Azure/Entra
Prerequisites
Claromentis to Install the login handler module
Step 1
Once the Login Handler module has been installed - you will need to confgiure the Claromentis Gallery App by following the instructions outlined in this offical microsoft documentation:
The following URL and Attribute configuration will need to be applied within your Claromentis Entra/Azure application control panel:
URL's:
Identifier (Entity ID)
https://example.myintranet.com
Reply URL:
https://example.myintranet.com/custom/loginhandler/simplesaml/public/module.php/saml/sp/saml2-acs.php/claromentis
Sign On URL:
https://example.myintranet.com
Note: Please ensure you update
example.myintranet.com to match your intranet URL.Attributes:
UPN:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Firstname:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
LastName:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
Email:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
Step 2
Once the attributes have been set within Entra/Azure, you'll need to apply your IDP URL and Metadata.xml to the login handler module.
1. Within your claromentis intranet site, using the application menu navigate to:
Admin > Login Handler > SSO Configuration.
2. Scroll down to the IDP Configuration section and set the IDP Identifier to your IDP URL
3. In the Federation Metadata XML section select "choose file" and upload your Metadata.xml
Important: Please be very careful when making changes within the Admin panel and only make changes to the values we have asked (IDP Identifier and metadata.xml)
NameID Policy - Please confirm if this has been changed from the default setting, otherwise this can be remain set to "Unspecified"
If you have any issues with appling the IDP URL or metadata please let us know in the project or change request ticket you have open and we can assist you with this.
Step 3
Optional: Test the configuration and SSO - joint work between Claromentis and client. For Claromentis to perform this your team will need to configure a test user, configured like the below:
Azure test user - username and password need to be provided, along with the following 3 attributes populated for this user:
1 - Firstname 2 - Lastname 3 - Email
IMPORTANT - Please ensure provisioned test users don't have 2FA enabled as this may stop us from testing and completing the work
Step 4
Test SSO and confirm you can log in successfully - claromentis to troubleshoot with your team if needed.
