- Login to your Office 365 environment at portal.azure.com
- Go to All Services in the left bar > Identity > Azure Active Directory
- Go to “Enterprise Applications”
- Choose new application > Non-gallery application
Make sure you are licensed with “Microsoft Azure AD Premium”. If you’re not licensed to Premium, you can take the trial by opening “Licenses” and clicking “TRY AZURE ACTIVE DIRECTORY PREMIUM NOW”.
- Enter the name of the app and click add.
- After your app has been created, go to Users and Groups and click Add user to add (groups of) users. Select Users and groups or Select Role.
Select the users/groups you want to assign to this application, click on select and then assign.
- Go to “Single sign-on” and click SAML
- Complete the set up as follows and make sure to replace “yourcompany” with the subdomain you are going to use at declaree.com. This is usually your company name. To set the subdomain in Declaree, go to Admin > Single Sign-On and enter the subdomain.
In step 1, click the edit icon, enter these details and save.
Identifier (Entity ID)
Reply URL (Assertion Consumer Service URL)
Sign on URL
Click the cross on the upper right corner, below your login name, to close the details.
If a message appears to validate, select “No, I’ll validate later”.
- Scroll down to step 3 and copy the App Federation Metadata URL
In Declaree go to the SAML tab, enter the Federation metadata URL and click the refresh icon. The issuer ID, Login URL, and certificate will be entered automatically.
If this does not work, go back to Azure, step 3, download the Certificate (Base64) and upload it to Declaree. Then copy the URLs in step 4 and paste them in the according fields in Declaree. See image below. Then activate SAML and save the details on the Declaree page.
- Go to Step 5 and click the Validate button. Make sure the login address is known in Declaree.
Or, go to yourcompany.declaree.com
If everything is setup correctly, your own subdomain at Declaree should automatically redirect you to your Azure login screen. After logging in, you should be redirected to the Expenses page in Declaree.
Signed in user not assigned to a role (Microsoft login page)
AADSTS50105: The signed in user 'firstname.lastname@example.org' is not assigned to a role for the application '1988b54d-262c-4d43-b52e-0a6a93861c92'(Declaree).
- Add the user to the application: Azure Active Directory > Enterprise Applications > Declaree > Users and Groups > Add user
Application not found in directory XXXXX (Microsoft login page)
- Make sure that the user who created the enterprise application is listed as owner in App registrations > Declaree > Owners
Could not find user (Declaree page)
401 - "Could not find user"
We were unable to log you in using Single Sign-On, as your account has not been configured properly. Please contact your system administrator to have your account checked.
- The user with the email address that was used to log in, is not found in the Declaree database. Create the user in Declaree or change the email address so the addresses in Azure and Declaree match.