How do I set up my MS Entra ID (Azure) for a BOC product? November 08, 2024 11:51 Updated Important: This guide provides a possible approach to setting up MS Entra ID (Azure), based on best practice. However, please note that we cannot take any legal responsibility for the implementation and the possible consequences resulting from it. It is mandatory to involve an IT specialist on your side to verify and maintain the connection. Step Description 1. Use the search bar (1) of your Azure AD Portal to find "Enterprise applications" (2). 2. Under All applications (1) select New application (2), then click on Create your own application (3). 3. Enter the name of your BOC application e.g. "ADONIS ", "ADOIT " or "ADOGRC ". 4. Open the Azure application you just created and select Single sign-on (1), then switch to SAML (2). 5. Under the item Basic SAML Configuration, select the Edit (1) function and enter the "Identifier (Entity ID)" and "Reply (Assertion Consumer Service URL) Attributes" which you have received from the BOC technical support. 6. After entering, scroll down to Attributes & Claims and click on Edit 7. Adjust the claims. Required are user.givenname, user.surname, user.mail, user.groups and user.userprincipalname Make sure, that the correct Source attribute is set. sAMAccountName for synced ADFS groups Cloud-only group display names for Azure Groups 8. Scroll down to Step 4 and copy the Login URL from the Set up ADONIS panel. Share the Login URL with your BOC technical support contact. 9. Download the Federation Metadata XML and/or the Certificate (Base64) from the SAML Certificates panel 10. Upload those files to the fileshare link provided by your BOC technical support contact. 11. Now search for "Azure Active Directory " using the search bar (1) and click on the result (2). 12. Select App registrations and find your newly created application on the right side. Open it. 13. Select Certificates & secrets on the left side. 14. Switch to the Certificates tab (1) and upload the Service Provider Token Signing certificate you received from BOC via Upload certificates (2). 15. Go back to your AD application and click on Users and groups on the right, then on Add user/group (1). Add the users and/or groups that should be able to access your BOC product. 16. The BOC technical customer support will now guide you through the next steps of your SSO setup. Related articles Common Azure AD Errors Local Users in a SSO Scenario What is LDAP Mapping? How do I change the languages in my BOC product? Enabling REST when using SSO with IDM