Versions Compared

Version Old Version 31 New Version Current
Changes made by

Bobby van ter Beek

Bobby van ter Beek

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The configuration guides for configuring in your Single Sign On (SSO) application applications can be found below.

Info

Currently, SSO implementation on the side of Workplace Management (and Experience) is always done by the Spacewell Integration team.

The general configuration guide for setting up SSO on the Workplace Management side can be found here:

/wiki/spaces/KB/pages/127271111

For troubleshooting purposes, please refer to: /wiki/spaces/KB/pages/127107254

Below are the configuration guides for setting up the SSO integration on the other (identity provider) side (e.g. Azure, Okta or ADFS)

Expand
titleAzure AD Configuration Guide

Azure AD Configuration Guide

Below you will find the necessary steps to create a Single sign on application inside the Azure AD portal.

Creating Azure application

  1. In Azure AD, navigate to Enterprise applications


  2. Press on “New Application”


  3. Press on “Create your own application”


  4. Fill in a suitable name and select the option “ Integrate any other application you don't find in the gallery (Non-gallery)“. After that, click on “Create”. It might take some time for the application to be created. Azure will provide you will the following message until it is ready.

Setting up single sign on

Once the application is created and you are navigated to the application properties screen.

  1. Click on “Set up single sign on” or do this in the menu on the left with “Single sign-on”

  2. Select the “SAML” option

Automatic using metadata file

The easiest way to fill in the single sign on settings is through the metadata file. This can be acquired in two ways:

  1. Once you have the URL, make sure to save the XML to your computer.

  2. If you would like to manually setup the necessary settings, you can retrieve these values from the metadata. We will not provide documentation for a manual setup, as we suspect the necessary knowledge is available to you if you decide to select this option.

Info

Be aware: when making the decision for a manual setup, Spacewell might charge you for any assistance that might be necessary from a Spacewell consultant.

Uploading the metadata

  1. In Azure, click on “Upload metadata file”

  2. Select the XML that you have just saved to your computer and press on “Add”

  3. As a result, you should be presented with a “Basic SAML Configuration” page. In this you can find the pre-filled values from the metadata file. One value that you can add is the “Sign on URL (Optional)”. Using this value will allow Service Provider Initiated Single Sign On. This is not necessary, but is advised to fill in. In most cases, this URL should be the following: https://client.axxerion.com/axxerion/sso
    Where you replace “client” with your client specific URL that you should already be familiar with. Be aware that Workplace Management supports multiple SSO connections within one client environment. If that is the case, this URL will be different and should be discussed with your Spacewell contact.

  4. Once you have entered the necessary values, press “Save”.

  5. Once saved successfully, close the configuration screen. Azure might prompt you to test the connection. Decline this offer, as several settings still need to be set (both in Azure as well as on the Workplace Management end).

Setting additional claims (optional)

If you intend to use the SSO connection in combination with Just In Time Provisioning, you might want to add additional claims. To do this, navigate to “Attributes & Claims” and press “Edit”

In the resulting screen, you can add any (group) claims if preferred. If you need further assistance adding these, please consult with your Azure administrator on how to add these.

Adding users

  1. In the menu on the left, click on “Users and groups”


  2. Press on “Add user/group”


  3. Press on “None selected” and search for either the users or a specific group that you would like to give access to the Single sign on application.

  4. Press on “Select” to add the users and/or groups


  5. Press on “Assign” to assign the users to the application

  6. Any other changes to the users and/or groups should be done by the Azure administrator from your end.

Sharing the necessary information

If you are done with all the above steps, you can share the metadata file from the application with your Spacewell contact. On the SAML-based Sign-on page, navigate to section 3 “SAML Certificates” and share the “App Federation Metadata Url” with your Spacewell contact. They will take the necessary steps on their end to allow the SSO connection to work.

Certificate renewals

  • Every year, Workplace Management will update the certificate that is used for the SSO connection. Currently, Azure will accept this certificate without any necessary steps from your end being necessary.

  • In case the certificate is renewed on the Azure end, Spacewell should be notified of this as soon as possible through the necessary support channels. Having provided Spacewell with the Federation Metadata URL will allow a Spacewell contact to easily update the necessary settings on the Workplace Management end. Should Spacewell not be notified, the SSO connection will cease to function once the certificate on the end of Azure expires.

...