You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/saas-apps/embark-tutorial.md
+27-9Lines changed: 27 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,7 +9,7 @@ ms.service: active-directory
9
9
ms.subservice: saas-app-tutorial
10
10
ms.workload: identity
11
11
ms.topic: tutorial
12
-
ms.date: 02/11/2022
12
+
ms.date: 08/23/2022
13
13
ms.author: jeedes
14
14
15
15
---
@@ -33,7 +33,7 @@ To get started, you need the following items:
33
33
34
34
In this tutorial, you configure and test Azure AD SSO in a test environment.
35
35
36
-
* Embark supports **SP** initiated SSO.
36
+
* Embark supports **SP and IDP** initiated SSO.
37
37
38
38
> [!NOTE]
39
39
> Identifier of this application is a fixed string value so only one instance can be configured in one tenant.
@@ -75,16 +75,27 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
75
75
76
76
1. On the **Basic SAML Configuration** section, enter the values for the following fields:
77
77
78
-
In the **Sign on URL** text box, type a URL using the following pattern:
79
-
`https://<ENVIRONMENT>.ehr.com/microsoftbenefits`
78
+
a. In the **Identifier** text box, type a URL using the following pattern:
79
+
`https://<ENVIRONMENT>.ehr.com`
80
+
81
+
b. In the **Reply URL** text box, type a URL using the following pattern:
82
+
`https://<ENVIRONMENT>.ehr.com`
83
+
84
+
c. In the **Sign on URL** text box, type a URL using the following pattern:
85
+
`https://<ENVIRONMENT>.ehr.com`
80
86
81
87
> [!NOTE]
82
-
> The Sign on URL value is not real. Update the value with the actual Sign on URL. Contact [Embark support team](mailto:[email protected]) to get the value. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
88
+
> These values are not real. Update these values with the actual Identifier, Reply URL and Sign on URL. Contact [Embark support team](mailto:[email protected]) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
83
89
84
-
1. Your Embark application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows an example for this. The default value of **Unique User Identifier** is **user.userprincipalname** but Embark expects this to be mapped with the user's employee id. For that you can use **user.employeeid** attribute from the list or use the appropriate attribute value based on your organization configuration..
90
+
1. Your Embark application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows an example for this. The default value of **Unique User Identifier** is **user.userprincipalname** but Embark expects this to be mapped with the user's employee id. For that you can use **user.employeeid** attribute from the list or use the appropriate attribute value based on your organization configuration.
85
91
86
92
87
93
94
+
1. In addition to above, Embark platform application expects few more attributes to be passed back in SAML response which are shown below. These attributes are also pre populated but you can review them as per your requirements.
95
+
96
+
| Name | Source Attribute|
97
+
| --------| --------- |
98
+
| EmployeeID | user.employeeid |
88
99
89
100
1. On the **Set up single sign-on with SAML** page, In the **SAML Signing Certificate** section, click copy button to copy **App Federation Metadata Url** and save it on your computer.
90
101
@@ -126,11 +137,18 @@ In this section, you create a user called Britta Simon in Embark. Work with [Em
126
137
127
138
In this section, you test your Azure AD single sign-on configuration with following options.
128
139
129
-
* Click on **Test this application** in Azure portal. This will redirect to Embark Sign-on URL where you can initiate the login flow.
140
+
#### SP initiated:
141
+
142
+
* Click on **Test this application** in Azure portal. This will redirect to Embark platform Sign on URL where you can initiate the login flow.
143
+
144
+
* Go to Embark platform Sign-on URL directly and initiate the login flow from there.
145
+
146
+
#### IDP initiated:
147
+
148
+
* Click on **Test this application** in Azure portal and you should be automatically signed in to the Embark platform for which you set up the SSO.
130
149
131
-
* Go to Embark Sign-on URL directly and initiate the login flow from there.
150
+
You can also use Microsoft My Apps to test the application in any mode. When you click the Embark platform tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Embark platform for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
132
151
133
-
* You can use Microsoft My Apps. When you click the Embark tile in the My Apps, this will redirect to Embark Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
0 commit comments