SSO - using Azure AD


For Pronestor Planner in the cloud,  SSO is possible to setup through the customer's Azure AD. This requires that you have Azure active directory integration setup.

It will enable users to utilize their existing login credentials - and it will allow IT managers to ensure that logins and password policies to be maintained within their Azure AD.


You have to have Azure Ad import setup firsts. See

The users login have to be their email.

Setting up SSO - is a two-step  setup:

1. step requires the customer to allow Pronestor to authenticate towards their Azure AD

2. step requires Pronestor to configure Pronestor Planner to authenticate towards the customers Azure AD


In the example, an imagined customer, Acme Inc, is provisioned on https://<customer_name>

They are an Office 365 customer with the domain "". Their Office 365 account is backed by an underlying Azure Active Directory (Azure AD) instance.


1. STEP - [performed by the customer]

The customer must create a new application in Azure AD.

In this guide, we will reference the customer as by - which should be replaced with customer's domain.

  1. Login to Windows Azure portal -
  2. Select “Azure Active Directory” in the left-hand side menu.
  3. Choose "App registrations"
  4. Click "+ New application registration"
  5. In the name field - give your application a name (e.g. Pronestor Planner)
  6. In application type choose the option “Web app/API"
  7. Set "Sign - on URL" : https://<customer_name>>/Booking.NET/Login.mvc/Login
  8. Click "Create"
  9. Choose "Settings"->"Properties"
  10. Copy text from "Home page URL" to "App ID URI" 
  11. Set "Multi-tenanted" to "No"
  12. Click "Save"  

2. STEP - [performed by Pronestor]

Please ask Pronestor to perform step two. We will need the following information:

Your customer URL

Your Azure tenant ID

A reference to this guide (the link won't work for you)


Customers Azure tenant ID, which can be obtained from the target domain's publicly accessible "federation metadata":<DOMAIN>/FederationMetadata/2007-06/FederationMetadata.xml

where <DOMAIN> is replaced with the organization's domain.

The <TENANT_ID> can be gleaned from the "entityID" attribute from the root xml-element "EntityDescriptor", e.g.:
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="_4cc1521b-fde8-48e5-b641-5365f0854c66" entityID="<TENANT_ID>/">

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Powered by Zendesk