To setup Azure Active Directory SSO in Oomnitza, complete the following steps:
- Navigate to Enterprise Applications in your Azure Portal
- In the Manage section on the left menu, select All Applications.
- Click New application on the top menu.
- Click Create your own application.
- Enter a name for your application, for example, Oomnitza SSO.
- After creating the app, in the People application integration page, find the Manage section and select Single sign-on. For further information refer to Configure Azure AD SSO.
- Select SAML to open the SSO configuration page.
- Click Edit in the Basic SAML Configuration section.
- Enter the following information and click Save:
Identifier (Entity ID):
Reply URL (Assertion Consumer Service URL):
Sign on URL:
- The application requires the
NameIdentifieror NameID claim to come from the userprincipalname in an email format. If the userprincipalname is already in an email format, no additional changes need to be made and you can proceed to the next step. Otherwise, you need to edit the User Attributes & Claims section. The example below shows a Name ID that uses email prefix. For further information, refer to Customize claims issued in the SAML token for enterprise applications.
In the SSO configuration page, download the Certificate (Base64) and copy the Login URL. You will need these later when you login to Oomnitza.
- Log into Oomnitza and select Settings.
- Click Integrations List View .
- On the Integrations page, scroll down to the SSO Integrations and click the Azure Active Directory tile.
- On the CONNECT page, enter the SSO URL and upload the certificate saved from step 14. Click FINISH at the bottom right to save.
- Return to your Azure portal and add users or groups that should have access to Oomnitza. For further information refer to Add or delete users using Azure Active Directory.
- Verify that SSO is successful by clicking on the Single Sign-On (SSO) option in your Oomnitza instance.