|
| 1 | +--- |
| 2 | +title: 'Tutorial: Azure AD SSO integration with Asset Planner' |
| 3 | +description: Learn how to configure single sign-on between Azure Active Directory and Asset Planner. |
| 4 | +services: active-directory |
| 5 | +author: jeevansd |
| 6 | +manager: CelesteDG |
| 7 | +ms.reviewer: CelesteDG |
| 8 | +ms.service: active-directory |
| 9 | +ms.subservice: saas-app-tutorial |
| 10 | +ms.workload: identity |
| 11 | +ms.topic: tutorial |
| 12 | +ms.date: 12/20/2021 |
| 13 | +ms.author: jeedes |
| 14 | + |
| 15 | +--- |
| 16 | + |
| 17 | +# Tutorial: Azure AD SSO integration with Asset Planner |
| 18 | + |
| 19 | +In this tutorial, you'll learn how to integrate Asset Planner with Azure Active Directory (Azure AD). When you integrate Asset Planner with Azure AD, you can: |
| 20 | + |
| 21 | +* Control in Azure AD who has access to Asset Planner. |
| 22 | +* Enable your users to be automatically signed-in to Asset Planner with their Azure AD accounts. |
| 23 | +* Manage your accounts in one central location - the Azure portal. |
| 24 | + |
| 25 | +## Prerequisites |
| 26 | + |
| 27 | +To get started, you need the following items: |
| 28 | + |
| 29 | +* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/). |
| 30 | +* Asset Planner single sign-on (SSO) enabled subscription. |
| 31 | + |
| 32 | +## Scenario description |
| 33 | + |
| 34 | +In this tutorial, you configure and test Azure AD SSO in a test environment. |
| 35 | + |
| 36 | +* Asset Planner supports **SP** initiated SSO. |
| 37 | + |
| 38 | +* Asset Planner supports **Just In Time** user provisioning. |
| 39 | + |
| 40 | +## Add Asset Planner from the gallery |
| 41 | + |
| 42 | +To configure the integration of Asset Planner into Azure AD, you need to add Asset Planner from the gallery to your list of managed SaaS apps. |
| 43 | + |
| 44 | +1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account. |
| 45 | +1. On the left navigation pane, select the **Azure Active Directory** service. |
| 46 | +1. Navigate to **Enterprise Applications** and then select **All Applications**. |
| 47 | +1. To add new application, select **New application**. |
| 48 | +1. In the **Add from the gallery** section, type **Asset Planner** in the search box. |
| 49 | +1. Select **Asset Planner** from results panel and then add the app. Wait a few seconds while the app is added to your tenant. |
| 50 | + |
| 51 | +## Configure and test Azure AD SSO for Asset Planner |
| 52 | + |
| 53 | +Configure and test Azure AD SSO with Asset Planner using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Asset Planner. |
| 54 | + |
| 55 | +To configure and test Azure AD SSO with Asset Planner, perform the following steps: |
| 56 | + |
| 57 | +1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature. |
| 58 | + 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon. |
| 59 | + 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on. |
| 60 | +1. **[Configure Asset Planner SSO](#configure-asset-planner-sso)** - to configure the single sign-on settings on application side. |
| 61 | + 1. **[Create Asset Planner test user](#create-asset-planner-test-user)** - to have a counterpart of B.Simon in Asset Planner that is linked to the Azure AD representation of user. |
| 62 | +1. **[Test SSO](#test-sso)** - to verify whether the configuration works. |
| 63 | + |
| 64 | +## Configure Azure AD SSO |
| 65 | + |
| 66 | +Follow these steps to enable Azure AD SSO in the Azure portal. |
| 67 | + |
| 68 | +1. In the Azure portal, on the **Asset Planner** application integration page, find the **Manage** section and select **single sign-on**. |
| 69 | +1. On the **Select a single sign-on method** page, select **SAML**. |
| 70 | +1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings. |
| 71 | + |
| 72 | +  |
| 73 | + |
| 74 | +1. On the **Basic SAML Configuration** section, perform the following steps: |
| 75 | + |
| 76 | + a. In the **Identifier (Entity ID)** text box, type one of the following URLs: |
| 77 | + |
| 78 | + | **Identifier** | |
| 79 | + |---------| |
| 80 | + | `https://assetplanner.com` | |
