Talent Palette that is linked to the
To configure Azure AD single sign-on with Talent Palette, perform the following steps:
1. In the Azure portal, on the Talent Palette application integration page, select Single sign-on.
dialog.
https://talent-p.net/saml/acs/<tenantID>
initiated mode:
https://talent-p.net/saml/sso/<tenantID>
NOTE
These values are not real. Update these values with the actual Reply URL and Sign-On URL. Contact Talent Palette
on your computer.
7. On the Set up Talent Palette section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Talent Palette Single Sign-On
To configure single sign-on on Talent Palette side, you need to send the downloaded Certificate (Raw) and
appropriate copied URLs from Azure portal to Talent Palette support team. They set this setting to have the SAML

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Talent Palette.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Talent Palette.
2. In the applications list, type and select Talent Palette.
Create Talent Palette test user
In this section, you create a user called Britta Simon in Talent Palette. Work with Talent Palette support team to add
the users in the Talent Palette platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Talent Palette tile in the Access Panel, you should be automatically signed in to the Talent
Palette for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Tango Analytics
In this tutorial, you learn how to integrate Tango Analytics with Azure Active Directory (Azure AD ). Integrating
Tango Analytics with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Tango Analytics.
You can enable your users to be automatically signed-in to Tango Analytics (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Tango Analytics, you need the following items:
Tango Analytics single sign-on enabled subscription
Tango Analytics supports IDP initiated SSO
Adding Tango Analytics from the gallery

To configure the integration of Tango Analytics into Azure AD, you need to add Tango Analytics from the gallery to
To add Tango Analytics from the gallery, perform the following steps:
4. In the search box, type Tango Analytics, select Tango Analytics from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with Tango Analytics based on a test user called
Tango Analytics needs to be established.
To configure and test Azure AD single sign-on with Tango Analytics, you need to complete the following building
blocks:
2. Configure Tango Analytics Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Tango Analytics test user - to have a counterpart of Britta Simon in Tango Analytics that is linked to
To configure Azure AD single sign-on with Tango Analytics, perform the following steps:
1. In the Azure portal, on the Tango Analytics application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type the value: TACORE_SSO
https://mts.tangoanalytics.com/saml2/sp/acs/post
NOTE
The Reply URL value is not real. Update this with the actual Reply URL. Contact Tango Analytics Client support team
to get this value. You can also refer to the patterns shown in the Basic SAML Configuration section in the Azure
portal.
6. On the Set up Tango Analytics section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Tango Analytics Single Sign-On
To configure single sign-on on Tango Analytics side, you need to send the downloaded Federation Metadata
XML and appropriate copied URLs from Azure portal to Tango Analytics support team. They set this setting to

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Tango Analytics.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Tango Analytics.
2. In the applications list, select Tango Analytics.
Create Tango Analytics test user
In this section, you create a user called Britta Simon in Tango Analytics. Work with Tango Analytics support team to
add the users in the Tango Analytics platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Tango Analytics tile in the Access Panel, you should be automatically signed in to the Tango
Analytics for which you set up SSO. For more information about the Access Panel, see Introduction to the Access
Panel.
Tangoe Command Premium Mobile
In this tutorial, you learn how to integrate Tangoe Command Premium Mobile with Azure Active Directory (Azure
AD ). Integrating Tangoe Command Premium Mobile with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Tangoe Command Premium Mobile.
You can enable your users to be automatically signed-in to Tangoe Command Premium Mobile (Single Sign-
you begin.
Prerequisites
To configure Azure AD integration with Tangoe Command Premium Mobile, you need the following items:
Tangoe Command Premium Mobile single sign-on enabled subscription
Tangoe Command Premium Mobile supports SP initiated SSO
Adding Tangoe Command Premium Mobile from the gallery

To configure the integration of Tangoe Command Premium Mobile into Azure AD, you need to add Tangoe
Command Premium Mobile from the gallery to your list of managed SaaS apps.
To add Tangoe Command Premium Mobile from the gallery, perform the following steps:
4. In the search box, type Tangoe Command Premium Mobile, select Tangoe Command Premium
Mobile from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with Tangoe Command Premium Mobile based on
related user in Tangoe Command Premium Mobile needs to be established.
To configure and test Azure AD single sign-on with Tangoe Command Premium Mobile, you need to complete the
2. Configure Tangoe Command Premium Mobile Single Sign-On - to configure the Single Sign-On settings
5. Create Tangoe Command Premium Mobile test user - to have a counterpart of Britta Simon in Tangoe
Command Premium Mobile that is linked to the Azure AD representation of user.
To configure Azure AD single sign-on with Tangoe Command Premium Mobile, perform the following steps:
1. In the Azure portal, on the Tangoe Command Premium Mobile application integration page, select
Single sign-on.
dialog.

https://sso.tangoe.com/sp/startSSO.ping?PartnerIdpId=<tenant issuer>&TARGET=<target page url>
b. In the Reply URL text box, type a URL using the following pattern: https://sso.tangoe.com/sp/ACS.saml2
NOTE
These values are not real. Update these values with the actual Sign on URL and Reply URL. Contact Tangoe Command
Premium Mobile Client support team to get these values. You can also refer to the patterns shown in the Basic
6. On the Set up Tangoe Command Premium Mobile section, copy the appropriate URL (s) as per your
requirement.
a. Login URL
c. Logout URL
Configure Tangoe Command Premium Mobile Single Sign-On
To configure single sign-on on Tangoe Command Premium Mobile side, you need to send the downloaded
Federation Metadata XML and appropriate copied URLs from Azure portal to Tangoe Command Premium
Mobile support team. They set this setting to have the SAML SSO connection set properly on both sides.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Tangoe Command
Premium Mobile.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Tangoe
Command Premium Mobile.
2. In the applications list, select Tangoe Command Premium Mobile.

Create Tangoe Command Premium Mobile test user
In this section, you create a user called Britta Simon in Tangoe Command Premium Mobile. Work with Tangoe
Command Premium Mobile support team to add the users in the Tangoe Command Premium Mobile platform.
Test single sign-on
When you click the Tangoe Command Premium Mobile tile in the Access Panel, you should be automatically
signed in to the Tangoe Command Premium Mobile for which you set up SSO. For more information about the
TargetProcess
In this tutorial, you learn how to integrate TargetProcess with Azure Active Directory (Azure AD ). Integrating
TargetProcess with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to TargetProcess.
You can enable your users to be automatically signed-in to TargetProcess (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with TargetProcess, you need the following items:
TargetProcess single sign-on enabled subscription
TargetProcess supports SP initiated SSO
TargetProcess supports Just In Time user provisioning
Adding TargetProcess from the gallery

To configure the integration of TargetProcess into Azure AD, you need to add TargetProcess from the gallery to
To add TargetProcess from the gallery, perform the following steps:
4. In the search box, type TargetProcess, select TargetProcess from result panel then click Add button to add
the application.

