Azure Active Directory
- Authenticate to portal.azure.com with an Account that has Admin privileges.
- Navigate to Enterprise Applications
- Click "New Application" and select "Non-gallery application". Type a name and continue. (This might take a few moments to complete, so wait until you are directed to the application's screen)
- In the application's overview page there are 5 sections that allow for advanced settings of the newly created app.
- Click on section "2. Set up single sign on" and choose SAML. The other 4 sections are to be configured based on the internal structure, rules and permission for each organization, so these will not be covered by this guide.
- Open a new browser tab and login to your organization's YAROOMS account as an Administrator.
- Navigate to Manage -> Integrations -> SAML 2.0 Authentication and start configuring the integration.
- Go to Azure and scroll to item #4:
- The values in this section will be used in YAROOMS to configure the connection, as described below.
- Copy the Azure AD Identifier value and paste it in Issuer URL field.
- Copy the Login URL value and paste it in SAML Endpoint field.
- Go back to Azure and scroll to section #3 - SAML Signing Certificate. Download the certificate in Base64 format and paste its contents in the X.509 Certificate field.
- Next, use the User Attributes & Claims to map the fields in YAROOMS. Go to Azure and scroll to section #2. These attributes will be manually mapped in YAROOMS as seen below.
- Set the Name ID Format field to emailAddress and use the exact user attributes from Azure in the IDP Fields' values.
- In YAROOMS, click "Save Connection Settings" and move to "User options" tab. This page allows to select the Location and Group for newly provisioned users. For Dynamic mapping, extra claims and attributes will have to be exported from Azure in the User object.
It is recommended not to choose Administrator or Supervisor groups for mapping, as all new users will have all the privileges of these groups.
- Click "Save User options" and move to the last tab, "Application Details". The values listed here will be pasted in Azure in section #1 - Basic SAML Configuration.
- Click "Edit" in the above image and pair the values as follows:
- Paste Entity ID in Identifier (Entity ID)
- Paste ACS (Consumer) URL in Reply URL (Assertion Consumer Service URL)
- Paste Relay State in Relay State
- In YAROOMS click "Activate SAML 2.0 Integration" and complete the integration setup.
- In Azure save the SAML configuration and complete the process. The settings can be checked by clicking the "Test" button in section #5.
For the new Azure Application to be properly used make sure users accounts intended to use the provisioning integration are assigned to the newly created application.