This article explains the steps needed to implement SSO and/or User Provisioning through Azure AD. First, we explain how to set up Azure AD in one single location, then we explain how to set it up if you use Proxyclick in many locations.

Requirements:

  • Plan Large and Enterprise
  • Admin access to Proxyclick (for every location)
  • User Provisioning requires Azure Premium P1 or P2 license for Self-Service App Integration Templates. This requirement will be removed once Proxyclick has been released as a Gallery App for User Provisioning.

 

Setting up Azure AD in 1 single location

Step 1: Add an application

Log into the Azure Portal. Go to Azure Active Directory > Enterprise Applications.

Click on New application.

Select Non-gallery application. (You might need to check if this possibility is included in your Azure subscription).

Enter a name and click on Add.

 

Step 2: Configure single sign-on (SSO)

Open the Proxyclick app in Azure Active Directory > Enterprise Applications and go to the Single sign-on section.

Select SAML-based Sign-on for Single Sign-on Mode.

Go to the Proxyclick Marketplace and install Azure AD.

Copy the Identifier and the Reply URL from the Azure AD configuration page and paste them in the corresponding fields in Azure AD.Select user.email for User Identifier and click on Save.


Download the file Certificate (Base64) and open the Metadata XML to extract the EntityID and SingleSignOnService Location.

Go back to the Azure AD configuration page and paste them in the corresponding fields from Azure AD. Everything in the certificate file (including the BEGIN and END header and footer) need to be copied into the Certificate (Base64) field in Proxyclick.

Click on Save Changes.

Your Azure AD connection is ready. You can now use the URL in the Identifier field to log into Proxyclick using Azure AD SSO or log into Azure AD as a user and chose the Proxyclick app. But you will still need to add users in Proxyclick before you try to login with SSO (you can do it manually, in bulk or via User Provisioning. See next steps to configure User Provisioning with Azure AD).

 

Step 3: Configure user provisioning

Open the Proxyclick app in Azure Active Directory > Enterprise Applications and go to the Provisioning section.


Select Automatic for Provisioning Mode.

If not done already, go to the Proxyclick Marketplace and install Azure AD.

Copy the Tenant URL and the Secret Token from the Azure AD configuration page and paste them in the corresponding fields in Azure AD.



Click on Save.

Once the settings saved, go to the Mappings part.


Click on Synchronize Azure Active Directory Groups to customappsso.


Disable group synchronization by selecting No and click on Save.

Close the window to return to the provisioning configuration page.


Click on Synchronize Azure Active Directory Users to customappsso.

Adapt the attribute mappings:

Azure Active Directory Attribute customappsso Attribute Matching precedence Mapping type
mail userName 1 Direct
Switch([IsSoftDeleted], , “False”, “True”, “True”, “False”) active Expression
givenName name.givenName Direct
surname name.familyName Direct
displayName name.formatted Direct
mail emails[type eq “work”].value Direct

Click on Save.

Close the window to return to the provisioning configuration page and go to the Settings part.


Set Provisioning status to On.

Click on Save.

Optional Supported Attributes

The below attributes can additionally be configured in order to pass more user data to Proxyclick.

  • Telephone and Mobile numbers must be in E.164 format.
  • City can be substituted for any other string-based attribute to use in conjunction with the below settings for multi-location provisioning
Azure Active Directory Attribute customappsso Attribute Matching precedence Mapping type
telephoneNumber phoneNumbers[type eq “work”].value Direct
mobile phoneNumbers[type eq “mobile”].value Direct
city addresses[type eq “work”].locality Direct
title title Direct
preferredLanguage preferredLanguage Direct

Setting up Azure AD in many locations

User Provisioning

You can configure Azure AD and manage users across multiple locations from a single Proxyclick account.

  1. Connect Azure AD in your main location (follow the steps above)
  2. Click on Multi-location mapping on the Azure AD integration in your Integration List

Important to note: If you do not see the Multi-location mapping button, then it means you are running on an older version of our Azure AD integration. All you have to do is disconnect the integration and then reconnect it before continuing with the remaining steps.

You will then see the list of all the locations for which you’re an Admin. From this list, you can enable/disable User Provisioning for each location independently using the toggle button.


Once enabled, you will be able to either import all users for provisioning in that location or define your own filters for specific users.

You can filter users based on their city and language using the appropriate conditions for each.

Advanced

If you are provisioning the same users in multiple locations, you can use the Advanced menu to force their “home location”. Proxyclick would then use this as the default location for new visits created (e.g., when using the Generic Calendar Integration).

 

Please let us know if you have any questions. We’re here to help!

Print Friendly, PDF & Email