Replace ‘client’ and 'internal' with your agreed subdomain in any URLs on this page. |
IndiCater should be set up as an enterprise application in Azure AD.
You will need two enterprise applications set up. One for live and one for testing the integration. Both applications should be configured to use SAML.
The Identifier and Reply Url are used to help with co-ordination of the SSO process. For IndiCaters purpose, they should normally be the same.
The reply URL dictates where a successful authentication attempt will be redirected to.
Both the identifier and the Reply Url should be set to default.
Claims are used by IndiCater to match the successful authentication to a user in IndiCaters system. They are also used with the just in time user account creation or hospitality to populate new user accounts with a users details.
IndiCater primarily uses the name claim, so please ensure this is populated with the email that the user will using SSO with.
Claim | Value | Required |
---|---|---|
nameidentifier | Users Email Address | ✅ |
name | Users Email Address | ✅ |
emailaddress | Users Email Address | ✅ |
givenname | Users First Name | ✅ |
surname | Users Last Name | ✅ |
ccaccess | Users Coster Centres To Access (comma separated) | ❌ |
ccapprove | Users Cost Centres To Approve (comma separated) | ❌ |
If you are not assigning users specifically to the enterprise application, please make sure that ‘user assignment required’ field is set to ‘no’ otherwise users won’t be able to use the application. This field can be found by navigating to the enterprise application in Azure and should be under the settings blade.
Once the two Enterprise applications have been set up, if you return the Federation Metadata URL for each, the SSO integration can be set up in IndiCater.