Skip to main content

How to implement SSO and User Provisioning through Azure Active Directory

 

Eptura Knowledge Center

How to implement SSO and User Provisioning through Azure Active Directory

  1. Last updated
  2. Save as PDF
This article explains the steps needed to implement SSO and/or User Provisioning through Azure AD for one or multiple locations.

Setting up Azure AD in a single location

Step 1: Add an application

Log into the Azure Portal. Go to Azure Active Directory > Enterprise Applications.

 

Click on New application.
 

Select Non-gallery application. (You might need to check if this possibility is included in your Azure subscription).

Enter a name and click on Add.

 

 

Step 2: Configure single sign-on (SSO)

 

Open the Proxyclick app in Azure Active Directory > Enterprise Applications and go to the Single sign-on section.

Select SAML-based Sign-on for Single Sign-on Mode.

Go to the Proxyclick Marketplace and install Azure AD.

Copy the Identifier and the Reply URL from the Azure AD configuration page and paste them in the corresponding fields in Azure AD.

Select user.mail for User Identifier and click on Save.


Download the file Certificate (Base64) and open the Metadata XML to extract the EntityIDand SingleSignOnService Location.

Go back to the Azure AD configuration page and paste them in the corresponding fields from Azure AD. Everything in the certificate file (including the BEGIN and END header and footer) need to be copied into the Certificate (Base64) field in Proxyclick.

Click on Save Changes.

 

Your Azure AD connection is ready. You can now use the URL in the Identifier field to log into Proxyclick using Azure AD SSO or log into Azure AD as a user and chose the Proxyclick app. But you will still need to add users in Proxyclick before you try to login with SSO (you can do it manually, in bulk or via User Provisioning. See next steps to configure User Provisioning with Azure AD).

 

 

Step 3: Configure user provisioning

 

Open the Proxyclick app in Azure Active Directory > Enterprise Applications and go to the Provisioning section.

Select Automatic for Provisioning Mode.

If not done already, go to the Proxyclick Marketplace and install Azure AD.

Copy the Tenant URL and the Secret Token from the Azure AD configuration page and paste them in the corresponding fields in Azure AD.

Click on Save.

Once the settings saved, go to the Mappings section.

Click on Synchronize Azure Active Directory Groups to customappsso.

Disable group synchronization by selecting No and click on Save.

Close the window to return to the provisioning configuration page.


Click on Synchronize Azure Active Directory Users to customappsso.

Adapt the attribute mappings:

Azure Active Directory Attributes

Azure Active Directory Attribute

customappsso Attribute

Matching Precedence

Mapping Type

 
mail
 
userName

1

Direct

 
Switch([IsSoftDeleted], , "False", "True", "True", "False")
 
active

 

Expression

 
givenName
 
name.givenName

 

Direct

 
surname
 
name.familyName

 

Direct

 
mail
 
emails[type eq "work"].value

 

Direct

 

 

Click on Save.

Close the window to return to the provisioning configuration page and go to the Settings section.

 

Set Provisioning status to On and click Save.

 

 

Optional Supported Attributes

 

The below attributes can additionally be configured in order to pass more user data to Proxyclick.

  • Telephone and Mobile numbers must be in E.164 format

  • City can be substituted for any other string-based attribute to use in conjunction with the below settings for multi-location provisioning

Azure Active Directory Attribute

customappsso Attribute

Matching Precedence

Mapping Type

 
telephoneNumber
 
phoneNumbers[type eq "work"].value

 

Direct

 
mobile
 
phoneNumbers[type eq "mobile"].value

 

Direct

 
city
 
addresses[type eq "work"].locality

 

Direct

 
title
 
title

 

Direct

 
preferredLanguage
 
preferredLanguage

 

Direct

Setting up for multiple locations

 

User Provisioning

 

You can configure Azure AD and manage users across multiple locations from a single Proxyclick account.

  1. Connect Azure AD in your main location (follow the steps above)

  2. Click on Multi-location mapping on the Azure AD integration in your Integration List

Important to note: If you do not see the Multi-location mapping button, then it means you are running on an older version of our Azure AD integration. All you have to do is disconnect the integration and then reconnect it before continuing with the remaining steps.

 

You will then see the list of all the locations for which you are an Admin. From this list, you can enable/disable User Provisioning for each location independently using the toggle button.

 

Once enabled, you will be able to either import all users for provisioning in that location or define your own filters for specific users.

You can filter users based on their city and language using the appropriate conditions for each.

 

 

Advanced

 

If you are provisioning the same users in multiple locations, you can use the Advanced menu to force their “home location”. Proxyclick would then use this as the default location for new visits created (e.g., when using the Generic Calendar Integration).

 

Azure User Provisioning and Single Sign on require both add ons.

 


If you have any questions or feedback, please contact support@proxyclick.com or send us a message on the live chat.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.