In this section, you configure and test Azure AD single sign-on with TargetProcess based on a test user called
TargetProcess needs to be established.
To configure and test Azure AD single sign-on with TargetProcess, you need to complete the following building
blocks:
2. Configure TargetProcess Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create TargetProcess test user - to have a counterpart of Britta Simon in TargetProcess that is linked to the
To configure Azure AD single sign-on with TargetProcess, perform the following steps:
1. In the Azure portal, on the TargetProcess application integration page, select Single sign-on.
dialog.

https://<subdomain>.tpondemand.com/
https://<subdomain>.tpondemand.com/
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact TargetProcess
6. On the Set up TargetProcess section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure TargetProcess Single Sign-On
1. To automate the configuration within TargetProcess, you need to install My Apps Secure Sign-in
2. After adding extension to the browser, click on setup TargetProcess will direct you to the TargetProcess
application. From there, provide the admin credentials to sign into TargetProcess. The browser extension
will automatically configure the application for you and automate steps 3-7.
If you want to configure the application manually perform the following steps:
3. Sign-on to your TargetProcess application as an administrator.
4. In the menu on the top, click Setup.
5. Click Settings tab.
6. Click Single Sign-on tab.

7. On the Single Sign-on settings dialog, perform the following steps:
a. Click Enable Single Sign-on.

b. In Sign-on URL textbox, paste the value of Login URL which you have copied from Azure portal.
c. Open your downloaded certificate in notepad, copy the content, and then paste it into the Certificate
textbox.
d. click Enable JIT Provisioning.
e. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to TargetProcess.
1. In the Azure portal, select Enterprise Applications, select All applications, then select TargetProcess.
2. In the applications list, select TargetProcess.
Create TargetProcess test user
In this section, a user called Britta Simon is created in TargetProcess. TargetProcess supports just-in-time user
exist in TargetProcess, a new one is created after authentication.
NOTE
If you need to create a user manually, contact TargetProcess support team.
Test single sign-on

When you click the TargetProcess tile in the Access Panel, you should be automatically signed in to the
TargetProcess for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Tutorial: Azure Active Directory integration with TAS
In this tutorial, you learn how to integrate TAS with Azure Active Directory (Azure AD ). Integrating TAS with Azure
You can control in Azure AD who has access to TAS.
You can enable your users to be automatically signed-in to TAS (Single Sign-On) with their Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with TAS, you need the following items:
TAS single sign-on enabled subscription
TAS supports SP and IDP initiated SSO
Adding TAS from the gallery

To configure the integration of TAS into Azure AD, you need to add TAS from the gallery to your list of managed
SaaS apps.
To add TAS from the gallery, perform the following steps:
4. In the search box, type TAS, select TAS from result panel then click Add button to add the application.

In this section, you configure and test Azure AD single sign-on with TAS based on a test user called Britta Simon.
For single sign-on to work, a link relationship between an Azure AD user and the related user in TAS needs to be
established.
To configure and test Azure AD single sign-on with TAS, you need to complete the following building blocks:
2. Configure TAS Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create TAS test user - to have a counterpart of Britta Simon in TAS that is linked to the Azure AD
To configure Azure AD single sign-on with TAS, perform the following steps:
1. In the Azure portal, on the TAS application integration page, select Single sign-on.
dialog.
a. In the Identifier text box, type a URL using the following pattern: https://taseu.combtas.com/<DOMAIN>
https://taseu.combtas.com/<ENVIRONMENTNAME>/AssertionService.aspx
initiated mode:
In the Sign-on URL text box, type a URL using the following pattern: https://taseu.combtas.com/<DOMAIN>
NOTE
These values are not real. You will update these with the actual Identifier, Reply URL and Sign-on URL which is
the Azure portal.
7. On the Set up TAS section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure TAS Single Sign-On
1. In a different web browser window, login to TAS as an Administrator.
2. On the left side of menu, click on Settings and navigate to Administrator and then click on Manage
Single sign on.
3. On the Manage Single sign on page, perform the following steps:
a. In the Name textbox, type your environment name.

b. Select SAML2 as Authentication Type.
c. In the Enter URL textbox, paste the value of Login URL which you have copied from the Azure portal.
d. In Notepad, open the base-64 encoded certificate that you downloaded from the Azure portal, copy its
content, and then paste it into the Enter Certification box.
e. In the Enter New IP textbox, type the IP Address.
NOTE
Contact TAS support team to get the IP Address.
f. Copy the Single Sign On url and paste it into the identifier (Entity ID ) and Sign on URL textbox of
Basic SAML Configuration in Azure portal. Please note that the url is case sensitive and must end with a
slash (/).
g. Copy the Assertion Service url in the setup page and paste it into the Reply URL textbox of Basic
SAML Configuration in Azure portal.
h. Click Insert SSO row.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to TAS.
1. In the Azure portal, select Enterprise Applications, select All applications, then select TAS.
2. In the applications list, select TAS.

Create TAS test user
In this section, you create a user called Britta Simon in TAS. Work with TAS support team to add the users in the
TAS platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the TAS tile in the Access Panel, you should be automatically signed in to the TAS for which you set
integration with Teamphoria
In this tutorial, you'll learn how to integrate Teamphoria with Azure Active Directory (Azure AD ). When you
integrate Teamphoria with Azure AD, you can:
Control in Azure AD who has access to Teamphoria.
Enable your users to be automatically signed-in to Teamphoria with their Azure AD accounts.
Prerequisites
Teamphoria single sign-on (SSO ) enabled subscription.
Teamphoria supports SP initiated SSO
Adding Teamphoria from the gallery

To configure the integration of Teamphoria into Azure AD, you need to add Teamphoria from the gallery to your
5. In the Add from the gallery section, type Teamphoria in the search box.
6. Select Teamphoria from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for Teamphoria

Configure and test Azure AD SSO with Teamphoria using a test user called B.Simon. For SSO to work, you need
to establish a link relationship between an Azure AD user and the related user in Teamphoria.
To configure and test Azure AD SSO with Teamphoria, complete the following building blocks:
2. Configure Teamphoria SSO - to configure the single sign-on settings on application side.
a. Create Teamphoria test user - to have a counterpart of B.Simon in Teamphoria that is linked to the

1. In the Azure portal, on the Teamphoria application integration page, find the Manage section and select
single sign-on.
edit the settings.
https://<sub-domain>.teamphoria.com/login
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact Teamphoria Client support team to get
6. On the Set up Teamphoria section, copy the appropriate URL (s) based on your requirement.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Teamphoria.
2. In the applications list, select Teamphoria.
Configure Teamphoria SSO

