|
| 1 | +--- |
| 2 | +title: Microsoft Entra SSO integration with GovWin IQ |
| 3 | +description: Learn how to configure single sign-on between Microsoft Entra ID and GovWin IQ. |
| 4 | +services: active-directory |
| 5 | +author: jeevansd |
| 6 | +manager: CelesteDG |
| 7 | +ms.reviewer: CelesteDG |
| 8 | +ms.service: active-directory |
| 9 | +ms.subservice: saas-app-tutorial |
| 10 | +ms.workload: identity |
| 11 | +ms.topic: how-to |
| 12 | +ms.date: 09/27/2023 |
| 13 | +ms.author: jeedes |
| 14 | + |
| 15 | +--- |
| 16 | + |
| 17 | +# Microsoft Entra SSO integration with GovWin IQ |
| 18 | + |
| 19 | +In this tutorial, you'll learn how to integrate GovWin IQ with Microsoft Entra ID. GovWin IQ by Deltek is the industry-leading platform providing the most comprehensive market intelligence for U.S. federal, state and local, and Canadian governments. When you integrate GovWin IQ with Microsoft Entra ID, you can: |
| 20 | + |
| 21 | +* Control in Microsoft Entra ID who has access to GovWin IQ. |
| 22 | +* Enable your users to be automatically signed-in to GovWin IQ with their Microsoft Entra accounts. |
| 23 | +* Manage your accounts in one central location. |
| 24 | + |
| 25 | +## Prerequisites |
| 26 | + |
| 27 | +To integrate Microsoft Entra ID with GovWin IQ, you need: |
| 28 | + |
| 29 | +* A Microsoft Entra subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/). |
| 30 | +* An active GovWin IQ Subscription. Single sign-on can be enabled at no cost. Make sure your Customer Success Manager has enabled a user at your organization as a SAML SSO Admin to perform the following steps. |
| 31 | +* All users must have same email address in Azure as provisioned in GovWin IQ. |
| 32 | + |
| 33 | +## Scenario description |
| 34 | + |
| 35 | +In this tutorial, you configure and test Microsoft Entra SSO in a test environment. |
| 36 | + |
| 37 | +* GovWin IQ supports only **SP** initiated SSO. |
| 38 | + |
| 39 | +> [!NOTE] |
| 40 | +> Identifier of this application is a fixed string value so only one instance can be configured in one tenant. |
| 41 | +
|
| 42 | +## Adding GovWin IQ from the gallery |
| 43 | + |
| 44 | +To configure the integration of GovWin IQ into Microsoft Entra ID, you need to add GovWin IQ from the gallery to your list of managed SaaS apps. |
| 45 | + |
| 46 | +1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](../roles/permissions-reference.md#cloud-application-administrator). |
| 47 | +1. Browse to **Identity** > **Applications** > **Enterprise applications** > **New application**. |
| 48 | +1. In the **Add from the gallery** section, type **GovWin IQ** in the search box. |
| 49 | +1. Select **GovWin IQ** from results panel and then add the app. Wait a few seconds while the app is added to your tenant. |
| 50 | + |
| 51 | +Alternatively, you can also use the [Enterprise App Configuration Wizard](https://portal.office.com/AdminPortal/home?Q=Docs#/azureadappintegration). In this wizard, you can add an application to your tenant, add users/groups to the app, assign roles, and walk through the SSO configuration as well. [Learn more about Microsoft 365 wizards.](/microsoft-365/admin/misc/azure-ad-setup-guides) |
| 52 | + |
| 53 | +## Configure and test Microsoft Entra SSO for GovWin IQ |
| 54 | + |
| 55 | +Configure and test Microsoft Entra SSO with GovWin IQ using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between a Microsoft Entra user and the related user in GovWin IQ. |
| 56 | + |
| 57 | +To configure and test Microsoft Entra SSO with GovWin IQ, perform the following steps: |
| 58 | + |
| 59 | +1. **[Configure Microsoft Entra SSO](#configure-microsoft-entra-sso)** - to enable your users to use this feature. |
| 60 | + 1. **[Assign the Microsoft Entra ID test user](#assign-the-microsoft-entra-id-test-user)** - to enable B.Simon to use Microsoft Entra single sign-on. |
| 61 | +1. **[Configure GovWin IQ SSO](#configure-govwin-iq-sso)** - to configure the single sign-on settings on application side. |
| 62 | + 1. **[Assign GovWin IQ test user to SSO](#assign-govwin-iq-test-user-to-sso)** - to have a counterpart of B.Simon in GovWin IQ that is linked to the Microsoft Entra ID representation of user. |
| 63 | +1. **[Test SSO](#test-sso)** - to verify whether the configuration works. |
| 64 | + |
| 65 | +## Configure Microsoft Entra SSO |
| 66 | + |
| 67 | +Follow these steps to enable Microsoft Entra SSO in the Microsoft Entra admin center. |
| 68 | + |
| 69 | +1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](../roles/permissions-reference.md#cloud-application-administrator). |
| 70 | +1. Browse to **Identity** > **Applications** > **Enterprise applications** > **GovWin IQ** > **Single sign-on**. |
| 71 | +1. On the **Select a single sign-on method** page, select **SAML**. |
| 72 | +1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings. |
| 73 | + |
| 74 | +  |
| 75 | + |
| 76 | +1. On the **Basic SAML Configuration** section, perform the following steps: |
| 77 | + |
| 78 | + a. In the **Identifier** textbox, type the URL: |
| 79 | + `https://iq.govwin.com/cas` |
| 80 | + |
| 81 | + b. In the **Reply URL** textbox, enter the value from the GovWin IQ Reply URL field. |
| 82 | + |
