The objective of this tutorial is to show the integration of Azure and Humanity. After completing this tutorial, the Azure AD users you have assigned to Humanity will be able to single sign into the application at your Humanity company site (service provider initiated sign on) or using the Introduction to the Access Panel.
Things to know before you begin:
To configure Azure AD integration with Humanity, you need the following items:
- An Azure AD subscription.
- A Humanity single-sign-on enabled subscription.
- You should have at least one active directory created on Azure.
The scenario outlined in this tutorial consists of the following building blocks:
- Enabling the application integration for Humanity
- Configuring single sign-on
- Configuring user provisioning
- Assigning users
Enabling the Application Integration for Humanity
Step 1: Login to https://portal.azure.com and click Azure Active Directory as shown in Image 1
Step 2: Click Enterprise Applications as shown in Image 2
Step 3: Click New application Tab as shown in Image 3
Step 4: Under Add from the gallery textbox type "Humanity", Humanity Application will pop up as shown in Image 4
Step 5: Click on "Humanity". The description of this app will be shown, click Add as shown in Image 5
Configuring single sign-on
Step 1: The Quick Start page will open. Click Configure single sign-on (required) as shown in Image 6
Step 2: From the Single Sign-on Mode drop-down select SAML-based Sign-on as shown in Image 7
Step 3: Now login to your Humanity account in a new browser tab and go to Settings (Gear icon), then click Single Sign-On tab from the left panel. Check the boxes next to SAML Enabled and Allow Password Login options as shown in Image 8
Step 4: Copy the SAML Login URL as shown in Image 9
Step 5: Switch to the tab where you opened Azure and paste it to Sign on URL and Identifier (Entity ID) text boxes. In Identifier (Entity ID) textbox replace the “includes/saml” with “app” as shown in Image 9
Step 6: From the User Identifier drop-down select "user.email" as shown in Image 9
Step 7: Scroll down the page, and click Configure Humanity as shown in Image 10
Step 8: Scroll down the opened panel to Quick Reference section and do the following as shown in Image 11
- Copy Azure AD Single Sign-On Service URL (in this example it’s https://login.microsoftonline.com/dff1b1c5-d5d2-4483-bf02-866215073ed0/saml2 ) and paste it into the SAML Issuer URL textbox on Humanity.
- Copy Azure AD Sign Out URL (in this example it’s https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0 ) and paste it into theRemote Logout URL textbox on Humanity.
- Click Download Azure AD Signing Certificate (Base64 encoded) link. When the file downloads, open it from a text editor (like Notepad in Windows, TextEdit on Mac, gedit on Linux, Sublime Text, etc.).
Once you have completed the steps, you will be able to view the content as shown in Image 12
Step 9: Copy the content, and paste it into the X.509 Certificate textbox on Humanity
When it's completed, the form on Humanity side would look like Image 13
Step 10: Click Save Settings tab
Configuring User Provisioning
Provisioning of users is a manual process. The azure administrator should add all the users from Azure to Humanity, make sure that Humanity emails and Azure usernames match, and activate Humanity user profiles so they can log in to Humanity. If there is no user profile on Humanity side with an email that matches username of currently signed in Azure user, the error message like this will pop up:
Note: Humanity Single Sign-On feature uses SAML 2.0 and email as a unique identifier of a user.
Close both Configure sign-on and Single Sign-on panels. Now you need to assign some users from Azure Active Directory to newly created Humanity application to allow them to use it.
Step 1: Click Users and groups and Click + Add user, as shown in Image 14, it will redirect you to a new panel named Add Assignment.
Step 2: Click None Selected and from the right side panel, check the boxes next to the name of the userswho should have access to Humanity via Azure. Click Select tab once the selection is complete as shown in Image 15
Step 3: Click Assign tab to assign selected users as shown in Image 16
When successful, the popup message would appear on your screen as shown below:
Now, you would need to add corresponding users on Humanity.
Step 4: Go to Staff tab, click Add Employees, Enter their First Name, Last Name and Email address so that their emails match Azure usernames or import employees by creating a .CSV file/.XLSX file as shown inImage 17
Note: After adding the employees, you will be prompted to assign them position/s which is an optional step. Also, to allow users to log in, their profiles must be activated.
- Import Employees From a .csv/.xlsx file
- Send Activation Emails / Manually Activate
- Not-Activated / Bulk Activation
If you have any queries, please don't hesitate to reach us at firstname.lastname@example.org. Happy Scheduling!