Single Sign On: ADSF en Azure AD

Officebooking supports Single Sign On (SSO) logins through SAML 2.0 when you’re on the Business Plus, Enterprise edition or subscribed to SSO in combination with any other subscription. We support both SAML 2.0 via self hosted ADFS and Azure AD.

Before you can use SSO in combination with a self-hosted AD environment you need to set up ADFS. If you haven’t done this already please follow the Microsoft directives.

Setup SSO with Azure Active Directory Portal is somewhat easier. If you’re not familiar with Active Directory and SSO concepts, please start here.

 

Step 1: Access to OfficeAdmin and AD environment

This guide assumes someone in your organization (or Officebooking Support) has already created an Admin account for you. This account will give you access to the OfficeAdmin portal.

Next, you’ll need administrative access to your company Azure AD environment. Once you’ve gained access to both environments you can start implementing the integration.

 

Step 2: Set identifier in the OfficeAdmin

  1. Login to the OfficeAdmin portal and go to the ‘Settings’ page in your menu. Open the tab ‘Integrations’ on the top of the page.
  2. Here you choose the ‘Single Sign On’ option.
  3. First select the provider you will be choosing, Microsoft or Google.
  4. Enter an SSO id that resembles your company name. ‘Officebooking’ in the image below is an example, so don’t enter Officebooking in your case.
  5. The SSO id is included in the SSO metadata URL which will be created later in the process. 

 

Step 3: Configure Azure AD

  1. Login to Microsoft Azure Active Directory admin center.
  2. Select the button ‘Enterprise applications’ in the left hand menu.
  3. Select ‘New application’ and enter a name for the application, i.e. ‘officebooking’.
  4. After assigning users and groups select the button ‘Set up single sign on’.
  5. Here you have to enter the Identifier and Reply URL for the Officebooking app.
 

For Identifier (Entity ID) you need to enter the following url. Change the ssoID in the url to the id you’ve entered in the OfficeAdmin portal in step 2. In the case of this manual it’s ‘officebooking’, but you should change it to your own!

https://app.officebooking.net/sso/access/ssoID/metadata

 

For Reply URL (Assertion consumer Service URL) enter the following url.
Again change the ssoID to your own id.

https://app.officebooking.net/sso/access/ssoID/consume

 

Next, enter the attributes. We will need at least the following attributes:

  • givenname (first name)
  • surname
  • email address als Outgoing Claim Type ‘Name ID’.

Optionally you can add the following attribute. This sets the default location for the user. You’ll need to match the location ID with the Location UID in OfficeAdmin! The Location UID can be entered in the OfficeAdmin via Location > Select location > Edit.

  • officeName –  user.physicaldeliveryofficename

 

Step 4: Enter metadata URL in the OfficeAdmin

After following the steps above, you’ve collected the right metadata URL to enter in the OfficeAdmin portal (add to the field you’ve left open in step 2). The metadata URL will be something like:

https://login.YOURCOMPANYURL.com/federationmetadata/2007-06/federationmetadata.xml

Copy the ‘App Federation Metadata Url’ and enter it in the OfficeAdmin portal at ‘SSO Metadata URL’.

 

Step 5: Start testing

  1. Make sure you add yourself or some users to the Azure AD group entitled to use the Officebooking app. To add users manually or by powershell you can use these instructions of Microsoft.
  2. Testing SSO is done either directly from Azure Admin center, the mobile app or the web app.
  3. After you select the button ‘Login with SSO’ you’ll need to enter the three letter Company code that you/is created for your company. You can find this in the OfficeAdmin on the Settings page. I.e. WIL for Wilderman.
  4. You’ll be redirected to your Office 365 login page. Enter a valid user name and password. You’ll be validated by O365 and successfully logged in at Officebooking via SSO. Once a user logs in via SSO, the system will automatically save the user and it’s account settings. This user account can now also be edited by an Admin via the OfficeAdmin.
 
Was dit artikel waardevol?

Gerelateerde artikelen

Titel

Ga naar de bovenkant