1. To automate the configuration within Teamphoria, you need to install My Apps Secure Sign-in browser
2. After adding extension to the browser, click on Set up Teamphoria will direct you to the Teamphoria
application. From there, provide the admin credentials to sign into Teamphoria. The browser extension will
3. If you want to setup Teamphoria manually, open a new web browser window and sign into your Teamphoria
4. Go to ADMIN SETTINGS option in the left toolbar and under the Configure Tab click on SINGLE SIGN -
ON to open the SSO configuration window.
5. Click on ADD NEW IDENTITY PROVIDER option in the top right corner to open the form for adding the
settings for SSO.
6. Enter the details in the fields as described below -
a. DISPLAY NAME: Enter the display name of the plugin on the admin page.
b. BUTTON NAME: The name of the tab that will display on the login page for logging in via SSO.
c. CERTIFICATE: Open the Certificate downloaded earlier from the Azure portal in notepad, copy the
contents of the same and paste it here in the box.
d. ENTRY POINT: Paste the Login URL copied earlier from the Azure portal.
e. Switch the option to ON and click on SAVE.
Create Teamphoria test user
In order to enable Azure AD users to sign in to Teamphoria, they must be provisioned into Teamphoria. In the case
of Teamphoria, provisioning is a manual task.
1. Sign in to your Teamphoria company site as an administrator.
2. Click on ADMIN settings on the left toolbar and under the MANAGE tab Click on USERS to open the
admin page for users.
3. Click on the MANUAL INVITE option.
4. On this page, perform following action.
a. In the EMAIL ADDRESS textbox, enter the email address of the user like B.Simon.
b. In the FIRST NAME textbox, enter the first name of the user like B.
c. In the LAST NAME textbox, enter the last name of the user like Simon.
d. Click INVITE 1 USER. User needs to accept the invite to get created in the system.
Test SSO
When you click the Teamphoria tile in the Access Panel, you should be automatically signed in to the Teamphoria
Try Teamphoria with Azure AD
TeamSeer
In this tutorial, you learn how to integrate TeamSeer with Azure Active Directory (Azure AD ). Integrating TeamSeer
You can control in Azure AD who has access to TeamSeer.
You can enable your users to be automatically signed-in to TeamSeer (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with TeamSeer, you need the following items:
TeamSeer single sign-on enabled subscription
TeamSeer supports SP initiated SSO
Adding TeamSeer from the gallery

To configure the integration of TeamSeer into Azure AD, you need to add TeamSeer from the gallery to your list of
managed SaaS apps.
To add TeamSeer from the gallery, perform the following steps:
4. In the search box, type TeamSeer, select TeamSeer from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with TeamSeer based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in TeamSeer
To configure and test Azure AD single sign-on with TeamSeer, you need to complete the following building blocks:
2. Configure TeamSeer Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create TeamSeer test user - to have a counterpart of Britta Simon in TeamSeer that is linked to the Azure AD
To configure Azure AD single sign-on with TeamSeer, perform the following steps:
1. In the Azure portal, on the TeamSeer application integration page, select Single sign-on.
dialog.

In the Sign-on URL text box, type a URL using the following pattern: https://www.teamseer.com/<companyid>
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact TeamSeer Client support team to get
6. On the Set up TeamSeer section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure TeamSeer Single Sign-On
1. In a different web browser window, sign in to your TeamSeer company site as an administrator.
2. Go to HR Admin.
3. Click Setup.
4. Click Set up SAML provider details.
5. In the SAML provider details section, perform the following steps:
a. In the URL textbox, paste the Login URL value, which you have copied from the Azure portal.
b. Open your base-64 encoded certificate in notepad, copy the content of it in to your clipboard, and then
paste it to the IdP Public Certificate textbox.
6. To complete the SAML provider configuration, perform the following steps:
a. In the Test Email Addresses, type the test user’s email address.
b. In the Issuer textbox, type the Issuer URL of the service provider.
c. Click Save.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to TeamSeer.
1. In the Azure portal, select Enterprise Applications, select All applications, then select TeamSeer.
2. In the applications list, select TeamSeer.
Create TeamSeer test user
To enable Azure AD users to sign in to TeamSeer, they must be provisioned in to ShiftPlanning. In the case of
TeamSeer, provisioning is a manual task.
1. Sign in to your TeamSeer company site as an administrator.
2. Go to HR Admin > Users and then click Run the New User wizard.
3. In the User Details section, perform the following steps:
a. Type the First Name, Surname, User name (Email address) of a valid Azure AD account you want to
provision in to the related textboxes.
b. Click Next.
4. Follow the on-screen instructions for adding a new user, and click Finish.
NOTE
You can use any other TeamSeer user account creation tools or APIs provided by TeamSeer to provision Azure AD user
accounts.
Test single sign-on

When you click the TeamSeer tile in the Access Panel, you should be automatically signed in to the TeamSeer for
Teamwork.com
In this tutorial, you learn how to integrate Teamwork.com with Azure Active Directory (Azure AD ). Integrating
Teamwork.com with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Teamwork.com.
You can enable your users to be automatically signed-in to Teamwork.com (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Teamwork.com, you need the following items:
Teamwork.com single sign-on enabled subscription
Teamwork.com supports SP initiated SSO
Adding Teamwork.com from the gallery

To configure the integration of Teamwork.com into Azure AD, you need to add Teamwork.com from the gallery to
To add Teamwork.com from the gallery, perform the following steps:
4. In the search box, type Teamwork.com, select Teamwork.com from the result panel then click the Add

In this section, you configure and test Azure AD single sign-on with Teamwork.com based on a test user called
Teamwork.com needs to be established.
To configure and test Azure AD single sign-on with Teamwork.com, you need to complete the following building
blocks:
2. Configure Teamwork.com Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Teamwork.com test user - to have a counterpart of Britta Simon in Teamwork.com that is linked to the
To configure Azure AD single sign-on with Teamwork.com, perform the following steps:
1. In the Azure portal, on the Teamwork.com application integration page, select Single sign-on.
dialog.

https://<company name>.teamwork.com
https://teamwork.com/saml
https://eu.teamwork.com/saml
NOTE
This Sign-on URL value is not real. Update this value with the actual Sign-On URL. Contact Teamwork.com support
Azure portal.
6. On the Set up Teamwork.com section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Teamwork.com Single Sign-On
To configure single sign-on on Teamwork.com side, you need to send the downloaded Federation Metadata
XML and appropriate copied URLs from Azure portal to Teamwork.com support team. They set this setting to

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Teamwork.com.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Teamwork.com.
2. In the applications list, select Teamwork.com.

Create Teamwork.com test user
In this section, you create a user called Britta Simon in Teamwork.com. Work with Teamwork.com support team to
add the users in the Teamwork.com platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Teamwork.com tile in the Access Panel, you should be automatically signed in to the
Teamwork.com for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
integration with Templafy
In this tutorial, you'll learn how to integrate Templafy with Azure Active Directory (Azure AD ). When you integrate Templafy
Control in Azure AD who has access to Templafy.
Enable your users to be automatically signed-in to Templafy with their Azure AD accounts.
Active Directory.
Prerequisites
Templafy single sign-on (SSO ) enabled subscription.
Templafy supports SP initiated SSO
Templafy supports Just In Time user provisioning
Adding Templafy from the gallery

To configure the integration of Templafy into Azure AD, you need to add Templafy from the gallery to your list of managed
SaaS apps.
5. In the Add from the gallery section, type Templafy in the search box.
6. Select Templafy from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
Configure and test Azure AD single sign-on for Templafy

