Microsoft Entra: Difference between revisions

Integration with Microsoft Entra allows your company's employees to log in to Planfix and other services using a single password (Single Sign-On, or SSO). This increases convenience and security, and simplifies user account management.

Supported Features

• IdP-initiated login (SSO)
• SP-initiated login
• Just-In-Time (JIT) user creation
• SCIM Provisioning

SCIM Provisioning Features

• User creation
• User data update
• User deactivation
• User import

Setup Steps

Steps in Planfix

• Go to Account management — Integrations — Single Sign-On.
• Activate the integration with Microsoft Entra.

Steps in Microsoft Entra

• Create an Enterprise Application
  • Open the Microsoft Entra console with an administrator account.
  • Go to Applications — Enterprise applications.
  • Click + New application — + Create your own application.
  • Set a name, for example: Planfix Entra.
  • In the assignment section, select:

    Integrate any other application you don’t find in the gallery (Non-gallery)

  • After creating the application, open its card.
• Configure SAML SSO
  • In the application menu, open Single sign-on and select the SAML method.
  • In the Basic SAML Configuration block, specify the following data:

Field	Value
Identifier (Entity ID)	https://{account_planfix_url}/saml2/service-provider-metadata/entra
Reply URL (Assertion Consumer Service URL)	https://{account_planfix_url}/saml2/sso/entra

• Save the settings.

Steps in Planfix

• Return to Integrations — Single Sign-On.
• In the Metadata URI field, enter the App Federation Metadata Url copied from the Entra application settings.
• Save the changes.

Assigning Users

• In the application settings, open the Users and groups section.
• Add users or groups who need access to Planfix via SSO.

Testing

• In the Single sign-on section of the application in Entra, click the Test button.
• Make sure that redirection and authorization via Planfix work correctly.

SCIM Provisioning Setup

• In the Entra application, go to Provisioning — Provisioning.
• In the Provisioning Mode field, select Automatic.
• In the Admin Credentials section, specify:

Field	Value
Authentication Method	Bearer Authentication
Tenant URL	SCIM URL from Planfix settings
Secret Token	SCIM Token from Planfix settings

• Click Test Connection to check the connection.
• Go to the Mappings section and disable the Provision Microsoft Entra ID Groups option.
• Save the changes.

Final Integration Check

Make sure all points are completed:

• SSO integration with Microsoft Entra is activated in Planfix.
• An Enterprise Application is created in Entra and SAML SSO is configured correctly.
• The Metadata URI value from the Entra application is specified in Planfix.
• Users (or groups) are assigned to the application in Entra.
• A successful authorization test (Test) has been performed in Entra and login via Planfix works.
• SCIM Provisioning is set up, connection tested (Test Connection).
• Automatic group creation in SCIM Mappings is disabled (Provision Microsoft Entra ID Groups).
• Users are correctly created or updated in Planfix via SCIM.