| 83 | + Reply URL will be of the following pattern: |
| 84 | + `https://iq.govwin.com/cas/login?client_name=ORG_<ID>` |
| 85 | + |
| 86 | + c. In the **Sign on URL** textbox, enter the value from the GovWIn IQ Sign On URL field. |
| 87 | + |
| 88 | + Sign on URL will be of the following pattern: |
| 89 | + `https://iq.govwin.com/cas/clientredirect?client_name=ORG_<ID>` |
| 90 | + |
| 91 | + > [!NOTE] |
| 92 | + > Update these values with the actual Reply URL and Sign on URL found in the GovWin SAML Single Sign-On Configuration page, accessible by your designated SAML SSO Admin. Reach out to your [Customer Success Manager](mailto:[email protected]) for assistance. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Microsoft Entra admin center. |
| 93 | + |
| 94 | +1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section, click copy button to copy **App Federation Metadata Url** and save it on your computer. |
| 95 | + |
| 96 | +  |
| 97 | + |
| 98 | +### Assign the Microsoft Entra ID test user |
| 99 | + |
| 100 | +In this section, you'll enable a test user to use Microsoft Entra single sign-on by granting access to GovWin IQ. |
| 101 | + |
| 102 | + > [!Note] |
| 103 | + > The user selected for testing must have an existing active GovWin IQ account. |
| 104 | +
|
| 105 | +1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](../roles/permissions-reference.md#cloud-application-administrator). |
| 106 | +1. Browse to **Identity** > **Applications** > **Enterprise applications** > **GovWin IQ**. |
| 107 | +1. In the app's overview page, select **Users and groups**. |
| 108 | +1. Select **Add user/group**, then select **Users and groups** in the **Add Assignment** dialog. |
| 109 | + 1. In the **Users and groups** dialog, select a test user from the Users list, then click the **Select** button at the bottom of the screen. |
| 110 | + 1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected. |
| 111 | + 1. In the **Add Assignment** dialog, click the **Assign** button. |
| 112 | + |
| 113 | +## Configure GovWin IQ SSO |
| 114 | + |
| 115 | +1. Log in to GovWin IQ company site as the SAML SSO Admin user. |
| 116 | + |
| 117 | +1. Navigate to [**SAML Single Sign-On Configuration** page](https://iq.govwin.com/neo/authenticationConfiguration/viewSamlSSOConfig) and perform the following steps: |
| 118 | + |
| 119 | +  |
| 120 | + |
| 121 | + 1. Select **Azure** from the Identity Provider (IdP) dropdown. |
| 122 | + 1. Copy **Identifier (EntityID)** value, paste this value into the **Identifier** textbox in the **Basic SAML Configuration** section in Microsoft Entra admin center. |
| 123 | + 1. Copy **Reply URL** value, paste this value into the **Reply URL** textbox in the **Basic SAML Configuration** section in Microsoft Entra admin center. |
| 124 | + 1. Copy **Sign On URL** value, paste this value into the **Sign on URL** textbox in the **Basic SAML Configuration** section in Microsoft Entra admin center. |
| 125 | + |
| 126 | +1. In the **Metadata URL** textbox, paste the **App Federation Metadata Url**, which you have copied from the Microsoft Entra admin center. |
| 127 | + |
| 128 | +  |
| 129 | + |
| 130 | +1. Click **Submit IDP Metadata**. |
| 131 | + |
| 132 | +### Assign GovWin IQ test user to SSO |
| 133 | + |
| 134 | +1. In the [**SAML Single Sign-On Configuration** page](https://iq.govwin.com/neo/authenticationConfiguration/viewSamlSSOConfig), navigate to **Excluded Users** tab and click **Select Users to Exclude from SSO**. |
| 135 | + |
| 136 | +  |
| 137 | + |
| 138 | + > [!Note] |
| 139 | + > Here you can select users to include or exclude from SSO. If you have a webservices subscription, the webservices user should always be excluded from SSO. |
| 140 | +
|
| 141 | +1. Next, click **Exclude All Users from SSO** for testing purposes. This is to prevent any impact to existing access for users while testing SSO. |
| 142 | + |
| 143 | +1. Next, select the test user and click Add Selected Users to SSO. |
| 144 | + |
| 145 | +1. Once testing is successful, add the rest of the users you want to enable for SSO. |
| 146 | + |
| 147 | +## Test SSO |
| 148 | + |
| 149 | +In this section, you test your Microsoft Entra single sign-on configuration with following options. |
| 150 | + |
| 151 | +> [!Note] |
| 152 | +> It may take up to 10 minutes for the configuration to sync. |
| 153 | +
|
| 154 | +* Click on **Test this application** in Microsoft Entra admin center. This will redirect to GovWin IQ Sign-on URL where you can initiate the login flow. |
| 155 | + |
| 156 | +* Go to GovWin IQ Sign-on URL directly and initiate the login flow from there. |
| 157 | + |
| 158 | +* You can use Microsoft My Apps. When you click the GovWin IQ tile in the My Apps, this will redirect to GovWin IQ Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md). |
| 159 | + |
| 160 | +## Next Steps |
| 161 | + |
| 162 | +Add all remaining users to the Microsoft Entra ID GovWin IQ app to enable SSO access. Once you configure GovWin IQ you can enforce session control, which protects exfiltration and infiltration of your organization's sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Defender for Cloud Apps](/cloud-app-security/proxy-deployment-any-app). |
0 commit comments