Configure and test Azure AD SSO with Templafy using a test user called B.Simon. For SSO to work, you need to establish a
link relationship between an Azure AD user and the related user in Templafy.
To configure and test Azure AD SSO with Templafy, complete the following building blocks:
2. Configure Templafy SSO - to configure the single sign-on settings on application side.
Create Templafy test user - to have a counterpart of B.Simon in Templafy that is linked to the Azure AD
1. In the Azure portal, on the Templafy application integration page, find the Manage section and select single sign-
on.
3. On the Set up single sign-on with SAML page, click the edit/pen icon for Basic SAML Configuration to edit the
settings.
In the Sign-on URL text box, type a URL using the following pattern: https://<CLIENTSUBDOMAIN>.templafy.com
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact Templafy Client support team to get the value. You
can also refer to the patterns shown in the Basic SAML Configuration section in the Azure portal.
5. Templafy application expects the SAML assertions in a specific format, which requires you to add custom attribute
mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes.
6. In addition to above, Templafy application expects few more attributes to be passed back in SAML response which are
shown below. These attributes are also pre populated but you can review them as per your requirements.
givenname user.givenname http://schemas.xmlsoap.org/ws/2005/05/identity/claims
surname user.surname http://schemas.xmlsoap.org/ws/2005/05/identity/claims
emailaddress user.mail http://schemas.xmlsoap.org/ws/2005/05/identity/claims
streetaddress user.streetaddress http://schemas.xmlsoap.org/ws/2005/05/identity/claims
city user.city http://schemas.templafy.com/2016/06/identity/claims
postalcode user.postalcode http://schemas.xmlsoap.org/ws/2005/05/identity/claims
stateorprovince user.state http://schemas.xmlsoap.org/ws/2005/05/identity/claims

country user.country http://schemas.xmlsoap.org/ws/2005/05/identity/claims
jobtitle user.jobtitle http://schemas.templafy.com/2016/06/identity/claims
department user.department http://schemas.templafy.com/2016/06/identity/claims
phonenumber user.telephonenumber http://schemas.templafy.com/2016/06/identity/claims
facsimilenumber user.facsimiletelephonenumber http://schemas.templafy.com/2016/06/identity/claims
upn user.userprincipalname http://schemas.xmlsoap.org/ws/2005/05/identity/claims
nameidentifier user.mail http://schemas.xmlsoap.org/ws/2005/05/identity/claims
7. On the Set up single sign-on with SAML page, In the SAML Signing Certificate section, click copy button to copy
App Federation Metadata Url and save it on your computer.

d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Templafy.
2. In the applications list, select Templafy.
screen.
Configure Templafy SSO

To configure single sign-on on Templafy side, you need to send the App Federation Metadata Url to Templafy support
Create Templafy test user
In this section, a user called Britta Simon is created in Templafy. Templafy supports just-in-time user provisioning, which is
enabled by default. There is no action item for you in this section. If a user doesn't already exist in Templafy, a new one is
Test SSO
When you click the Templafy tile in the Access Panel, you should be automatically signed in to the Templafy for which you set
Try Templafy with Azure AD
integration with TextMagic
In this tutorial, you'll learn how to integrate TextMagic with Azure Active Directory (Azure AD ). When you integrate
TextMagic with Azure AD, you can:
Control in Azure AD who has access to TextMagic.
Enable your users to be automatically signed-in to TextMagic with their Azure AD accounts.
Prerequisites
TextMagic single sign-on (SSO ) enabled subscription.
TextMagic supports IDP initiated SSO
TextMagic supports Just In Time user provisioning
NOTE
Adding TextMagic from the gallery

To configure the integration of TextMagic into Azure AD, you need to add TextMagic from the gallery to your list of
managed SaaS apps.
5. In the Add from the gallery section, type TextMagic in the search box.
6. Select TextMagic from results panel and then add the app. Wait a few seconds while the app is added to your
tenant.
Configure and test Azure AD single sign-on for TextMagic

Configure and test Azure AD SSO with TextMagic using a test user called B.Simon. For SSO to work, you need to
establish a link relationship between an Azure AD user and the related user in TextMagic.
To configure and test Azure AD SSO with TextMagic, complete the following building blocks:
2. Configure TextMagic SSO - to configure the single sign-on settings on application side.
a. Create TextMagic test user - to have a counterpart of B.Simon in TextMagic that is linked to the Azure

1. In the Azure portal, on the TextMagic application integration page, find the Manage section and select
single sign-on.
edit the settings.
In the Identifier text box, type a URL: https://my.textmagic.com/saml/metadata
5. TextMagic application expects the SAML assertions in a specific format, which requires you to add custom
default attributes, where as nameidentifier is mapped with user.userprincipalname. TextMagic
application expects nameidentifier to be mapped with user.mail, so you need to edit the attribute
6. In addition to above, TextMagic application expects few more attributes to be passed back in SAML
your requirement.
company user.companyname http://schemas.xmlsoap.org/ws/2005

/05/identity/claims
firstName user.givenname http://schemas.xmlsoap.org/ws/2005

/05/identity/claims
lastName user.surname http://schemas.xmlsoap.org/ws/2005

/05/identity/claims
phone user.telephonenumber http://schemas.xmlsoap.org/ws/2005

/05/identity/claims
8. On the Set up TextMagic section, copy the appropriate URL (s) based on your requirement.

box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to TextMagic.
2. In the applications list, select TextMagic.
Configure TextMagic SSO
1. To automate the configuration within TextMagic, you need to install My Apps Secure Sign-in browser
2. After adding extension to the browser, click on Setup TextMagic will direct you to the TextMagic
application. From there, provide the admin credentials to sign into TextMagic. The browser extension will
3. If you want to setup TextMagic manually, open a new web browser window and sign into your TextMagic
4. Select Account settings under the username.
5. Click on the Single Sign-On (SSO ) tab and fill in the following fields:
a. In Identity provider Entity ID: textbox, paste the value of Azure AD Identifier, which you have copied
from Azure portal.
b. In Identity provider SSO URL: textbox, paste the value of Login URL, which you have copied from
Azure portal.
c. In Identity provider SLO URL: textbox, paste the value of Logout URL, which you have copied from
Azure portal.
d. Open your base-64 encoded certificate in notepad downloaded from Azure portal, copy the content of
it into your clipboard, and then paste it to the Public x509 certificate: textbox.
e. Click Save.
Create TextMagic test user
Application supports Just in time user provisioning and after authentication users will be created in the
application automatically. You need to fill in the information once at the first login to activate the sub-account into
the system. There is no action item for you in this section.
Test SSO
When you click the TextMagic tile in the Access Panel, you should be automatically signed in to the TextMagic for
Try TextMagic with Azure AD
integration with The Funding Portal
In this tutorial, you'll learn how to integrate The Funding Portal with Azure Active Directory (Azure AD ). When you
integrate The Funding Portal with Azure AD, you can:
Control in Azure AD who has access to The Funding Portal.
Enable your users to be automatically signed-in to The Funding Portal with their Azure AD accounts.
Prerequisites
The Funding Portal single sign-on (SSO ) enabled subscription.
The Funding Portal supports SP initiated SSO
Adding The Funding Portal from the gallery

To configure the integration of The Funding Portal into Azure AD, you need to add The Funding Portal from the
5. In the Add from the gallery section, type The Funding Portal in the search box.
6. Select The Funding Portal from results panel and then add the app. Wait a few seconds while the app is added
to your tenant.
Configure and test Azure AD single sign-on for The Funding Portal
Configure and test Azure AD SSO with The Funding Portal using a test user called B.Simon. For SSO to work,
you need to establish a link relationship between an Azure AD user and the related user in The Funding Portal.
To configure and test Azure AD SSO with The Funding Portal, complete the following building blocks:
2. Configure The Funding Portal SSO - to configure the single sign-on settings on application side.
a. Create The Funding Portal test user - to have a counterpart of B.Simon in The Funding Portal that is