| 81 | + | `https://us.assetplanner.com` | |
| 82 | + | `https://staging.assetplanner.com` | |
| 83 | + | `https://training.assetplanner.com` | |
| 84 | + |
| 85 | + b. In the **Reply URL** text box, type a URL using one of the following patterns: |
| 86 | + |
| 87 | + | **Reply URL** | |
| 88 | + |------| |
| 89 | + | `https://assetplanner.com/saml/ap_acs/<IDPName>` | |
| 90 | + | `https://us.assetplanner.com/saml/ap_acs/<IDPName>` | |
| 91 | + | `https://staging.assetplanner.com/saml/ap_acs/<IDPName>` | |
| 92 | + | `https://training.assetplanner.com/saml/ap_acs/<IDPName>` | |
| 93 | + |
| 94 | + c. In the **Sign on URL** text box, type one of the following URLs: |
| 95 | + |
| 96 | + | **Sign on URL** | |
| 97 | + |-----| |
| 98 | + | `https://assetplanner.com` | |
| 99 | + | `https://us.assetplanner.com` | |
| 100 | + | `https://staging.assetplanner.com` | |
| 101 | + | `https://training.assetplanner.com` | |
| 102 | + |
| 103 | +1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section, find **Certificate (Base64)** and select **Download** to download the certificate and save it on your computer. |
| 104 | + |
| 105 | +  |
| 106 | + |
| 107 | +1. On the **Set up Asset Planner** section, copy the appropriate URL(s) based on your requirement. |
| 108 | + |
| 109 | +  |
| 110 | + |
| 111 | +### Create an Azure AD test user |
| 112 | + |
| 113 | +In this section, you'll create a test user in the Azure portal called B.Simon. |
| 114 | + |
| 115 | +1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**. |
| 116 | +1. Select **New user** at the top of the screen. |
| 117 | +1. In the **User** properties, follow these steps: |
| 118 | + 1. In the **Name** field, enter `B.Simon`. |
| 119 | + 1. In the **User name ** field, enter the [email protected]. For example, `[email protected]`. |
| 120 | + 1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box. |
| 121 | + 1. Click **Create**. |
| 122 | + |
| 123 | +### Assign the Azure AD test user |
| 124 | + |
| 125 | +In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Asset Planner. |
| 126 | + |
| 127 | +1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. |
| 128 | +1. In the applications list, select **Asset Planner**. |
| 129 | +1. In the app's overview page, find the **Manage** section and select **Users and groups**. |
| 130 | +1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog. |
| 131 | +1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen. |
| 132 | +1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected. |
| 133 | +1. In the **Add Assignment** dialog, click the **Assign** button. |
| 134 | + |
| 135 | +## Configure Asset Planner SSO |
| 136 | + |
| 137 | +To configure single sign-on on **Asset Planner ** side, you need to send the downloaded **Certificate (Base64) ** and appropriate copied URLs from Azure portal to [Asset Planner support team ](mailto:[email protected]). They set this setting to have the SAML SSO connection set properly on both sides. |
| 138 | + |
| 139 | +### Create Asset Planner test user |
| 140 | + |
| 141 | +In this section, a user called Britta Simon is created in Asset Planner. Asset Planner supports just-in-time user provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Asset Planner, a new one is created after authentication. |
| 142 | + |
| 143 | +## Test SSO |
| 144 | + |
| 145 | +In this section, you test your Azure AD single sign-on configuration with following options. |
| 146 | + |
| 147 | +* Click on **Test this application** in Azure portal. This will redirect to Asset Planner Sign-on URL where you can initiate the login flow. |
| 148 | + |
| 149 | +* Go to Asset Planner Sign-on URL directly and initiate the login flow from there. |
| 150 | + |
| 151 | +* You can use Microsoft My Apps. When you click the Asset Planner tile in the My Apps, this will redirect to Asset Planner Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md). |
| 152 | + |
| 153 | +## Next steps |
| 154 | + |
| 155 | +Once you configure Asset Planner you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad). |
0 commit comments