Azure Active Directory allows you to set up SSO so that employees can access Oitchau with their Microsoft 365 corporate credentials.
This integration is done by creating an enterprise application in Azure, configuring SAML, and connecting it to Oitchau. In the end, users can be assigned to the application to access Oitchau via SSO.
-
Create an application in Azure
In the Azure portal, in the Active Directory Manager, go to Enterprise Applications.
Click on New Application.
Select Create your own application and name it Oitchau; click Create.
-
Configure single sign-on (SAML)
In the application window, select Set up single sign on.
Choose SAML as the sign-in method.
-
Get metadata URL
Copy the application's App Federation Metadata URL.
-
Configure Oitchau
Log in to the Oitchau Control Panel as an administrator. Go to Settings > SSO. Remember to enable the SSO option.
Paste the copied URL into the IdP metadata field and click Save.
Add the mapping for email with the value
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressand save.
On the same screen, copy the Oitchau metadata URL and download the file (name it metadata.xml).
Download the Oitchau public certificate in DER format.
-
Import metadata into Azure
Go back to the Azure portal and, on the SAML configuration screen, select Upload metadata file.
Upload the downloaded metadata.xml file.
After uploading, confirm the details and click Save.
-
Import certificate and enable encryption
In the Oitchau application in Azure, navigate to Token Encryption and click Import certificate.
Select the Oitchau public certificate (DER format) and add it.
-
Assign users/groups
Still in Azure, assign users or groups to the Oitchau application through Assignments > Assign.
Finish by saving and test SSO to verify access.
Tips and troubleshooting
Make sure to download the correct public certificate (DER format) for token encryption.
Always test the configuration with test accounts before assigning it to all users.
If a signature or certificate error occurs, check if the metadata.xml and certificate were imported correctly.
Best practices
Use clear naming conventions for the application and keep documentation of the URLs used.
Revoke access for users who no longer require SSO.
Keep certificates up to date and set up expiration alerts.
Frequently asked questions
Do I need to manually edit attribute mappings in Azure? No. After importing the Oitchau metadata.xml, the required fields are created automatically; just verify that the email is mapped.
Is it necessary to enable token encryption? Yes, it is recommended for security. Import the certificate in DER format and enable encryption.
Comments
0 comments
Article is closed for comments.