1. In the Azure portal, on The Funding Portal application integration page, find the Manage section and
edit the settings.
https://<subdomain>.regenteducation.net/
https://<subdomain>.regenteducation.net
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact The Funding Portal
computer.
6. On the Set up The Funding Portal section, copy the appropriate URL (s) based on your requirement.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to The Funding Portal.
2. In the applications list, select The Funding Portal.
Configure The Funding Portal SSO

To configure single sign-on on The Funding Portal side, you need to send the downloaded Federation
Metadata XML and appropriate copied URLs from Azure portal to The Funding Portal support team. They set
Create The Funding Portal test user
In this section, you create a user called Britta Simon in The Funding Portal. Work with The Funding Portal support
team to add the users in the The Funding Portal platform. Users must be created and activated before you use
single sign-on.
Test SSO
When you click the The Funding Portal tile in the Access Panel, you should be automatically signed in to the The
Funding Portal for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Try The Funding Portal with Azure AD
ThirdLight
In this tutorial, you'll learn how to integrate ThirdLight with Azure Active Directory (Azure AD ). This integration
You can use Azure AD to control who has access to ThirdLight.
You can enable your users to be automatically signed in to ThirdLight (single sign-on) with their Azure AD
accounts.
If you want to learn more about SaaS app integration with Azure AD, see Single sign-on to applications in Azure
Active Directory.
Prerequisites
To configure Azure AD integration with ThirdLight, you need to have:
A ThirdLight subscription that has single sign-on enabled.
ThirdLight supports SP -initiated SSO.
Add ThirdLight from the gallery

To set up the integration of ThirdLight into Azure AD, you need to add ThirdLight from the gallery to your list of
managed SaaS apps.

4. In the search box, enter ThirdLight. Select ThirdLight in the search results and then select Add.

In this section, you'll configure and test Azure AD single sign-on with ThirdLight by using a test user named Britta
corresponding user in ThirdLight.
To configure and test Azure AD single sign-on with ThirdLight, you need to complete these steps:
2. Configure ThirdLight single sign-on on the application side.
5. Create a ThirdLight test user that's linked to the Azure AD representation of the user.
To configure Azure AD single sign-on with ThirdLight, take these steps:
1. In the Azure portal, on the ThirdLight application integration page, select Single sign-on:
https://<subdomain>.thirdlight.com/

https://<subdomain>.thirdlight.com/saml/sp
NOTE
These values are placeholders. You need to use the actual sign-on URL and identifier. Contact the ThirdLight
support team to get the values. You can also refer to the patterns shown in the Basic SAML Configuration
dialog box in the Azure portal.
Download link next to Federation Metadata XML, per your requirements, and save the file on your
computer:
6. In the Set up ThirdLight section, copy the appropriate URLs, based on your requirements:
a. Login URL.
c. Logout URL.
Configure ThirdLight single sign-on
1. In a new web browser window, sign in to your ThirdLight company site as an admin.
2. Go to Configuration > System Administration > SAML2:
3. In the SAML2 configuration section, take the following steps.

a. Select Enable SAML2 Single Sign-On.
b. Under Source for IdP Metadata, select Load IdP Metadata from XML.
c. Open the metadata file that you downloaded from the Azure portal in the previous section. Copy the
file's content and paste it into the IdP Metadata XML box.
d. Select Save SAML2 settings.

d. Select Create.
In this section, you'll enable Britta Simon to use Azure single sign-on by granting her access to ThirdLight.
1. In the Azure portal, select Enterprise applications, select All applications, and then select ThirdLight.
2. In the list of applications, select ThirdLight.
Create a ThirdLight test user
To enable Azure AD users to sign in to ThirdLight, you need to add them to ThirdLight. You need to add them
manually.
1. Sign in to your ThirdLight company site as an admin.
2. Go to the Users tab.
3. Select Users and Groups.
4. Select Add new User.
5. Enter the user name, a name or description, and the email address of a valid Azure AD account that you
want to provision. Choose a Preset or Group of New Members.
6. Select Create.
NOTE
You can use any user account creation tool or API provided by ThirdLight to provision Azure AD user accounts.
Test single sign-on

When you select the ThirdLight tile in the Access Panel, you should be automatically signed in to the ThirdLight
My Apps portal.
ThirdPartyTrust
In this tutorial, you learn how to integrate ThirdPartyTrust with Azure Active Directory (Azure AD ). Integrating
ThirdPartyTrust with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to ThirdPartyTrust.
You can enable your users to be automatically signed-in to ThirdPartyTrust (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with ThirdPartyTrust, you need the following items:
ThirdPartyTrust single sign-on enabled subscription
ThirdPartyTrust supports SP and IDP initiated SSO
Adding ThirdPartyTrust from the gallery

To configure the integration of ThirdPartyTrust into Azure AD, you need to add ThirdPartyTrust from the gallery to
To add ThirdPartyTrust from the gallery, perform the following steps:
4. In the search box, type ThirdPartyTrust, select ThirdPartyTrust from result panel then click Add button to

In this section, you configure and test Azure AD single sign-on with ThirdPartyTrust based on a test user called
ThirdPartyTrust needs to be established.
To configure and test Azure AD single sign-on with ThirdPartyTrust, you need to complete the following building
blocks:
2. Configure ThirdPartyTrust Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create ThirdPartyTrust test user - to have a counterpart of Britta Simon in ThirdPartyTrust that is linked to
To configure Azure AD single sign-on with ThirdPartyTrust, perform the following steps:
1. In the Azure portal, on the ThirdPartyTrust application integration page, select Single sign-on.
dialog.
In the Identifier text box, type a URL: https://api.thirdpartytrust.com/sai3/saml/metadata
initiated mode:
In the Sign-on URL text box, type a URL: https://api.thirdpartytrust.com/sai3/test
7. On the Set up ThirdPartyTrust section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure ThirdPartyTrust Single Sign-On
To configure single sign-on on ThirdPartyTrust side, you need to send the downloaded Federation Metadata
XML and appropriate copied URLs from Azure portal to ThirdPartyTrust support team. They set this setting to

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to ThirdPartyTrust.
1. In the Azure portal, select Enterprise Applications, select All applications, then select ThirdPartyTrust.
2. In the applications list, select ThirdPartyTrust.
Create ThirdPartyTrust test user
In this section, you create a user called Britta Simon in ThirdPartyTrust. Work with ThirdPartyTrust support team to
add the users in the ThirdPartyTrust platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the ThirdPartyTrust tile in the Access Panel, you should be automatically signed in to the
ThirdPartyTrust for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Thoughtworks Mingle
In this tutorial, you learn how to integrate Thoughtworks Mingle with Azure Active Directory (Azure AD ).
Integrating Thoughtworks Mingle with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to Thoughtworks Mingle.
You can enable your users to be automatically signed-in to Thoughtworks Mingle (Single Sign-On) with their
Azure AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with Thoughtworks Mingle, you need the following items:
Thoughtworks Mingle single sign-on enabled subscription
Thoughtworks Mingle supports SP initiated SSO
Adding Thoughtworks Mingle from the gallery

To configure the integration of Thoughtworks Mingle into Azure AD, you need to add Thoughtworks Mingle from
To add Thoughtworks Mingle from the gallery, perform the following steps:
4. In the search box, type Thoughtworks Mingle, select Thoughtworks Mingle from result panel then click

