Setting up SSO – Azure AD

Follow
We're transitioning to a new User Interface, and are in the process of updating Help Hub content to match the new interface.

SSO (Single Sign On) Authentication lets you access your company’s applications and websites with a single set of login credentials. Centage has now enabled you to include Centage in your SSO solution.

You can add Centage to your company’s SSO solution if you use any SAML 2.0 compliant identity providers, including:

  • OneLogin
  • Okta
  • RSASecurID
  • Idaptive
  • Ping
  • Azure AD
  • CA Technologies
  • ... (and many more. Ask Centage Support.)

When you work with Centage to set up SSO, your company’s Administrator chooses an SSO Admin user in Centage who can set up SSO for your company.

This document shows you, a Centage SSO Admin, how to set up SSO for your company using Azure AD.

Setting up SSO with Azure AD

Step 1: Open your company’s Azure AD account. On the left, select All applications. Then, click + New Application.

A1a.png

Step 2: The Browse Azure AD Gallery page opens. Click + Create your own application at the top.

A1b.png

Step 3: The Create your own application page opens. Enter the following information:

A1c.png

  1. In the What’s the name of your app? field, enter Planning Maestro.
  2. Under What are you looking to do with your application?, make sure the Integrate any other application you don’t find in the gallery (Non-gallery) radio button is selected.

Step 4: Click Create.

A1d.png

A confirmation message appears.

A1e.png

Step 5: On the Overview page for the Planning Maestro app, click 2. Set up single sign-on.

A1f.png

Step 6: On the next page, under Select a single sign-on method, click SAML.

A1g.png

Step 7: On the Set up Single Sign-On with SAML page, under Basic SAML Configuration, click Edit.

Under Basic SAML Configuration, enter the following information:

Identifier (Entity ID) – planning-maestro

Reply URL (Assertion Consumer Service URL)–https://domainname.planningmaestro.com/saml/SSO

Sign on URL – https://domainname.planningmaestro.com/saml/login

Warning.png Please Note: In the Reply URL and Sign on URL, replace domainname with the domain name of your company’s Planning Maestro account. To make sure you are using the correct domain name, check the welcome email sent by Centage Support.

Warning.png Please Note: The Reply URL and Sign on URL are CASE SENSITIVE ensure that the SSO at the end of the URL is capitalized

Step 8: Save your changes.

Adding a User Claim

Step 1: On the Set up Single Sign-On with SAML page, under User Attributes & Claims, click Edit.

A1h1.png

Step 2: On the User Attributes & Claims page, click + Add new claim.

A1i.png

Step 3: On the Manage Claim page, enter the following information:

  • Name – planningMaestroUserName
  • Namespace – Leave this field blank.
  • Source – Select the attribute radio button.
  • Source Attribute – Select the attribute that matches the username you use in Centage: usually first initial + last name, or sometimes the employee’s company email address.

Warning.png Please Note (important): If the Source Attribute value does not match the username in Centage, the SSO connection will not work.

A1o.png

Step 4: Save your changes.

Adding Users in Azure AD

After setting up Planning Maestro as one of the apps in your Azure AD SSO solution, add every Azure AD user who should be able to access Centage.

Step 1: On the left, select User and Groups to open the Users and groups page and add every user who should be able to access Centage.

A1n.png

Step 2: Search for and select every user who should be able to access Centage.

A1m.png

Now, set up the SSO connection in Centage itself. Please see the following articles:

  1. Setting up SSO in Centage – Set up SSO in Centage itself.
  2. Managing Users – Add employees from your company who should be able to access Centage.

Warning.png Please Note: You will not be able to log into Centage through SSO as the SSO Administrator, as the username "sso_admin" does not match the CentageUserName attribute value. Use your Administrator account or have another user confirm that they can successfully log in through SSO. 

If you log in and a 401 error occurs, please check to make sure the Centage username matches the Source Attribute value.  If needed, you can change the username(s) in Centage to match the CentageUserName attribute value in Azure AD.

0 out of 0 found this helpful

Comments

1 comment
  • Where can download PDF copies of these to share with IT Suppoty?

    0
    Comment actions Permalink

Please sign in to leave a comment.