For Pronestor in the cloud, SSO is possible to setup through the customer's Azure Active Directory. This requires that you have Azure active directory integration setup.
It will enable users to utilize their existing login credentials - and it will allow IT managers to ensure that logins and password policies to be maintained within their Azure Active Directory.
- That all users are created in Pronestor Planner with the same login as your Azure Active Directory. For example through a user import. See https://helpdesk.pronestor.com/hc/en-us/articles/360020837612-Azure-Active-Directory-integration
Setting up SSO - is a two-step setup:
1. step requires the customer to allow Pronestor to authenticate towards their Azure Active Directory
2. step requires Pronestor to configure Pronestor Planner to authenticate towards the customers Azure Active Directory
In the example, an imagined customer, Acme Inc, is provisioned on https://<customer_name>.pronestor.com
They are an Office 365 customer with the domain "acme.com". Their Office 365 account is backed by an underlying Azure Active Directory (Azure Active Directory) instance.
1. STEP - [performed by the customer]
The customer must create a new application in Azure Active Directory.
In this guide, we will reference the customer as by acme.com - which should be replaced with customer's domain.
- Login to Windows Azure portal - https://manage.windowsazure.com
- Select “Azure Active Directory” in the left-hand side menu.
- Choose "App registrations"
- Click "+ New application registration"
- In the name field - give your application a name (e.g. Pronestor Planner)
- In application type choose the option “Web app/API"
- Set "Sign - on URL" : https://<customer_name>.pronestor.com>/Booking.NET/Login.mvc/Login
- Click "Create"
- Choose "Settings"->"Properties"
- Copy "https://<customer_name>.pronestor.com>/Booking.NET/Login.mvc/Login" to "App ID URI"
- Set "Multi-tenanted" to "No"
- Click "Save"
This is where the link needs to be in azure:
2. STEP - [performed by Pronestor]
Please ask Pronestor to perform step two. We will need the following information:
Your customer URL
Your Azure tenant ID
A reference to this guide (the link won't work for you) https://helpdesk.pronestor.com/hc/en-us/articles/115003547266
What is <TENANT_ID> ?
Customers Azure tenant ID, which can be obtained from the target domain's publicly accessible "federation metadata":
where <DOMAIN> is replaced with the organization's domain.
The <TENANT_ID> can be gleaned from the "entityID" attribute from the root xml-element "EntityDescriptor", e.g.:
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="_4cc1521b-fde8-48e5-b641-5365f0854c66" entityID="https://sts.windows.net/<TENANT_ID>/">