In this section, you configure and test Azure AD single sign-on with Thoughtworks Mingle based on a test user
in Thoughtworks Mingle needs to be established.
To configure and test Azure AD single sign-on with Thoughtworks Mingle, you need to complete the following
building blocks:
2. Configure Thoughtworks Mingle Single Sign-On - to configure the Single Sign-On settings on application
side.
5. Create Thoughtworks Mingle test user - to have a counterpart of Britta Simon in Thoughtworks Mingle that
To configure Azure AD single sign-on with Thoughtworks Mingle, perform the following steps:
1. In the Azure portal, on the Thoughtworks Mingle application integration page, select Single sign-on.
dialog.

https://<companyname>.mingle.thoughtworks.com
NOTE
The value is not real. Update the value with the actual Sign-On URL. Contact Thoughtworks Mingle Client support
Azure portal.
6. On the Set up Thoughtworks Mingle section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Thoughtworks Mingle Single Sign-On
1. Sign in to your Thoughtworks Mingle company site as administrator.
2. Click the Admin tab, and then, click SSO Config.
3. In the SSO Config section, perform the following steps:
a. To upload the metadata file, click Choose file.


d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Thoughtworks Mingle.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Thoughtworks
Mingle.
2. In the applications list, select Thoughtworks Mingle.

Create Thoughtworks Mingle test user
For Azure AD users to be able to sign in, they must be provisioned to the Thoughtworks Mingle application using
their Azure Active Directory user names. In the case of Thoughtworks Mingle, provisioning is a manual task.
1. Sign in to your Thoughtworks Mingle company site as administrator.
2. Click Profile.
3. Click the Admin tab, and then click Users.
4. Click New User.
5. On the New User dialog page, perform the following steps:

a. Type the Sign-in name, Display name, Choose password, Confirm password of a valid Azure AD
account you want to provision into the related textboxes.
b. As User type, select Full user.
c. Click Create This Profile.
NOTE
You can use any other Thoughtworks Mingle user account creation tools or APIs provided by Thoughtworks Mingle to
Test single sign-on

When you click the Thoughtworks Mingle tile in the Access Panel, you should be automatically signed in to the
Thoughtworks Mingle for which you set up SSO. For more information about the Access Panel, see Introduction to
the Access Panel.
integration with ThousandEyes
In this tutorial, you'll learn how to integrate ThousandEyes with Azure Active Directory (Azure AD ). When you
integrate ThousandEyes with Azure AD, you can:
Control in Azure AD who has access to ThousandEyes.
Enable your users to be automatically signed-in to ThousandEyes with their Azure AD accounts.
Prerequisites
ThousandEyes single sign-on (SSO ) enabled subscription.
ThousandEyes supports SP and IDP initiated SSO
ThousandEyes supports Automated user provisioning
NOTE
Adding ThousandEyes from the gallery

To configure the integration of ThousandEyes into Azure AD, you need to add ThousandEyes from the gallery to
5. In the Add from the gallery section, type ThousandEyes in the search box.
6. Select ThousandEyes from results panel and then add the app. Wait a few seconds while the app is added to
your tenant.
Configure and test Azure AD single sign-on for ThousandEyes

Configure and test Azure AD SSO with ThousandEyes using a test user called B.Simon. For SSO to work, you
need to establish a link relationship between an Azure AD user and the related user in ThousandEyes.
To configure and test Azure AD SSO with ThousandEyes, complete the following building blocks:
2. Configure ThousandEyes SSO - to configure the single sign-on settings on application side.
Create ThousandEyes test user - to have a counterpart of B.Simon in ThousandEyes that is linked to

1. In the Azure portal, on the ThousandEyes application integration page, find the Manage section and select
single sign-on.
edit the settings.
initiated mode:
In the Sign-on URL text box, type a URL: https://app.thousandeyes.com/login/sso
7. On the Set up ThousandEyes section, copy the appropriate URL (s) based on your requirement.
box.
d. Click Create.
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to ThousandEyes.
2. In the applications list, select ThousandEyes.
Configure ThousandEyes SSO

1. In a different web browser window, sign on to your ThousandEyes company site as an administrator.
3. Click Account
4. Click the Security & Authentication tab.
5. In the Setup Single Sign-On section, perform the following steps:
a. Select Enable Single Sign-On.

b. In Login Page URL textbox, paste Login URL, which you have copied from Azure portal.
c. In Logout Page URL textbox, paste Logout URL, which you have copied from Azure portal.
d. Identity Provider Issuer textbox, paste Azure AD Identifier, which you have copied from Azure portal.
e. In Verification Certificate, click Choose file, and then upload the certificate you have downloaded from
Azure portal.
f. Click Save.
Create ThousandEyes test user
The objective of this section is to create a user called Britta Simon in ThousandEyes. ThousandEyes supports
automatic user provisioning, which is by default enabled. You can find more details here on how to configure
1. Sign in to your ThousandEyes company site as an administrator.
2. Click Settings.
3. Click Account.
4. Click the Accounts & Users tab.
5. In the Add Users & Accounts section, perform the following steps:
a. In Name textbox, type the name of user like B.Simon.

b. In Email textbox, type the email of user like b.simon@contoso.com.
b. Click Add New User to Account.
NOTE
The Azure Active Directory account holder will get an email including a link to confirm and activate the account.
NOTE
You can use any other ThousandEyes user account creation tools or APIs provided by ThousandEyes to provision Azure
Active Directory user accounts.
Test SSO
When you click the ThousandEyes tile in the Access Panel, you should be automatically signed in to the
ThousandEyes for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
Try ThousandEyes with Azure AD
Tidemark
In this tutorial, you learn how to integrate Tidemark with Azure Active Directory (Azure AD ). Integrating Tidemark
You can control in Azure AD who has access to Tidemark.
You can enable your users to be automatically signed-in to Tidemark (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with Tidemark, you need the following items:
Tidemark single sign-on enabled subscription
Tidemark supports SP initiated SSO
Adding Tidemark from the gallery

To configure the integration of Tidemark into Azure AD, you need to add Tidemark from the gallery to your list of
managed SaaS apps.
To add Tidemark from the gallery, perform the following steps:
4. In the search box, type Tidemark, select Tidemark from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with Tidemark based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in Tidemark
To configure and test Azure AD single sign-on with Tidemark, you need to complete the following building blocks:
2. Configure Tidemark Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create Tidemark test user - to have a counterpart of Britta Simon in Tidemark that is linked to the Azure AD
To configure Azure AD single sign-on with Tidemark, perform the following steps:
1. In the Azure portal, on the Tidemark application integration page, select Single sign-on.
dialog.

https://<subdomain>.tidemark.com/login
https://<subdomain>.tidemark.net/login
https://<subdomain>.tidemark.com/saml
https://<subdomain>.tidemark.net/saml
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact Tidemark Client
6. On the Set up Tidemark section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure Tidemark Single Sign-On
To configure single sign-on on Tidemark side, you need to send the downloaded Certificate (Base64) and
appropriate copied URLs from Azure portal to Tidemark support team. They set this setting to have the SAML

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Tidemark.
1. In the Azure portal, select Enterprise Applications, select All applications, then select Tidemark.
2. In the applications list, select Tidemark.

