Setting up SSO – Azure AD

Follow

SSO (Single Sign On) Authentication lets you access your company’s applications and websites with a single set of login credentials. Centage has now enabled you to include Planning Maestro in your SSO solution.

You can add Planning Maestro to your company’s SSO solution if you use any SAML 2.0 compliant identity providers, including:

  • OneLogin
  • Okta
  • RSASecurID
  • Idaptive
  • Ping
  • Azure AD
  • CA Technologies
  • ... (and many more. Ask Centage Support.)

When you work with Centage to set up SSO, your company’s Administrator chooses an SSO Admin user in Planning Maestro who can set up SSO for your company.

This document shows you, a Planning Maestro SSO Admin, how to set up SSO for your company using Azure AD.

Setting up SSO with Azure AD

Step 1: Open your company’s Azure AD account. On the left, select All applications. Then, click + New Application.

A1a.png

Step 2: The Browse Azure AD Gallery page opens. Click + Create your own application at the top.

A1b.png

Step 3: The Create your own application page opens. Enter the following information:

A1c.png

  1. In the What’s the name of your app? field, enter Planning Maestro.
  2. Under What are you looking to do with your application?, make sure the Integrate any other application you don’t find in the gallery (Non-gallery) radio button is selected.

Step 4: Click Create.

A1d.png

A confirmation message appears.

A1e.png

Step 5: On the Overview page for the Planning Maestro app, click 2. Set up single sign on.

A1f.png

Step 6: On the next page, under Select a single sign-on method, click SAML.

A1g.png

Step 7: On the Set up Single Sign-On with SAML page, under Basic SAML Configuration, click Edit.

Under Basic SAML Configuration, enter the following information:

Identifier (Entity ID) – planning-maestro

Reply URL (Assertion Consumer Service URL)–https://domainname.planningmaestro.com/saml/SSO

Sign on URL – https://domainname.planningmaestro.com/saml/login

Warning.png Please Note: In the Reply URL and Sign on URL, replace domainname with the domain name of your company’s Planning Maestro account. To make sure you are using the correct domain name, check the welcome email sent by Centage Support.

Warning.png Please Note: The Reply URL and Sign on URL are CASE SENSETIVE ensure that the SSO at the end of the URL is capitalized

Step 8: Save your changes.

Adding a User Claim

Step 1: On the Set up Single Sign-On with SAML page, under User Attributes & Claims, click Edit.

A1h1.png

Step 2: On the User Attributes & Claims page, click + Add new claim.

A1i.png

Step 3: On the Manage Claim page, enter the following information:

  • Name – planningMaestroUserName
  • Namespace – Leave this field blank.
  • Source – Select the attribute radio button.
  • Source Attribute – Select the attribute that matches the username you use in Planning Maestro: usually first initial + last name, or sometimes the employee’s company email address.

Warning.png Please Note (important): If the Source Attribute value does not match the username in Planning Maestro, the SSO connection will not work.

A1o.png

Step 4: Save your changes.

Adding Users in Azure AD

After setting up Planning Maestro as one of the apps in your Azure AD SSO solution, add every Azure AD user who should be able to access Planning Maestro.

Step 1: On the left, select User and Groups to open the Users and groups page and add every user who should be able to access Planning Maestro.

A1n.png

Step 2: Search for and select every user who should be able to access Planning Maestro.

A1m.png

Now, set up the SSO connection in Planning Maestro itself. Please see the following articles:

  1. Setting up SSO in Planning Maestro – Set up SSO in Planning Maestro itself.
  2. Managing Users – Add employees from your company who should be able to access Planning Maestro.

Warning.png Please Note: You will not be able to log into Planning Maestro through SSO as the SSO Administrator, as the username "sso_admin" does not match the planningMaestroUserName attribute value. Use your Administrator account or have another user confirm that they can successfully log in through SSO. 

If you log in and a 401 error occurs, please check to make sure the Planning Maestro username matches the Source Attribute value.  If needed, you can change the username(s) in Planning Maestro to match the planningMaestroUserName attribute value in Azure AD.

0 out of 0 found this helpful

Comments

1 comment
  • Where can download PDF copies of these to share with IT Suppoty?

    0
    Comment actions Permalink

Please sign in to leave a comment.