The following steps will lead you through the process of setting up single sign-on through Azure. You will use the Admin Azure Portal to add an application and copy the metadata URL into Tesorio. This will allow all authorized users at your company to use Azure for accessing Tesorio.
Step 1
Log into the Azure Portal. Select “Azure Active Directory” from the menu on the left hand side.
Select the option to create an “Enterprise application”.
Select a “Non-gallery application”.
Enter “Tesorio” in the Name field for this application. Select “Users and group” and click the “Add User” button.
Assign all the users you’d like to give SSO access to the Tesorio application.
Step 2
Select “Single Sign-On” from the menu and then select “SAML”.
In the setup screen, click on the pencil icon in the Basic SAML Configuration box.
Enter the following values:
Identifier (Entity ID) | |
Reply URL | |
Sign on URL | |
Relay State | Skip. This is an optional parameter that is used to tell the application where to redirect the user after authentication is completed. |
Logout URL | Skip. This is an optional parameter. |
Step 3
Return to the setup screen and click on the pencil icon in the User Attributes & Claims box.
Enter the following mappings:
Name | Source Attribute | Notes |
user.mail | The user’s email address. | |
FirstName | user.givenname | The user’s first name. |
LastName | user.surname | The user’s surname. |
Important
Make sure the Namespace field is empty for all claims. See next screenshot:
Copy the “App Federation Metadata Url from Azure”. You will need this link as you complete the Azure connection in Tesorio.
Step 4
On the SSO Integration screen in Tesorio, enter the metadata URL created in the previous step. Click Connect to make the connection between your SSO account and Tesorio. Once connected, you will have the ability to log out, and log back in using the “Single Sign-On” option in order to test the SSO connection.
The Tesorio SSO Integration screen URL is below: