Following is basic information on how to create an Enterprise application in Microsoft Entra ID. The application will allow users to sign in from Ankeri using SAML2.0 based single sign-on.
Note that instruction may depend on each company's setup and can therefore differ from what is shown below.
Manage Microsoft Entra ID
Create Enterprise application
- Enterprise applications
- New application
- Create your own application
- What's the name of your app: Ankeri
- Integrate any other application you don't find in the gallery (Non-gallery)
- Create
Configure Enterprise application
- Set up single sign on
- SAML
- Basic SAML Configuration -> Edit
- Using information given from Single sign-on (SSO) add:
- Identifier (Entity ID)
- Reply URL (Assertion Consumer Service URL)
- Using information given from Single sign-on (SSO) add:
- Attributes & Claims
- Unique User Identifier (Name ID)
- value: user.userprincipalname
- format: Email address
- Additional claims (combination of first name and last name is used as username in Ankeri)
- firstname: user.givenname
- lastname: user.surname
- username: user.mail
- Unique User Identifier (Name ID)
- SAML Certificates
- Download Certificate (Base64) and upload according to Single sign-on (SSO)
- Set up Ankeri
- Copy values from Login URL, Microsoft Entra Identifier and Logout URL and add to Ankeri according to Single sign-on (SSO)
- Finally you need to decide if assignment should be required per user as further explained in next section below.
Assignment required?
If you want all users in your Microsoft Entra ID environment to be able to sign in to Ankeri you must go to Properties and set Assignment required? to No. This is recommended.
Otherwise you need to specifically grant users access to the application.
Logo
Logo can be added in Properties.