Skip to main content
Configure Azure AD - SAML 2.0
Updated over a year ago

Azure AD offers a robust integration with Mapiq for Single Sign On (SSO) using the SAML 2.0 protocol. This article provides a step-by-step guide on configuring this integration, ensuring a seamless and secure SSO experience for users.

You'll learn about the requirements, supported features, configuration steps, and claims associated with Azure AD's SAML 2.0 integration with Mapiq.

Supported Features

The Azure AD Mapiq SSO integration for SAML currently supports:

  • SP-Initiated SSO

  • JIT (Just-In-Time Provisioning)

Configuration Steps

Note: Before you can start configuring SSO through Azure AD, make sure you have the necessary permissions in your Azure AD tenant to install and configure (enterprise-grade) applications.

  1. Sign in to the Microsoft Entra Admin Center with Cloud Application Administrator permissions or higher.

  2. Navigate to Identity > Applications > Enterprise applications. Select "New application" and search for "Mapiq SSO".

  3. Choose the "Mapiq SSO (SAML 2.0)" application and click "Create".

  4. Access the Single sign-on panel and select SAML.

  5. Edit the Basic SAML Configuration section and input the following required details:

    • Identifier (Entity ID):

      https://mapiqprod.b2clogin.com/mapiqprod.onmicrosoft.com/B2C_1A_TrustFrameworkBase

    • Reply URL (Assertion Consumer Service URL):

      https://mapiqprod.b2clogin.com/mapiqprod.onmicrosoft.com/B2C_1A_TrustFrameworkBase/samlp/sso/assertionconsumer

    • Sign on URL:

      https://app.mapiq.com

  6. Under section 3 SAML Certificates, locate the Metadata URL at "App Federation Metadata Url" and copy its value.

  7. Contact Mapiq support or your designated Mapiq contact person and request SSO activation for Azure AD with SAML 2.0. Provide the previously copied Metadata URL and the email domains used by your users.

  8. Your users can now access Mapiq using Azure AD SSO. You can also begin assigning users to the application. 🎉

Note: Mapiq doesn't offer a backup sign-in URL for Azure AD SAML integration misconfigurations. If you're locked out due to a configuration error, please contact Mapiq Support.

Claims Configuration

Required Claims

Mapiq expects specific SAML claims, which are pre-configured in Azure AD.

These required attributes include:

Attribute Name

Value

Description

givenname

user.givenname

The user’s first name.

surname

user.surname

The user’s last or family name.

displayname

user.displayname

The user’s full name.

emailaddress

user.mail

The user’s email address.

Optional Claims

There are also optional SAML claims for added functionality. These can be mapped to user properties as relevant to your organization.

These optional attributes include:

Attribute Name

Value

Description

jobtitle

user.jobtitle

The user’s job title (e.g. ‘senior manager’, or ‘trainee’).

department

user.department

The department the user is a part of (e.g. ‘finance’ or ‘IT support’).

businessunit

user.companyname

The business unit the user is part of (e.g. ‘company logistics’).

office

user.officelocation

The office where the user is based (e.g. ‘Amsterdam’ or ‘London’).

country

user.country

The country in which the user is based (e.g. ‘NL’ or ‘The Netherlands’).

externalid

user.externalid

An identifier, unique to the user, that can be leveraged in other platforms (e.g. an employee number).

To modify the pre-set mappings or add optional claims in Azure AD, follow the steps below:

  1. In the Mapiq SSO (SAML 2.0) enterprise application, go to the Single Sign-On panel.

  2. Edit the Attribute & Claims section.

  3. Click "Add New Claim" and input the desired claim as detailed above.

SP-Initiated SSO

  1. Click "Sign in".

  2. Enter your company email address.

  3. Authenticate using your Azure AD credentials.


💬 Need More Help?

If you’d like extra assistance, reach out via the Messenger (question mark in the corner) and chat with our support team, or email us at [email protected].

We’re always ready to help! 😉

Did this answer your question?