SSO - using Azure Active Directory

For Pronestor in the cloud,  SSO is possible to setup through the customer's Azure Active Directory. This requires that you have Azure active directory integration setup.

It will enable users to utilize their existing login credentials - and it will allow IT managers to ensure that logins and password policies to be maintained within their Azure Active Directory.


Setting up SSO - is a two-step  setup:

1. step requires the customer to allow Pronestor to authenticate towards their Azure Active Directory

2. step requires Pronestor to configure Pronestor Planner to authenticate towards the customers Azure Active Directory


In the example, an imagined customer, Acme Inc, is provisioned on https://<customer_name>

They are an Office 365 customer with the domain "". Their Office 365 account is backed by an underlying Azure Active Directory (Azure Active Directory) instance.


1. STEP - [performed by the customer]

The customer must create a new application in Azure Active Directory.

In this guide, we will reference the customer as by - which should be replaced with customer's domain.

  1. Login to Windows Azure portal -
  2. Select “Azure Active Directory” in the left-hand side menu.
  3. Choose "App registrations"
  4. Click "+ New application registration"
  5. In the name field - give your application a name (e.g. Pronestor Planner)
  6. In application type choose the option “Web app/API"
  7. Set "Sign - on URL" : https://<customer_name>>/Booking.NET/Login.mvc/Login
  8. Click "Create"
  9. Choose "Settings"->"Properties"
  10. Copy "https://<customer_name>>/Booking.NET/Login.mvc/Login" to "App ID URI" 
  11. Set "Multi-tenanted" to "No"
  12. Click "Save"  

This is where the link needs to be in azure:


2. STEP - [performed by Pronestor]

Please ask Pronestor to perform step two. We will need the following information:

Your customer URL

Your Azure tenant ID

A reference to this guide (the link won't work for you)


What is <TENANT_ID> ?

Customers Azure tenant ID, which can be obtained from the target domain's publicly accessible "federation metadata":<DOMAIN>/FederationMetadata/2007-06/FederationMetadata.xml

where <DOMAIN> is replaced with the organization's domain.

The <TENANT_ID> can be gleaned from the "entityID" attribute from the root xml-element "EntityDescriptor", e.g.:
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="_4cc1521b-fde8-48e5-b641-5365f0854c66" entityID="<TENANT_ID>/">

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Powered by Zendesk