This article explains the steps needed to implement SSO and/or User Provisioning through Azure AD. First, we explain how to set up Azure AD in one single location, then we explain how to set it up if you use Proxyclick in many locations.

Requirements:

  • Plan Large and Enterprise
  • Admin access to Proxyclick (for every location)

 

Setting up Azure AD in 1 single location

Step 1: Add an application

Log into the Azure Portal. Go to Azure Active Directory > Enterprise Applications.

Click on New application.

Select Non-gallery application. (You might need to check if this possibility is included in your Azure subscription).

Enter a name and click on Add.

 

Step 2: Configure single sign-on (SSO)

Open the Proxyclick app in Azure Active Directory > Enterprise Applications and go to the Single sign-on section.

Select SAML-based Sign-on for Single Sign-on Mode.

Go to the Proxyclick Marketplace and install Azure AD.

Copy the Identifier and the Reply URL from the Azure AD configuration page and paste them in the corresponding fields in Azure AD.Select user.email for User Identifier and click on Save.


Download the file Certificate (Base64) and open the Metadata XML to extract the EntityID and SingleSignOnService Location.

Go back to the Azure AD configuration page and paste them in the corresponding fields from Azure AD.

Click on Save Changes.

 

Step 3: Configure user provisioning

Open the Proxyclick app in Azure Active Directory > Enterprise Applications and go to the Provisioning section.


Select Automatic for Provisioning Mode.

If not done already, go to the Proxyclick Marketplace and install Azure AD.

Copy the Tenant URL and the Secret Token from the Azure AD configuration page and paste them in the corresponding fields in Azure AD.



Click on Save.

Once the settings saved, go to the Mappings part.


Click on Synchronize Azure Active Directory Groups to customappsso.


Disable group synchronization by selecting No and click on Save.

Close the window to return to the provisioning configuration page.


Click on Synchronize Azure Active Directory Users to customappsso.

Adapt the attribute mappings:

Azure Active Directory Attribute customappsso Attribute Matching precedence
mail userName 1
Switch([IsSoftDeleted], , “False”, “True”, “True”, “False”) active
givenName name.givenName
surname name.familyName
displayName name.formatted
mail emails[type eq “work”].value

Click on Save.

Close the window to return to the provisioning configuration page and go to the Settings part.


Set Provisioning status to On.

Click on Save.

 

Setting up Azure AD in many locations

2 options are available in that situation:

1) Users will see as many Proxyclick icons as locations they have access to. This option allows users to log in the right Proxyclick location directly from Azure AD.

2) Users will see only 1 Proxyclick icon. With this option, the applications page of your users will not be overload by many Proxyclick icons. Users will be logged in their home location in Proxyclick (they can change the location using the location selector on the left in the top bar in Proxyclick).

Option 1

You’ll need to follow every step described above for every location (1 Proxyclick location = 1 Azure AD application)

Option 2

For User Provisioning, you’ll need to follow step 1 and 3 described above for every location. In the Properties section of the applications, put Visible to user to No to hide them.

For Single Sign-On, you’ll need to create one additional application in Azure AD and activate SSO (steps 1 and 2 above). This application should not correspond to any physical office but only exists to manage SSO at global level. Do NOT provision users in this application. For this application please leave Visible to users to Yes.

Send the following 3 elements to support@proxyclick.com: Entity ID, the SingleSignOnService Location and the Certificate (Base64)

We will then create a so-called “landing location”: a Proxyclick location with the SSO parameters you just sent but without users. Once set up, your users only see one Proxyclick icon leading to the landing location. They will then be immediately routed to their home location. From a user perspective, they will immediately land into their real home location (they do not notice they first log in the landing location)

Please let us know if you have any questions. We’re here to help!

FacebookGoogle+EmailTwitterLinkedIn