HOME / SUPPORT / SINGLE SIGN ON ADFS AND AZURE AD

How to implement Single Sign On with ADFS and Azure AD

For Microsoft

Officebooking supports Single Sign On (SSO) logins through SAML 2.0 when you’re on the Business Plus, Enterprise edition or subscribed to SSO in combination with any other subscription. We support both SAML 2.0 via self hosted ADFS and Azure AD.

Before you can use SSO in combination with a self-hosted AD environment you need to set up ADFS. If you haven’t done this already please follow the Microsoft directives.

Setup SSO with Azure Active Directory Portal is somewhat easier. If you’re not familiar with Active Directory and SSO concepts, please start here.

Access to OfficeAdmin and AD environment

Before you can set up SSO you’ll need to set up a company admin account in OfficeAdmin and have access to that account. Please contact us if you need support in creating a company account.

Next, you’ll need administrative access to your company AD environment. Once you’ve gained access to both environments you can start implementing the integration.

Step 1 Set identifier

Login to OfficeAdmin and go to the Company page in your menu. Open the tab Sso Connection on the top of the page.

First select the provider you will be choosing, Microsoft or Google. Enter an ID that resembles your company name, i.e. officebooking for Officebooking company. The SSO id is included in the SSO Metadata URL which will be created later in the process. Than enter your endpoint for SSO (metadata URL).

Step 2 Configure Azure AD

  • Login to Microsoft Azure Active Directory admin center.
  • Select the button Enterprise applications in the left hand menu.
  • Select New application and enter a name for the application, i.e. officebooking.
  • After assigning users and groups select the button Set up single sign on.
  • Here you have to enter the Identifier and Reply URL for the Officebooking app.

For Identifier (Entity ID) you need to enter the following url. Change the ssoID in the url to the id you’ve entered in the OfficeAdmin portal in step 1. In the case of this manual it’s ‘officebooking’, but you choose change it to your own!.

https://app.officebooking.net/sso/access/ssoID/metadata

For Reply URL (Assertion consumer Service URL) enter the following url. Again change the ssoID to your own id.

https://app.officebooking.net/sso/access/ssoID/consume

Enter the attributes. We will need at least the following attributes:

  • givenname (first name)
  • surname
  • email address als Outgoing Claim Type ‘Name ID’.

Optionally you can add the following attribute:

  • officeName –  user.physicaldeliveryofficename
This sets the default location for the user. You’ll need to match the location ID with the Location UID in OfficeAdmin!

Enter metadata URL in Officebooking portal. The metadata URL will be something like

login.yourcompanyurl.com/federationmetadata/2007-06/federationmetadata.xml”>https://login.YOURCOMPANYURL.com/federationmetadata/2007-06/federationmetadata.xml

Copy the ‘App Federation Metadata Url’ and enter it in the OfficeAdmin portal at ‘SSO Metadata URL’

Step 3 Start testing

Make sure you add yourself or some users to the Group entitled to use the app. To add users manually or by powershell you can use these instructions of Microsoft.

Testing SSO is done either directly from Azure Admin center, the mobile app or the Officebooking web app.

After you select the button Login with SSO you’ll need to enter the three letter Tag prefix code that you/is created for your company. You can find this in the OfficeAdmin on the Company page. I.e. WIL for Wilderman.

You’ll be redirected to your Office 365 login page. Enter a valid user name and password. You’ll be validated by O365 and successfully logged in at Officebooking via SSO.