Audience: Administrators
Overview
Entra ID (formerly Azure Active Directory) is an Identity Management Platform where customers can access their web apps using SSO.
The following article provides guidance for configuring SSO within Entra ID, so that you can successfully access OrgChart from one, convenient location.
Configuring SSO in Entra ID
-
Create a SAML App in Entra ID. For assistance, contact your Entra ID System Administrator.
-
Enable single sign on for the application by following the instructions available here.
-
Click on the Single-Sign On tab, and then scroll to section 4 (Set up OrgChart).
-
Copy the Entra ID Entity ID (Entra ID Identifier), and then paste it in a separate document. You will need this value to complete your SSO setup.
5. Scroll to section 3 (SAML Certificates), copy the App Federation Metadata URL, and then paste it in a separate document. You will need this value to complete your SSO setup.
6. Scroll to section 1 (Basic SAML), and then click on Edit.
7.The following information should be entered for the Basic SAML Configuration section:
- Identity (Entity ID): https://{OrgChartServer}.theorgchart.com/saml/sso_metadata?entityID=Your_Entra_ID_Entity_ID
Note
Your Entra ID Entity ID is the Entra ID Identifier copied in step 4 above.
-
Redirect URL (Assertion Consumer Service URL): https://{OrgChartServer}.theorgchart.com/saml/sso_acs?entityID=Your_Entra_ID_Entity_ID
-
Sign-On URL (Optional): https://{OrgChartServer}.theorgchart.com/saml/sso_endpoint?entityID=Your_Entra_ID_Entity_ID
Note
Sign On URL only needs to be populated if you plan to use SP-initiated SSO.
SP initiated SSO refers to the initial sign-in request being sent from the Service Provider (OrgChart) to the Identity Provider (Entra ID). The sign-on URL can be provided to users, so that they can access OrgChart from a link rather than from the Entra ID app portal.
8. Click on Save to preserve your changes, and then assign the application to a group(s) or user(s) in your account.
Note
By default, this application will require user assignment in order to login. Ensure that you and your desired users are assigned to the application in Entra ID or disable this requirement in the App Properties tab.
9. Optionally, modify the values in the Attributes & Claims section to alter additional user attribute information sent to OrgChart. Reference the Entra ID SAML Attribute Handling article for more information.
10. Once SAML has been configured and the app has been assigned to the desired users in Entra ID, you will need to configure SSO in OrgChart.
Configuring SSO
1. Click on the Settings button in the bottom right corner, and then select the Account Settings option from the list.
2. Select the Authorization option from the top panel and scroll down to the SSO Configuration heading and click on the +Add SSO Configuration button.
3. The SSO Configuration panel is displayed.
4. Enter Entra ID Identifier ( copied in step 4 above) into the SSO Entity ID text box.
5. Click on the Metadata Type dropdown menu, and then select the Remote option.
6. Enter the App Federation Metadata URL (copied in step 5 above) into the Metadata Location text box.
7. Click on the NameID Handling dropdown menu, and then select one of the following two options:
-
Main SAML Assertion - Default. NameID attribute is sent in the main SAML assertion, and NOT as an additional claim. Select this option if the Unique User Identifier (Name ID) attribute is listed as a Required claim in the Attributes & Claims section in Entra ID SSO panel.
-
SAML Attributes - Rare. NameID attribute is sent as a SAML attribute in the SAML Attribute Statements section of the SAML Assertion. Select this option if the Unique User Identifier (Name ID) is NOT listed as a Required claim, or if you plan to pass a NameID attribute that does not follow the default user.userprincipalname format.
8. Optionally, add SAML Attribute Handling to use Entra ID data to update user information or map security groups. Reference the Entra ID SAML Attribute Mapping article for more information.
9. Check the SSO Enabled checkbox to enable user to sign in to OrgChart from Entra ID.
10. Optionally, check the Auto-Provision checkbox to automatically create new users if they do not already exist in OrgChart.
11. Optionally, check the Single Logout checkbox to automatically sign users out of Entra ID when signing out of OrgChart.
12. Click on Save
Comments
0 comments
Please sign in to leave a comment.