Setting up your Corporategift.com SSO account? You can use Microsoft Azure as the identity provider (IdP) for your enterprise users to sign in to corporategift.com via SSO with their Microsoft account
Setting up your Corporategift.com SSO account?
You can use Microsoft Azure as the identity provider (IdP) for your enterprise users to sign in to corporategift.com via SSO with their Microsoft username and password.
Single Sign-On (SSO) brings the most secure access to Corporategift.com without the need of the corporategift sign in process, and authenticating with your enterprise's Azure account.
Every time you access Corporategift.com as an SSO user, it automatically reroutes you securely to Azure, and then after authentication, it routes you back to your corporategift.com account as a signed in user.
SSO uses the secure SAML 2.0 protocol to delegate the entire authentication process to Azure.
Prerequisites:
To configure SSO, you need:
- An Azure account with an active subscription.
- One of the following roles: Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal.
- Completion of the steps in Quickstart: Create and assign a user account.
Enable single sign-on:
- You need to login at: https://portal.azure.com/
- Go to Enterprise applications.
- Click New application.
- Click Create your own application.
- Enter the SAML application details:
- Application name: "Corporategift".
- Choose “Integrate any other application you dont find in the gallery (Non-gallery)".
- Click Create
- You will be redirected to the Corporategift application main page. You will now need to click Single-sign on.
- In the next screen choose SAML method
- Next we need to go through the setup SAML steps, Click Edit on the "Basic SAML Configuration" step:
- Fill the configuration details as bellow:
- In Identifier (Entity ID) field add new identifier like this:
https://api.corporategift.com/api/sso/Corporate Gift/metadata
IMPORTANT: You should replace Corporate Gift to your company name (no spaces, lower case). - Remove this first auto added option. (the one starting with "http://asapplicationregistery...")
- In the Reply URL section add:
https://api.corporategift.com/api/sso/Corporate Gift/acs
- Save.
- In Identifier (Entity ID) field add new identifier like this:
- Now we need to edit the User Attributes & Claims section:
- Click Edit:
- Click on Unique User Identifier
- Change the "Name identifier format" to Default and the "Source attribute" to user.userprincipalname.
- Save it.
- Next we will make some more changes to the Additional claims section:
- Delete rows data:
- emailaddress
- givenname
.png?width=688&height=273&name=unnamed%20(11).png)
- change the following rows:
replace - "https://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" to "name" and its value to "user.givername"
Finally it should looks like this:
replace - "https://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" to "surname" and its value to "user.surname".png?width=688&height=273&name=unnamed%20(12).png)
- Delete rows data:
- Click Edit:
- Last step is to copy the required data and email it your account success manager so corporategift.com can complete the setup and configure the SSO:
- Copy Login URL and Azure AD Identifier from step 4.
- Download the Certificate (Base64) in SAML Signing Certificate section
- Email both to your Account success manager.
That's it, once your account success manager confirms we are done on corporategift side you are ready to go.
12. Once the app is confirmed, go to Azure Active Directory > Enterprise Applications, and select the application you registered for SSO.
- Under Properties, toggle Visible to users to yes.
- Under "User and Groups" Assign users groups to be able to use the SSO
- Now the app can be added to a Collection for My Apps page for Azure Initiated Login.
Enjoy Gifting!