Skip to main content
Configure Azure AD - OIDC
Updated over a year ago

OpenID Connect (OIDC) is a modern authentication protocol that offers a more streamlined and secure Single Sign On (SSO) experience. Azure AD's integration with Mapiq using OIDC ensures seamless access for users. This article provides a comprehensive guide on setting up this integration.

You'll learn about the requirements, supported features, configuration steps, and claims associated with Azure AD's OIDC integration with Mapiq.

Supported Features

The Azure AD Mapiq SSO integration for SAML supports:

  • SP-Initiated SSO

  • JIT (Just-In-Time Provisioning)

  • Multi-tenant application

Configuration Steps

Note: Before you can start configuring SSO through Azure AD, make sure you have the necessary permissions in your Azure AD tenant to install and configure (enterprise-grade) applications.

  1. Contact Mapiq support or your designated Mapiq contact person, and request SSO activation for Azure AD with OIDC. Provide your Azure AD tenant id and the email domains used by your users.

  2. After receiving confirmation from Mapiq, sign in to the Microsoft Entra Admin Center with Cloud Application Administrator permissions or higher.

  3. Navigate to Identity > Applications > Enterprise applications. Select "New application" and search for "Mapiq SSO".

  4. Choose the "Mapiq SSO (OpenID Connect)" application and click "Sign up for Mapiq SSO (OpenID Connect)".

  5. You'll be redirected to the Mapiq application. Complete the sign-in process and consent to the Mapiq application to finalize the SSO setup.

  6. Your users can now access Mapiq using Azure AD SSO. You can also begin assigning users to the application. 🎉

Note: Mapiq doesn't offer a backup sign-in URL for Azure AD SAML integration misconfigurations. If you're locked out due to a configuration error, please contact Mapiq Support.

Claims Configuration

Required Claims

Mapiq requires the following standard OIDC claims: given_name, family_name, name, and email. These claims are configured by default in Azure AD.

Optional Claims

There are also optional claims for added functionality. You are free to map them to user properties as applicable in your organisation.

These optional claims are:

Claim

Description

job_title

The user’s job title (e.g. ‘senior manager’, or ‘trainee’).

department

The department the user is a part of (e.g. ‘finance’ or ‘IT support’).

business_unit

The business unit the user is part of (e.g. ‘company logistics’).

office

The office where the user is based (e.g. ‘Amsterdam’ or ‘London’).

country

The country in which the user is based (e.g. ‘NL’ or ‘The Netherlands’).

external_id

An identifier, unique to the user, that can be leveraged in other platforms (e.g. an employee number).

Azure AD allows for the customisation of emitted claims in enterprise applications. For details on configuring additional claims for the Mapiq SSO application, refer to Azure AD's documentation.

The Mapiq SSO application, being a multi-tenant application, requires a custom signing key when adding extra claims. For guidance on setting up custom signing keys in Azure AD, consult Azure AD's documentation.

Note: In case you or your IT department is unfamiliar or uncomfortable with setting up the required custom signing keys in Azure AD, but would like to make sure of the optional claims and associated Mapiq features, please take a look at Configuring Azure AD - SAML 2.0 instead.

SP-Initiated SSO

  1. Click "Sign in".

  2. Enter your company email address.

  3. Authenticate using your Azure AD credentials.


💬 Need More Help?

If you’d like extra assistance, reach out via the Messenger (question mark in the corner) and chat with our support team, or email us at [email protected].

We’re always ready to help! 😉

Did this answer your question?