Azure AD offers a robust integration with Mapiq for Single Sign On (SSO) using the SAML 2.0 protocol. This article provides a step-by-step guide on configuring this integration, ensuring a seamless and secure SSO experience for users.
You'll learn about the requirements, supported features, configuration steps, and claims associated with Azure AD's SAML 2.0 integration with Mapiq.
Supported Features
The Azure AD Mapiq SSO integration for SAML currently supports:
SP-Initiated SSO
JIT (Just-In-Time Provisioning)
Configuration Steps
Note: Before you can start configuring SSO through Azure AD, make sure you have the necessary permissions in your Azure AD tenant to install and configure (enterprise-grade) applications.
Sign in to the Microsoft Entra Admin Center with Cloud Application Administrator permissions or higher.
Navigate to Identity > Applications > Enterprise applications. Select "New application" and search for "Mapiq SSO".
Choose the "Mapiq SSO (SAML 2.0)" application and click "Create".
Access the Single sign-on panel and select SAML.
Edit the Basic SAML Configuration section and input the following required details:
Identifier (Entity ID):
https://mapiqprod.b2clogin.com/mapiqprod.onmicrosoft.com/B2C_1A_TrustFrameworkBase
Reply URL (Assertion Consumer Service URL):
https://mapiqprod.b2clogin.com/mapiqprod.onmicrosoft.com/B2C_1A_TrustFrameworkBase/samlp/sso/assertionconsumer
Sign on URL:
https://app.mapiq.com
Under section 3 SAML Certificates, locate the Metadata URL at "App Federation Metadata Url" and copy its value.
Contact Mapiq support or your designated Mapiq contact person and request SSO activation for Azure AD with SAML 2.0. Provide the previously copied Metadata URL and the email domains used by your users.
Your users can now access Mapiq using Azure AD SSO. You can also begin assigning users to the application. 🎉
Note: Mapiq doesn't offer a backup sign-in URL for Azure AD SAML integration misconfigurations. If you're locked out due to a configuration error, please contact Mapiq Support.
Claims Configuration
Required Claims
Mapiq expects specific SAML claims, which are pre-configured in Azure AD.
These required attributes include:
Attribute Name | Value | Description |
givenname | user.givenname | The user’s first name. |
surname | user.surname | The user’s last or family name. |
displayname | user.displayname | The user’s full name. |
emailaddress | user.mail | The user’s email address. |
Optional Claims
There are also optional SAML claims for added functionality. These can be mapped to user properties as relevant to your organization.
These optional attributes include:
Attribute Name | Value | Description |
jobtitle | user.jobtitle | The user’s job title (e.g. ‘senior manager’, or ‘trainee’). |
department | user.department | The department the user is a part of (e.g. ‘finance’ or ‘IT support’). |
businessunit | user.companyname | The business unit the user is part of (e.g. ‘company logistics’). |
office | user.officelocation | The office where the user is based (e.g. ‘Amsterdam’ or ‘London’). |
country | user.country | The country in which the user is based (e.g. ‘NL’ or ‘The Netherlands’). |
externalid | user.externalid | An identifier, unique to the user, that can be leveraged in other platforms (e.g. an employee number). |
To modify the pre-set mappings or add optional claims in Azure AD, follow the steps below:
In the Mapiq SSO (SAML 2.0) enterprise application, go to the Single Sign-On panel.
Edit the Attribute & Claims section.
Click "Add New Claim" and input the desired claim as detailed above.
SP-Initiated SSO
Visit https://app.mapiq.com.
Click "Sign in".
Enter your company email address.
Authenticate using your Azure AD credentials.
💬 Need More Help?
If you’d like extra assistance, reach out via the Messenger (question mark in the corner) and chat with our support team, or email us at [email protected].
We’re always ready to help! 😉