The following steps will lead you through the process of setting up single sign-on through Azure. You will use the Admin Azure Portal to add an application and copy the metadata URL into Tesorio. This will allow all authorized users at your company to use Azure for accessing Tesorio.

Step 1

Log into the Azure Portal. Select “Azure Active Directory” from the menu on the left hand side.

Select the option to create an “Enterprise application”.

Select a “Non-gallery application”.

Enter “Tesorio” in the Name field for this application. Select “Users and group” and click the “Add User” button.

Assign all the users you’d like to give SSO access to the Tesorio application.

Step 2

Select “Single Sign-On” from the menu and then select “SAML”.

In the setup screen, click on the pencil icon in the Basic SAML Configuration box.

Enter the following values:

Identifier (Entity ID)

https://dashboard.tesorio.com/saml/acs/

Reply URL

https://dashboard.tesorio.com/saml/acs/

Sign on URL

https://dashboard.tesorio.com/saml/acs/

Relay State

Skip. This is an optional parameter that is used to tell the application where to redirect the user after authentication is completed.

Logout URL

Skip. This is an optional parameter.

Step 3

Return to the setup screen and click on the pencil icon in the User Attributes & Claims box.

Enter the following mappings:

Name

Source Attribute

Notes

Email

user.mail

The user’s email address.

FirstName

user.givenname

The user’s first name.

LastName

user.surname

The user’s surname.

Important

Make sure the Namespace field is empty for all claims. See next screenshot:

Copy the “App Federation Metadata Url from Azure”. You will need this link as you complete the Azure connection in Tesorio.

Step 4

On the SSO Integration screen in Tesorio, enter the metadata URL created in the previous step. Click Connect to make the connection between your SSO account and Tesorio. Once connected, you will have the ability to log out, and log back in using the “Single Sign-On” option in order to test the SSO connection.

Did this answer your question?