Skip to main content
Skip table of contents

Set Up Microsoft SSO (Entra ID)

Setting up single sign-on (SSO) is a great secure way to make signing in to your Boss Insights portal more convenient for your team. This guide will outline how to set up Microsoft SSO from your admin portal and through the Microsoft Azure portal. We will be using a service called Microsoft Entra ID.

Microsoft Azure Active Directory is now called Microsoft Entra ID.

Step 1: Visit Microsoft Entra ID

After logging in to your Microsoft Azure portal. please use the search bar found at the top of the screen to search for “Microsoft Entra ID”. You may select the service from the suggestions.

Step 2: Create New Application

From the overview page, please select the “Enterprise Applications” tab from the left navigation menu.

You will be redirected to a new tab showing all your applications. Please select the “New application” button in top navigation menu.

You will be redirected to a new page titled “Browse Microsoft Entra Gallery”, Please select the “Create your own application” button found under the title.

A menu will pop up to the right of your screen. Please give your application a unique name and choose the third option for application use intention, as shown in the image below. Please click the blue “Create” button when you are done.

Step 3: Select Single Sign-On Method

Once you have created your application, you will be redirected to its overview page. From the left navigation menu, under “Manage”, please select the “Single sign-on” item.

You will be redirected to the SSO page. From here, please select the “SAML” tile.

Next, we will be configuring the SSO settings.

Step 4: Configure Settings

This step will go through each section of the configuration sections.

Basic SAML Configuration (Steps 1 and 2)

Please select the “Edit” button to begin editing step 1 from the provided list.

Please fill in the form with the following details. There is also a reference image below the table. Please do not forget to select “Save” when you are finished.

Field

Value

Description

Identifier (Entity ID)

Any unique ID.

This ID must be unique across all applications within Microsoft tenant. An example would be bossinsights-sso.

Reply URL (Assertion Consumer Service URL)

https://{{subdomain}}{{domain}}/saml/module.php/saml/sp/saml2-acs.php/microsoft-entra-sp

Please replace {{subdomain}} with your own subdomain.

Please replace {{domain}} with your own domain. Unless you have a custom domain, this will either be: myintranetapps.com , myintranetapps.ca or bossinsights.uk

Logout URL

https://{{subdomain}}{{domain}}/saml/module.php/saml/sp/saml2-logout.php/microsoft-entra-sp

Please note that while the subdomain and domain will remain the same as the Reply URL, the content after is different.

Vector.png

Attributes & Claims (Step 2)

You may leave this section with the default values. If you would like to set up group claims, please continue reading otherwise please proceed to Step 3 SAML Certifications.

Group Claims (Optional)

To set up group claims, please select the Edit button under Attributes & Claims.

attributes_claims.png

This will redirect you to a new page with a list of attributes. Please click the “Add a Group Claim” button.

add_group_claim.png

Configuration options will open to the right of your screen. Please take note of your Group ID as you will need it for configuration options on the Boss Insights platform (Step 5).

groups.png

Please click the blue “Save” button when you are done. The Additional Claims table will update with your group claim.

image-20240125-171613.png

SAML Certifications (Step 3)

Next, please click the “Edit” button for Step 3: SAML Certificates.

This will open up a section to the right of the page. Please use the table below to fill out this form. There is a reference image below the table. Please remember to save when you are done.

Field

Value

Signing Option

Sign SAML response

Signing Algorithm

SHA-256

Finally, please download the Federation Metadata XML, you can do so by clicking the download button.

Step 5: Adding Users

Please select the “Users and Groups” item from the left navigation menu. Next, select “Add User/Group” from the navigation at the top.

image-20240125-185820.png

This will open up a configuration menu on the right of your screen. Please select users that you would like to be able to use the SSO. Click the blue “Select” button when you are done.

image-20240125-190253.png

Next, we will be configuring SSO from the Boss Insights platform.

Step 6: Configuring Boss Insights Settings

After signing in to your administration portal, use the left navigation menu to get to Management > Settings.

From here, select the “Security Tab”.

image-20240208-221804.png

Under Administration Provider, please select “Microsoft - Entra ID” (1) and then enter in your Entity ID (2). Please note that your Entity ID must match the Entity ID you entered for Basic SAML Configuration in Step 4.

Next, please upload or copy and paste the Federation Metadata XML (3).

If you added an optional group claim in Step 2, please add the Microsoft Azure to BossInsights comma separated group mapping: GROUPIDINAZURE=GROUPNAMEINBOSSINSIGHTS (4).

image-20240208-222301.png

Please select “Save Changes” when you are done.

Step 7: Getting Ready for Testing

At this point, your SSO configuration is complete. Your users will be able to use it to sign in. When they visit their portal, they will come across a screen like below:

image-20240125-190433.png

If you would like to test this process, you can select the “Single Sign On” item from the left navigation menu back on Microsoft Azure (1). Then select the blue “Test” button (2). Finally, you can select “Test Sign-in” from the configuration menu that appears on the right (3).

image-20240125-190753.png

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.