SSO Setup Instructions for Azure IdP

After completing the integration to Azure AD users you have assigned to Humanity will be able to single sign on to the application.

Yasir Ehsan avatar
Written by Yasir Ehsan
Updated over a week ago

Objective

The objective of this tutorial is to show the integration of Azure and Humanity. After completing this tutorial, the Azure AD users you have assigned to Humanity will be able to single sign into the application at your Humanity company site (service provider initiated sign on) or using the Introduction to the Access Panel.
 

Things to know before you begin:

To configure Azure AD integration with Humanity, you need the following items:

  1. An Azure AD subscription.

  2. A Humanity single-sign-on enabled subscription.

  3. You should have at least one active directory created on Azure.

The scenario outlined in this tutorial consists of the following building blocks:

Enabling the Application Integration for Humanity

Step 1: Login to https://portal.azure.com and click Azure Active Directory as shown in Image 1
 

Image 1

Step 2: Click Enterprise Applications as shown in Image 2
 

Image 2

Step 3: Click New application Tab as shown in Image 3
 

Image 3

Step 4: Under Add from the gallery textbox type "Humanity", Humanity Application will pop up as shown in Image 4
 

Image 4

Step 5: Click on "Humanity". The description of this app will be shown, click Add as shown in Image 5
 

Image 5

                                                                                                                           Back to Top

Configuring single sign-on

Step 1: The Quick Start page will open. Click Configure single sign-on (required) as shown in Image 6
 

Image 6

 

Step 2: From the Single Sign-on Mode drop-down select SAML-based Sign-on as shown in Image 7
 

Image 7

 

Step 3: Now login to your Humanity account in a new browser tab and go to Settings (Gear icon), then click Single Sign-On tab from the left panel. Check the boxes next to SAML Enabled and Allow Password Login options as shown in Image 8
 

Image 8

 

Step 4: Copy the SAML Login URL as shown in Image 9

Step 5: Switch to the tab where you opened Azure and paste it to Sign on URL and Identifier (Entity ID) text boxes. In Identifier (Entity ID) textbox replace the “includes/saml” with “app” as shown in Image 9

Step 6: From the User Identifier drop-down select "user.email" as shown in Image 9
 

Image 9

 

Step 7: Scroll down the page, and click Configure Humanity as shown in Image 10
 

Image 10

 

Step 8: Scroll down the opened panel to Quick Reference section and do the following as shown in Image 11

 

 

  • Click Download Azure AD Signing Certificate (Base64 encoded) link. When the file downloads, open it from a text editor (like Notepad in Windows, TextEdit on Mac, gedit on Linux, Sublime Text, etc.).

 

Image 11

Once you have completed the steps, you will be able to view the content as shown in Image 12

Step 9: Copy the content, and paste it into the X.509 Certificate textbox on Humanity
 

Image 12

 

When it's completed, the form on Humanity side would look like Image 13

Step 10: Click Save Settings tab
 

Image 13

                                                                                                                     Back to Top

Configuring User Provisioning

Provisioning of users is a manual process. The azure administrator should add all the users from Azure to Humanity, make sure that Humanity emails and Azure usernames match, and activate Humanity user profiles so they can log in to Humanity. If there is no user profile on Humanity side with an email that matches username of currently signed in Azure user, the error message like this will pop up:
 

Note: Humanity Single Sign-On feature uses SAML 2.0 and email as a unique identifier of a user.

                                                                                                                    Back to Top

Assigning Users

Close both Configure sign-on and Single Sign-on panels. Now you need to assign some users from Azure Active Directory to newly created Humanity application to allow them to use it.

Step 1: Click Users and groups and Click + Add user, as shown in Image 14, it will redirect you to a new panel named Add Assignment.

 

Image 14

Step 2: Click None Selected and from the right side panel, check the boxes next to the name of the userswho should have access to Humanity via Azure. Click Select tab once the selection is complete as shown in Image 15
 

Image 15

Step 3: Click Assign tab to assign selected users as shown in Image 16

 

 

Image 16

When successful, the popup message would appear on your screen as shown below:

 

Now, you would need to add corresponding users on Humanity.

Step 4: Go to Staff tab, click Add Employees, Enter their First Name, Last Name and Email address so that their emails match Azure usernames or import employees by creating a .CSV file/.XLSX file as shown inImage 17
 

Image 17

Note: After adding the employees, you will be prompted to assign them position/s which is an optional step. Also, to allow users to log in, their profiles must be activated.

                                                                                                                         Back to Top

Related Articles:

If you have any queries, please don't hesitate to reach us at support@humanity.com. Happy Scheduling!

Did this answer your question?