About this article
This article describes how an organization can set up SSO on Microsoft Entra ID utilizing the OpenID Connect protocol.
- Setup Guide
- Permissions Granted to the OpenID Connect Application
- Restrict Certain Users/Groups to the Application
- Supported Claims
Prerequisites
|
|
Setup Guide
There are two ways of setting up the Templafy Open ID Connect application:
1. Complete a Consent Flow
- Click on the Templafy onboarding URL to initiate the setup: https://app.templafy.com/AzureADTenant/
- Click
Sign Up
- Enter your Global Administrator credentials for Microsoft Entra ID
- Press
Accept
in the consent dialogue. - The Templafy App can now be found in your Microsoft Entra ID tenant under Enterprise applications
2. Add the App from the Gallery
- Log in to https://portal.azure.com/
- Navigate to
Microsoft Entra ID
-->Enterprise Applications
- Click
New Application
- From the Gallery search for
Templafy OpenID Connect
- Add the suggested App into your directory by clicking
Sign up for Templafy OpenID Connect
- You shall be then redirected to https://app.templafy.com/AzureADTenant/ to complete the setup
Permissions Granted to the OpenID Connect Application
Templafy is using Microsoft Graph API to read user profile attributes from Microsoft Entra ID to automatically populate user profile data and templates within the Templafy tenant. When consenting to the application, you will be prompted to grant approval to two Microsoft Graph API permissions.
1. Sign in and read user profile
- Allows users to sign in and read their profile. It also allows the app to read basic company information of signed-in users.
2. Read directory data
- Allows the app to read data in your company or school directory, such as users, groups, and apps.
Restrict Certain Users/Groups to the Application
By default, the Templafy OpenID Connect app allows all users the ability to successfully authenticate into Templafy. If you would like to restrict access to only a subset of Users/Groups, follow the steps below:
- Within the OpenID Connect app, select
Properties
- Set
Assignment required?
toYes
3. Then, select Users and groups
.
4. Click Add user/group
.
|
Congratulations! You have now completed the setup on your side.
|
Supported Claims
|
UserPrincipalName
Mail
GivenName
Surname
DisplayName
StreetAddress
City
PostalCode
State
Country
CompanyName
JobTitle
-
Department
BusinessPhone
MobilePhone
-
FaxNumber
PreferredLanguage
Related articles
Comments
0 comments
Article is closed for comments.