About this article
This article describes how an organization can set up SSO on Microsoft Entra ID utilizing the SAML2 protocol.
Prerequisites
|
Single Sign-On Configuration
- Navigate to https://portal.azure.com/
- If you are using a Microsoft test account, make sure to create a Microsoft 365 Enterprise Demo Content Tenant account.
- Navigate to
Microsoft Entra ID
-->Enterprise Applications
.
- Click the plus sign next to
New application
.
- In the Gallery use the search function to find
Templafy SAML2
.
- Click on the app and click
Create
.
- Wait for the app the be added to your directory, then navigate to the
Single sign-on
section of the Application.
- Click
SAML
to enable SAML2 protocol.
- Under
Basic SAML Configuration
, clickEdit
.
- Add the information according to Templafy's Metadata below, then click
Save
.- Templafy's Metadata should be used according to the cluster of your Templafy tenant.
User Attributes & Claims
The following claims are preconfigured in the SAML2 application:
Name |
Namespace |
Source attribute |
emailaddress |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims | user.mail |
userprincipalname |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims |
user.userprincipalname |
givenname |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims |
user.givenname |
surname |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims |
user.surname |
streetaddress |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims |
user.streetaddress |
city |
http://schemas.templafy.com/2016/06/identity/claims |
user.city |
postalcode |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims |
user.postalcode |
stateorprovince |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims |
user.state |
country |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims |
user.country |
|
Additional claims can be configured within the application using the steps below.
|
- Under
Single sign-on
-->User Attributes & Claims
, clickEdit
.
- Click
Add new claim
and fill in thename
,namespace
, andSource attribute
according to the tables below:
The following claims must be reconfigured with the updated namespaces below. Please delete the existing claims and configure them net new.
Name |
Namespace |
Source attribute |
jobtitle |
http://schemas.templafy.com/2016/06/identity/claims |
user.jobtitle |
department |
http://schemas.templafy.com/2016/06/identity/claims |
user.department |
phonenumber |
http://schemas.templafy.com/2016/06/identity/claims |
user.telephonenumber |
facsimilenumber |
http://schemas.templafy.com/2016/06/identity/claims |
user.facsimiletelephonenumber |
The following claims are not included by default, but comprise suggested/common claims:
Name |
Namespace |
Source attribute |
displayname |
http://schemas.templafy.com/2016/06/identity/claims |
user.displayname |
mobilephone |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims |
user.mobilephone |
preferredlanguage |
http://schemas.templafy.com/2016/06/identity/claims |
user.preferredlanguage |
companyname |
http://schemas.templafy.com/2016/06/identity/claims |
user.companyname |
customclaim1 |
http://schemas.templafy.com/2016/06/identity/claims |
user.<optional value> |
customclaim15 |
http://schemas.templafy.com/2016/06/identity/claims |
user.<optional value> |
|
Group Claims
In order to send AD Groups to Templafy, Group Claims must be configured.
- Click
Add a group claim
.
- Select what type of groups shall be returned in the claim.
- Under
Advanced options
, make sureCustomize the name of the group claim
andEmit groups as role claims
are checked.
- Click
Save
.
|
Assign Users/Groups to the Application
By default, the Templafy SAML2 app requires users to be assigned before they can successfully authenticate into Templafy.
- Within the SAML2 app, select
Users and groups
. - Click
Add user/group
.
If you would like to disable the default restriction access to Templafy, you can set Assignment required
to No
under Properties
.
|
Congratulations! You have now completed the setup on your side.
|
Comments
Article is closed for comments.