In this document, we show how to configure user provisioning and Single Sign-On between a Microsoft Entra ID tenant and a Base-B account.

The document assumes that you are already using Microsoft Office 365 ID or Microsoft Entra ID in your organization and want to use Microsoft Entra ID to allow users to authenticate with Base-B. Microsoft Entra ID itself can be connected to an on-premises Active Directory and use Entra ID federation, pass-through authentication, or password hash synchronization.

Contents

• Requirements
• Configuration Steps
• Known Issues/Troubleshooting

Requirements

User provisioning based on the SCIM protocol and Single Sign-On via SAML are only available for paying customers on Base-B.

Refer to the Microsoft Entra ID pricing page to see the applicable fees for using Microsoft Entra ID.

Configuration Steps

Configure the provisioning functionality and single sign-on as follows.

Enable Single Sign-On functionality

In Microsoft Azure

In Microsoft Azure, under Enterprise Applications, you will need to follow these steps:

1. Click the “New Application” button

2. Search for Base-B and select the Base-B application

3. Once the application is added, go to the Single Sign-On page

4. In step 1 (Basic SAML Configuration), fill in the fields:

• Fill in the "Identifier" field with a name for the application
• In the "Reply URL" field, enter the Base-B URL https://api.baseb.app/v1/sso/saml?companyGroupId=id. Don't forget to replace "id" with your company’s ID.

5. In step 3 (SAML Certificates), click edit and then select the option “Sign SAML response and assertion” and click save

6. Download and copy the content of the certificate available in step 3 (SAML Certificates)

In Base-B

1. In Settings > Integrations > Applications, select the Microsoft Azure integration

2. A screen will be presented which should be filled out as instructed below:

• In the certificate field, enter the certificate downloaded from "SAML Certificates" in Microsoft Azure
• In the Audience field, enter the Identifier provided in the "Basic SAML Configuration" of Microsoft Azure

3. After clicking "Save," an API Key will be provided. Click copy to use it for user provisioning

Enable User Provisioning functionality

In Microsoft Azure

1. Go to the Provisioning page

2. Click "Edit Provisioning"

3. Go to the "Admin Credentials" tab and fill in the fields:

• In the "Tenant URL" field, enter the Base-B URL "https://api.baseb.app/scim/v2/"
• In the "Secret Token" field, enter the API Key.

4. Click "Save"

Known Issues/Troubleshooting

If you have questions or difficulties with the Base-B/Microsoft Azure integration, contact Base-B support via suporte@baseb.com.br

Updated on: 12/13/2024