Create Tidemark test user
In this section, you create a user called Britta Simon in Tidemark. Work with Tidemark support team to add the
users in the Tidemark platform. Users must be created and activated before you use single sign-on.
Test single sign-on
When you click the Tidemark tile in the Access Panel, you should be automatically signed in to the Tidemark for
TigerText Secure Messenger
In this tutorial, you learn how to integrate TigerText Secure Messenger with Azure Active Directory (Azure AD ).
Integrating TigerText Secure Messenger with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to TigerText Secure Messenger.
You can enable your users to be automatically signed in to TigerText Secure Messenger (single sign-on) with
For details about software as a service (SaaS ) app integration with Azure AD, see What is application access and
single sign-on with Azure Active Directory?.
Prerequisites
To configure Azure AD integration with TigerText Secure Messenger, you need the following items:
An Azure AD subscription. If you don't have an Azure subscription, create a free account before you begin.
A TigerText Secure Messenger subscription with single sign-on enabled.
In this tutorial, you configure and test Azure AD single sign-on in a test environment and integrate TigerText
Secure Messenger with Azure AD.
TigerText Secure Messenger supports SP -initiated single sign-on (SSO ).
Add TigerText Secure Messenger from the Azure Marketplace

To configure the integration of TigerText Secure Messenger into Azure AD, you need to add TigerText Secure
Messenger from the Azure Marketplace to your list of managed SaaS apps:
2. In the left pane, select Azure Active Directory.

4. To add a new application, select + New application at the top of the pane.
5. In the search box, enter TigerText Secure Messenger. In the search results, select TigerText Secure
Messenger, and then select Add to add the application.

In this section, you configure and test Azure AD single sign-on with TigerText Secure Messenger based on a test
user named Britta Simon. For single sign-on to work, you must establish a link between an Azure AD user and
the related user in TigerText Secure Messenger.
To configure and test Azure AD single sign-on with TigerText Secure Messenger, you need to complete the
2. Configure TigerText Secure Messenger single sign-on to configure the single sign-on settings on the
application side.
5. Create a TigerText Secure Messenger test user so that there's a user named Britta Simon in TigerText
Secure Messenger who's linked to the Azure AD user named Britta Simon.
6. Test single sign-on to verify whether the configuration works.
To configure Azure AD single sign-on with TigerText Secure Messenger, take the following steps:
1. In the Azure portal, on the TigerText Secure Messenger application integration page, select Single sign-
on.
2. On the Select a single sign-on method pane, select SAML/WS -Fed mode to enable single sign-on.
3. On the Set up Single Sign-On with SAML pane, select Edit (the pencil icon) to open the Basic SAML
Configuration pane.
4. In the Basic SAML Configuration pane, take the following steps:

a. In the Sign on URL box, enter a URL:
https://home.tigertext.com
b. In the Identifier (Entity ID ) box, type a URL by using the following pattern:
https://saml-lb.tigertext.me/v1/organization/<instance ID>
NOTE
The Identifier (Entity ID) value isn't real. Update this value with the actual identifier. To get the value, contact the
TigerText Secure Messenger support team. You can also refer to the patterns shown in the Basic SAML
Configuration pane in the Azure portal.
5. On the Set up Single Sign-On with SAML pane, in the SAML Signing Certificate section, select
Download to download the Federation Metadata XML from the given options and save it on your
computer.
6. In the Set up TigerText Secure Messenger section, copy the URL or URLs that you need:
Login URL
Azure AD Identifier
Logout URL
Configure TigerText Secure Messenger single sign-on
To configure single sign-on on the TigerText Secure Messenger side, you need to send the downloaded Federation
Metadata XML and the appropriate copied URLs from the Azure portal to the TigerText Secure Messenger support
team. The TigerText Secure Messenger team will make sure the SAML SSO connection is set properly on both
sides.
2. At the top of the screen, select + New user.
3. In the User pane, do the following steps:

b. In the User name box, enter BrittaSimon@<yourcompanydomain>.<extension>. For example,
c. Select the Show password check box, and then write down the value that's displayed in the
Password box.
d. Select Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting them access to TigerText Secure
Messenger.
1. In the Azure portal, select Enterprise applications > All applications > TigerText Secure Messenger.
2. In the applications list, select TigerText Secure Messenger.

3. In the left pane, under MANAGE, select Users and groups.
4. Select + Add user, and then select Users and groups in the Add Assignment pane.
5. In the Users and groups pane, select Britta Simon in the Users list, and then choose Select at the bottom
of the pane.
6. If you're expecting a role value in the SAML assertion, then in the Select Role pane, select the appropriate
role for the user from the list. At the bottom of the pane, choose Select.
Create a TigerText Secure Messenger test user
In this section, you create a user called Britta Simon in TigerText Secure Messenger. Work with the TigerText
Secure Messenger support team to add Britta Simon as a user in TigerText Secure Messenger. Users must be
Test single sign-on
When you select TigerText Secure Messenger in the My Apps portal, you should be automatically signed in to
the TigerText Secure Messenger subscription for which you set up single sign-on. For more information about the
My Apps portal, see Access and use apps on the My Apps portal.
TimeLive
In this tutorial, you learn how to integrate TimeLive with Azure Active Directory (Azure AD ). Integrating TimeLive
You can control in Azure AD who has access to TimeLive.
You can enable your users to be automatically signed-in to TimeLive (Single Sign-On) with their Azure AD
accounts.
you begin.
Prerequisites
To configure Azure AD integration with TimeLive, you need the following items:
TimeLive single sign-on enabled subscription
TimeLive supports SP initiated SSO
TimeLive supports Just In Time user provisioning
Adding TimeLive from the gallery

To configure the integration of TimeLive into Azure AD, you need to add TimeLive from the gallery to your list of
managed SaaS apps.
To add TimeLive from the gallery, perform the following steps:
4. In the search box, type TimeLive, select TimeLive from result panel then click Add button to add the
application.

In this section, you configure and test Azure AD single sign-on with TimeLive based on a test user called Britta
Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in TimeLive
To configure and test Azure AD single sign-on with TimeLive, you need to complete the following building blocks:
2. Configure TimeLive Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create TimeLive test user - to have a counterpart of Britta Simon in TimeLive that is linked to the Azure AD
To configure Azure AD single sign-on with TimeLive, perform the following steps:
1. In the Azure portal, on the TimeLive application integration page, select Single sign-on.
dialog.

a. In the Sign on URL text box, type a URL using the following pattern: https://<domainname>.livetecs.com/
https://<domainname>.livetecs.com/
NOTE
These values are not real. Update these values with the actual Sign on URL and Identifier. Contact TimeLive Client
6. On the Set up TimeLive section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure TimeLive Single Sign-On
1. In a different web browser window, sign in to your TimeLive company site as an administrator.
2. Select Preferences under Admin Options.
3. In the Application Preference section, perform the following steps:
a. Select Security tab.

