1. SPOTIO
  2. Integrations
  3. Integrations

Integrations

Search

SAML Integration with Microsoft Entra Id

Brandy Billiot
Brandy Billiot
  • Updated

Introduction

This document outlines the steps to configure the System for SINGLE SIGN-ON (SSO) for SPOTIO within the Microsoft Entra Admin Center. The process includes setting up a new application

Steps

Step 1: Create a New Application in Microsoft Entra

  • Navigate to the Microsoft Entra Admin Center.
  • Go to Applications -> Enterprise applications.
  • Click on New application.
  • Select Create your own application.
  • Enter the application name as SPOTIO.
  • Choose the option Integrate any other application you don't find in the gallery (Non-gallery).
  • Save the application

Step 2: Spotio Application

  • Log in to your SPOTIO account.
  • Navigate to Settings -> Integration -> Single Sign-On (SSO) Spotio SSO
    image6.png

Step 3: Configure Azure SAML

  • Navigate to the created application
  • Go to SSO section and select SAML methodimage4.png
  • Now you should see configuration for saved application
    image5.png
  • Edit basic SAML configuration
  • In Spotio go to SSO settings
  • Copy data from Spotio
    • Set Audience with value: Spotio and copy it to MicrosoftEntraId
    • Copy ACS (CONSUMER) URL from Spotio to MicrosoftEntraIdimage7.png
  • Save Basic SAML Configuration

Step 4: Configure Spotio SSO

  1. From the section SAML certificate copy:
  • App Federation Metadata URL from MicrosoftEntraId to Spotio configuration ISSUER URL 
  • Certificate (base64) to X.509 CERTIFICATE (PEM)

image8.png

  • Save configuration in Spotio and MicrosoftEntraId

If you see the error message you have to add users / groups to the application
image3.png

image9.png

 

 

SCIM Integration with MicrosoftEntraId

Introduction

SCIM configuration for MicrosoftEntraId requires Azure Databricks account (must have the Premium plan).
https://learn.microsoft.com/en-us/azure/databricks/administration-guide/users-groups/scim/aad

 

This document outlines the steps to configure System for Cross-domain Identity Management (SCIM) for SPOTIO within the Microsoft Entra Admin Center. The process includes setting up a new application, generating a token in SPOTIO, and configuring provisioning settings in Microsoft Entra.

Steps

Step 1: Create a New Application in Microsoft Entra

  • Navigate to the Microsoft Entra Admin Center.
  • Go to Applications -> Enterprise applications.
  • Click on New application.
  • Select Create your own application.
  • Enter the application name as SPOTIO.
  • Choose the option Integrate any other application you don't find in the gallery (Non-gallery).
  • Save the application.

Step 2: Generate SCIM Token in SPOTIO

  • Log in to your SPOTIO account.
  • Navigate to Settings -> Integration -> Single Sign-On (SSO).
  • In the SCIM section, click on Generate Token.
  • Copy the SCIM BASE URL and the SCIM BEARER TOKEN.

Step 3: Configure SCIM Provisioning in Microsoft Entra

  • Return to the Microsoft Entra Admin Center.
  • Navigate to Applications -> Enterprise applications -> SPOTIO.
  • Go to Provisioning -> Manage -> Provisioning.
  • Set the Provisioning Mode to Automatic.
  • In the Admin Credentials section, enter the following:
    • Tenant URL: Paste the SCIM BASE URL from SPOTIO.
    • Secret Token: Paste the SCIM BEARER TOKEN from SPOTIO.
  • Click on Test Connection.
  • If the connection is successful, click Save.

Step 4: Configure Attribute Mappings

  • In the Mappings section, click on Provision Microsoft Entra ID Groups.

For the attribute displayName, set the Expression to:
Switch([displayName], "Sales", "SPOTIO Admins", "Admins", "SPOTIO Managers", "Managers", "SPOTIO Sales", "Sales")

image2.png

    • This expression maps groups from Microsoft Entra to groups in SPOTIO. In this example, there are three groups in Microsoft Entra: SPOTIO Admins, SPOTIO Managers, and SPOTIO Sales.
    • Save the settings.
  • Next, in the Mappings section, click on Provision Microsoft Entra ID Users.
    • Configure the following attribute mappings:
      • userName
      • active
      • emails[type eq "work"].value
      • name.givenName
      • name.familyName
      • name.formatted
      • phoneNumbers[type eq "work"].value
  • Map these attributes to the corresponding Microsoft Entra ID Attribute.
  • Save the settings.

Step 5: Assign Groups or Users in Microsoft Entra

  • In Microsoft Entra, navigate to Applications -> Enterprise applications -> SPOTIO -> Users and Groups.
  • Assign the groups or users you want to synchronize to the SPOTIO application.

Step 6: Start Provisioning

  • Return to the Provisioning section.
  • Click on Start provisioning to begin the synchronization process.

 

Was this article helpful?

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.