Microsoft Entra: Difference between revisions
From Planfix
No edit summary |
No edit summary |
||
| (4 intermediate revisions by the same user not shown) | |||
| Line 28: | Line 28: | ||
**In the assignment section, select: <pre>Integrate any other application you don’t find in the gallery (Non-gallery)</pre> | **In the assignment section, select: <pre>Integrate any other application you don’t find in the gallery (Non-gallery)</pre> | ||
**After creating the application, open its card. | **After creating the application, open its card. | ||
*Configure SAML SSO | |||
**In the application menu, open '''Single sign-on''' and select the '''SAML''' method. | |||
**In the '''Basic SAML Configuration''' block, specify the following data: | |||
:{| class="wikitable" | |||
|- | |||
|'''Field''' || '''Value''' | |||
|- | |||
| Identifier (Entity ID) || <nowiki>https://{account_planfix_url}/saml2/service-provider-metadata/entra</nowiki> | |||
|- | |||
| Reply URL (Assertion Consumer Service URL) || <nowiki>https://{account_planfix_url}/saml2/sso/entra</nowiki> | |||
|} | |||
*Save the settings. | |||
=== Steps in Planfix === | |||
*Return to Integrations — Single Sign-On. | |||
*In the '''Metadata URI''' field, enter the '''App Federation Metadata Url''' copied from the Entra application settings. | |||
*Save the changes. | |||
=== Assigning Users === | |||
*In the application settings, open the '''Users and groups''' section. | |||
*Add users or groups who need access to Planfix via SSO. | |||
=== Testing === | |||
*In the Single sign-on section of the application in Entra, click the '''Test''' button. | |||
*Make sure that redirection and authorization via Planfix work correctly. | |||
== SCIM Provisioning Setup == | |||
*In the Entra application, go to Provisioning — Provisioning. | |||
*In the '''Provisioning Mode''' field, select '''Automatic'''. | |||
*In the '''Admin Credentials''' section, specify: | |||
:{| class="wikitable" | |||
|- | |||
|'''Field''' || '''Value''' | |||
|- | |||
| Authentication Method || Bearer Authentication | |||
|- | |||
| Tenant URL || SCIM URL from Planfix settings | |||
|- | |||
| Secret Token || SCIM Token from Planfix settings | |||
|} | |||
*Click '''Test Connection''' to check the connection. | |||
*Go to the '''Mappings''' section and disable the '''Provision Microsoft Entra ID Groups''' option. | |||
*Save the changes. | |||
== Final Integration Check == | |||
Make sure all points are completed: | |||
*SSO integration with Microsoft Entra is activated in Planfix. | |||
*An '''Enterprise Application''' is created in Entra and '''SAML SSO''' is configured correctly. | |||
*The '''Metadata URI''' value from the Entra application is specified in Planfix. | |||
*Users (or groups) are assigned to the application in Entra. | |||
*A successful authorization test ('''Test''') has been performed in Entra and login via Planfix works. | |||
*'''SCIM Provisioning''' is set up, connection tested ('''Test Connection'''). | |||
*Automatic group creation in SCIM Mappings is disabled ('''Provision Microsoft Entra ID Groups'''). | |||
*Users are correctly created or updated in Planfix via SCIM. | |||
== Go To == | |||
*[[SSO]] | |||
*[[Integrations]] | |||
Latest revision as of 11:45, 3 October 2025
Integration with Microsoft Entra allows your company's employees to log in to Planfix and other services using a single password (Single Sign-On, or SSO). This increases convenience and security, and simplifies user account management.
Supported Features
- IdP-initiated login (SSO)
- SP-initiated login
- Just-In-Time (JIT) user creation
- SCIM Provisioning
SCIM Provisioning Features
- User creation
- User data update
- User deactivation
- User import
Setup Steps
Steps in Planfix
- Go to Account management — Integrations — Single Sign-On.
- Activate the integration with Microsoft Entra.
Steps in Microsoft Entra
- Create an Enterprise Application
- Open the Microsoft Entra console with an administrator account.
- Go to Applications — Enterprise applications.
- Click + New application — + Create your own application.
- Set a name, for example: Planfix Entra.
- In the assignment section, select:
Integrate any other application you don’t find in the gallery (Non-gallery)
- After creating the application, open its card.
- Configure SAML SSO
- In the application menu, open Single sign-on and select the SAML method.
- In the Basic SAML Configuration block, specify the following data:
Field Value Identifier (Entity ID) https://{account_planfix_url}/saml2/service-provider-metadata/entra Reply URL (Assertion Consumer Service URL) https://{account_planfix_url}/saml2/sso/entra
- Save the settings.
Steps in Planfix
- Return to Integrations — Single Sign-On.
- In the Metadata URI field, enter the App Federation Metadata Url copied from the Entra application settings.
- Save the changes.
Assigning Users
- In the application settings, open the Users and groups section.
- Add users or groups who need access to Planfix via SSO.
Testing
- In the Single sign-on section of the application in Entra, click the Test button.
- Make sure that redirection and authorization via Planfix work correctly.
SCIM Provisioning Setup
- In the Entra application, go to Provisioning — Provisioning.
- In the Provisioning Mode field, select Automatic.
- In the Admin Credentials section, specify:
Field Value Authentication Method Bearer Authentication Tenant URL SCIM URL from Planfix settings Secret Token SCIM Token from Planfix settings
- Click Test Connection to check the connection.
- Go to the Mappings section and disable the Provision Microsoft Entra ID Groups option.
- Save the changes.
Final Integration Check
Make sure all points are completed:
- SSO integration with Microsoft Entra is activated in Planfix.
- An Enterprise Application is created in Entra and SAML SSO is configured correctly.
- The Metadata URI value from the Entra application is specified in Planfix.
- Users (or groups) are assigned to the application in Entra.
- A successful authorization test (Test) has been performed in Entra and login via Planfix works.
- SCIM Provisioning is set up, connection tested (Test Connection).
- Automatic group creation in SCIM Mappings is disabled (Provision Microsoft Entra ID Groups).
- Users are correctly created or updated in Planfix via SCIM.