b. Check Enable Single Sign On (SSO ) checkbox.
c. Select SAML from the drop down menu with heading Sign in using Single Sign-On (SSO ) with.
d. In the SAML SSO URL, Paste Login URL value which you have copied form the Azure portal.
e. In the Remote logout URL, Paste Logout URL value which you have copied form the Azure portal.
f. Open the downloaded base-64 encoded certificate from Azure portal in Notepad, copy the content, and
then paste it into the X.509 Certificate textbox.
g. Click Update.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to TimeLive.
1. In the Azure portal, select Enterprise Applications, select All applications, then select TimeLive.
2. In the applications list, select TimeLive.
Create TimeLive test user
In this section, a user called Britta Simon is created in TimeLive. TimeLive supports just-in-time user provisioning,
TimeLive, a new one is created after authentication.
Test single sign-on
When you click the TimeLive tile in the Access Panel, you should be automatically signed in to the TimeLive for
TimeOffManager
In this tutorial, you learn how to integrate TimeOffManager with Azure Active Directory (Azure AD ). Integrating
TimeOffManager with Azure AD provides you with the following benefits:
You can control in Azure AD who has access to TimeOffManager.
You can enable your users to be automatically signed-in to TimeOffManager (Single Sign-On) with their Azure
AD accounts.
you begin.
Prerequisites
To configure Azure AD integration with TimeOffManager, you need the following items:
TimeOffManager single sign-on enabled subscription
TimeOffManager supports IDP initiated SSO
TimeOffManager supports Just In Time user provisioning
Adding TimeOffManager from the gallery

To configure the integration of TimeOffManager into Azure AD, you need to add TimeOffManager from the
To add TimeOffManager from the gallery, perform the following steps:
4. In the search box, type TimeOffManager, select TimeOffManager from result panel then click Add

In this section, you configure and test Azure AD single sign-on with TimeOffManager based on a test user called
TimeOffManager needs to be established.
To configure and test Azure AD single sign-on with TimeOffManager, you need to complete the following building
blocks:
2. Configure TimeOffManager Single Sign-On - to configure the Single Sign-On settings on application side.
5. Create TimeOffManager test user - to have a counterpart of Britta Simon in TimeOffManager that is linked
To configure Azure AD single sign-on with TimeOffManager, perform the following steps:
1. In the Azure portal, on the TimeOffManager application integration page, select Single sign-on.
dialog.

https://www.timeoffmanager.com/cpanel/sso/consume.aspx?company_id=<companyid>
NOTE
This value is not real. Update this value with the actual Reply URL. You can get this value from Single Sign on
settings page which is explained later in the tutorial or Contact TimeOffManager support team. You can also refer to
the patterns shown in the Basic SAML Configuration section in the Azure portal.
5. TimeOffManager application expects the SAML assertions in a specific format, which requires you to add
6. In addition to above, TimeOffManager application expects few more attributes to be passed back in SAML
Firstname User.givenname
Lastname User.surname
Email User.mail
f. Click Ok
g. Click Save.
8. On the Set up TimeOffManager section, copy the appropriate URL (s) as per your requirement.
a. Login URL
c. Logout URL
Configure TimeOffManager Single Sign-On
1. In a different web browser window, sign into your TimeOffManager company site as an administrator.
2. Go to Account > Account Options > Single Sign-On Settings.
3. In the Single Sign-On Settings section, perform the following steps:

a. Open your base-64 encoded certificate in notepad, copy the content of it into your clipboard, and then
b. In Idp Issuer textbox, paste the value of Azure AD Identifier which you have copied from Azure portal.
c. In IdP Endpoint URL textbox, paste the value of Login URL which you have copied from Azure portal.
d. As Enforce SAML, select No.
e. As Auto-Create Users, select Yes.
f. In Logout URL textbox, paste the value of Logout URL which you have copied from Azure portal.
g. click Save Changes.
4. In Single Sign on settings page, copy the value of Assertion Consumer Service URL and paste it in the
Reply URL text box under Basic SAML Configuration section in Azure portal.

d. Click Create.
In this section, you enable Britta Simon to use Azure single sign-on by granting access to TimeOffManager.
TimeOffManager.
2. In the applications list, select TimeOffManager.
Create TimeOffManager test user
In this section, a user called Britta Simon is created in TimeOffManager. TimeOffManager supports just-in-time
already exist in TimeOffManager, a new one is created after authentication.
NOTE
You can use any other TimeOffManager user account creation tools or APIs provided by TimeOffManager to provision Azure
AD user accounts.
Test single sign-on

When you click the TimeOffManager tile in the Access Panel, you should be automatically signed in to the
TimeOffManager for which you set up SSO. For more information about the Access Panel, see Introduction to the
Access Panel.
integration with TINFOIL SECURITY
In this tutorial, you'll learn how to in

Azure Active Directory Integration With CloudSuite

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Azure Active Directory Integration With CloudSuite

Uploaded by

Copyright:

Available Formats

Contents

SaaS application tutorials

Atlassian Cloud Atlassian Cloud - User Provisioning

ServiceNow ServiceNow - User Provisioning

Slack Slack - User Provisioning

Workday Workday - User Provisioning

To find more tutorials, use the table of contents on the left.

Alibaba Cloud Service (Role bases SSO)

Google Cloud Platform Google Cloud Platform - User

Salesforce Salesforce - User Provisioning

SAP Cloud Identity Platform SAP Cloud Identity Platform -

Carbonite Endpoint Backup

Dropbox for Business

HRworks Single Sign-On

Knowledge Anywhere LMS

Zscaler Private Access (ZPA)

Adding 10,000ft Plans from the gallery

Configure and test Azure AD single sign-on

4. On the Basic SAML Configuration section, perform the following steps:

b. In the Identifier (Entity ID ) text box, type the URL: https://app.10000ft.com/saml/metadata

2. Select New user at the top of the screen.

3. In the User properties, perform the following steps.

a. In the Name field, enter BrittaSimon.

2. In the applications list, select 10,000ft Plans.

3. In the menu on the left, select Users and groups.

Test single sign-on

Adding 123ContactForm from the gallery

Configure and test Azure AD single sign-on

2. Select New user at the top of the screen.

3. In the User properties, perform the following steps.

2. In the applications list, select 123ContactForm.

Adding 15Five from the gallery

Configure and test Azure AD single sign-on

4. On the Basic SAML Configuration section, perform the following steps:

2. Select New user at the top of the screen.

3. In the User properties, perform the following steps.

2. In the applications list, select 15Five.

3. In the menu on the left, select Users and groups.

3. Go to People > Add PEOPLE.

4. In the Add New Person section, perform the following steps:

Test single sign-on

Adding 23 Video from the gallery

Configure and test Azure AD single sign-on

4. Click Add a new user.

Adding 360 Online from the gallery

Configure and test Azure AD single sign-on

4. On the Basic SAML Configuration section, perform the following steps:

2. Select New user at the top of the screen.

3. In the User properties, perform the following steps.

a. In the Name field enter BrittaSimon.

2. In the applications list, select 360 Online.

3. In the menu on the left, select Users and groups.

Adding 4me from the gallery

Configure and test Azure AD single sign-on for 4me

Configure Azure AD SSO

NAME SOURCE ATTRIBUTE

Create an Azure AD test user

Configure 4me SSO

a. Select the Enabled option.

Adding 8x8 Virtual Office from the gallery

Configure and test Azure AD single sign-on

4. On the Basic SAML Configuration dialog, perform the following steps:

4. Click ACCOUNTS tab in the menu list.

5. Click Single Sign On in the list of Accounts.