SSO - using Azure AD


For Pronestor Room & Catering in the cloud,  SSO is possible to setup through the customer's Azure AD. 

It will enable users to utilize their existing login credentials - and it will allow IT managers to ensure that logins and password policies to be maintained within their Azure AD.


Setting up SSO - is a two-step  setup:

1. step requires the customer to allow Pronestor to authenticate towards their Azure AD

2. step requires Pronestor to configure Pronestor Room & Catering to authenticate towards the customers Azure AD


In the example, an imagined customer, Acme Inc, is provisioned on https://<customer_name>

They are an Office 365 customer with the domain "". Their Office 365 account is backed by an underlying Azure Active Directory (Azure AD) instance.


1. STEP - [performed by the customer]

The customer must create a new application in Azure AD.

In this guide, we will reference the customer as by - which should be replaced with customer's domain.

  1. Login to Windows Azure portal -
  2. Select “Azure Active Directory” in the left-hand side menu.
  3. Choose "App registrations"
  4. Click "+ New application registration"
  5. In the name field - give your application a name (e.g. Pronestor Room & Catering)
  6. In application type choose the option “Web app/API"
  7. Set "Sign - on URL" : https://<customer_name>>/Booking.NET/Login.mvc/Login
  8. Click "Create"
  9. Choose "Settings"->"Properties"
  10. Copy text from "Home page URL" to "App ID URI" 
  11. Set "Multi-tenanted" to "No"
  12. Click "Save"  

2. STEP - [performed by Pronestor]

A SSO-configuration file name "saml.config" must be authored and placed in the root of the web directory, e.g. C:/inetpub/acme/saml.config. 

Its contents looks like the following:

<?xml version="1.0"?>
<SAMLConfiguration xmlns="urn:componentspace:SAML:2.0:configuration">
<ServiceProvider Name="https://<CUSTOMER_SITE_URL>/Booking.NET/Login.mvc/Login"
CertificatePassword="pro!nestor" />

<PartnerIdentityProvider Name="<TENANT_ID>/"
UseEmbeddedCertificate="true" />


Must be replaced by customers Azure tenant ID, which can be obtained from the target domain's publicly accessible "federation metadata":<DOMAIN>/FederationMetadata/2007-06/FederationMetadata.xml

where <DOMAIN> is replaced with the organization's domain.

The <TENANT_ID> can be gleaned from the "entityID" attribute from the root xml-element "EntityDescriptor", e.g.:
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="_4cc1521b-fde8-48e5-b641-5365f0854c66" entityID="<TENANT_ID>/">

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Powered by Zendesk