SSO with Azure

Replace ‘client’ and 'internal' with your agreed subdomain in any URLs on this page.


IndiCater should be set up as an enterprise application in Azure AD.

You will need two enterprise applications set up. One for live and one for testing the integration. Both applications should be configured to use SAML.

Basic SAML configuration

The Identifier and Reply Url are used to help with co-ordination of the SSO process. For IndiCaters purpose, they should normally be the same.

The reply URL dictates where a successful authentication attempt will be redirected to.

Identifier

  1. Live
    1. https://client.indicater.com
  2. Test
    1. https://test-client.indicater.info

Reply Url

  1. Live
    1. https://client.indicater.com
  2. Test
    1. https://test-client.indicater.info


Both the identifier and the Reply Url should be set to default.

User Attributes & Claims

Claims are used by IndiCater to match the successful authentication to a user in IndiCaters system. They are also used with the just in time user account creation or hospitality to populate new user accounts with a users details.

IndiCater primarily uses the name claim, so please ensure this is populated with the email that the user will using SSO with. 

Claim

Value

Required

nameidentifier

Users Email Address

 ✅

name

Users Email Address

 ✅

emailaddress

Users Email Address

 ✅

givenname

Users First Name

 ✅

surname

Users Last Name

 ✅

ccaccess

Users Coster Centres To Access (comma separated)

ccapprove

Users Cost Centres To

Approve (comma separated)

User assignment

If you are not assigning users specifically to the enterprise application, please make sure that ‘user assignment required’ field is set to ‘no’ otherwise users won’t be able to use the application. This field can be found by navigating to the enterprise application in Azure and should be under the settings blade.

App Federation MetaData URLs

Once the two Enterprise applications have been set up, if you return the Federation Metadata URL for each, the SSO integration can be set up in IndiCater.

Example Configuration Test


Example Configuration Live