Single Sign-On einrichten (Azure)

 

 

  1. Login to your Office 365 environment at​ portal.azure.com​
  2. Go to All Services in the left bar > Identity > Azure Active Directory

Azure_2.JPG

  1. Go to “Enterprise Applications”

Azure_3.JPG

  1. Choose new application > Non-gallery application

Azure_4.JPG

Make sure you are licensed with “Microsoft Azure AD Premium”. If you’re not licensed to Premium, you can take the trial by opening “Licenses” and clicking “TRY AZURE ACTIVE DIRECTORY PREMIUM NOW”.

  1. Enter the name of the app and click add.

 Azure_5.JPG

  1. After your app has been created, go to Users and Groups and click Add user to add (groups of) users. Select Users and groups or Select Role.

Azure_6.JPG

Select the users/groups you want to assign to this application, click on select and then assign.

 

  1. Go to “Single sign-on” and click SAML

Azure_7.JPG

  1. Complete the set up as follows and make sure to replace “yourcompany” with the subdomain you are going to use at declaree.com. This is usually your company name. To set the subdomain in Declaree, go to Admin > Single Sign-On and enter the subdomain.

Azure_8.JPG

In step 1, click the edit icon, enter these details and save.

Identifier (Entity ID)                                       
https://saml.declaree.com

Reply URL (Assertion Consumer Service URL)   
https://yourcompany.declaree.com/saml/sp/acs

Sign on URL                                                   
https://yourcompany.declaree.com

Click the cross on the upper right corner, below your login name, to close the details.
If a message appears to validate, select “No, I’ll validate later”.

 

  1. Scroll down to step 3 and copy the App Federation Metadata URL

Azure_9-1.JPG

In Declaree go to the SAML tab, enter the Federation metadata URL and click the refresh icon. The issuer ID, Login URL, and certificate will be entered automatically.

Azure_9-2.JPG

If this does not work, go back to Azure, step 3, download the Certificate (Base64) and upload it to Declaree. Then copy the URLs in step 4 and paste them in the according fields in Declaree. See image below. Then activate SAML and save the details on the Declaree page.

Azure_9-3.JPG

  1. Go to Step 5 and click the Validate button. Make sure the login address is known in Declaree.

Azure_10.JPG

Or, go to yourcompany.declaree.com

If everything is setup correctly, your own subdomain at Declaree should automatically redirect you to your Azure login screen. After logging in, you should be redirected to the Expenses page in Declaree.

 

 

Possible issues

 

Signed in user not assigned to a role (Microsoft login page)

AADSTS50105: The signed in user 'xxxxx@xxxxx.com' is not assigned to a role for the application '1988b54d-262c-4d43-b52e-0a6a93861c92'(Declaree).

  • Add the user to the application: Azure Active Directory > Enterprise Applications > Declaree > Users and Groups > Add user

Application not found in directory XXXXX (Microsoft login page)

  • Make sure that the user who created the enterprise application is listed as owner in App registrations > Declaree > Owners

Azure_error.JPG

Could not find user (Declaree page)

401 - "Could not find user"

We were unable to log you in using Single Sign-On, as your account has not been configured properly. Please contact your system administrator to have your account checked.

  • The user with the email address that was used to log in, is not found in the Declaree database. Create the user in Declaree or change the email address so the addresses in Azure and Declaree match.