Microsoft Azure Integration
In this document, we show how to configure user provisioning and Single Sign-On between a Microsoft Entra ID tenant and a Base-B account.
The document assumes that you are already using Microsoft Office 365 ID or Microsoft Entra ID in your organization and want to use Microsoft Entra ID to allow users to authenticate with Base-B. Microsoft Entra ID itself can be connected to an on-premises Active Directory and use Entra ID federation, pass-through authentication, or password hash synchronization.
Requirements
Configuration Steps
Known Issues/Troubleshooting
User provisioning based on the SCIM protocol and Single Sign-On via SAML are only available for paying customers on Base-B.
Refer to the Microsoft Entra ID pricing page to see the applicable fees for using Microsoft Entra ID.
Configure the provisioning functionality and single sign-on as follows.
In Microsoft Azure, under Enterprise Applications, you will need to follow these steps:
Click the “New Application” button
Search for Base-B and select the Base-B application
Once the application is added, go to the Single Sign-On page
In step 1 (Basic SAML Configuration), fill in the fields:
Fill in the "Identifier" field with a name for the application
In the "Reply URL" field, enter the Base-B URL https://api.baseb.app/v1/sso/saml?companyGroupId=id. Don't forget to replace "id" with your company’s ID.
In step 3 (SAML Certificates), click edit and then select the option “Sign SAML response and assertion” and click save
Download and copy the content of the certificate available in step 3 (SAML Certificates)
In Settings > Integrations > Applications, select the Microsoft Azure integration
A screen will be presented which should be filled out as instructed below:
In the certificate field, enter the certificate downloaded from "SAML Certificates" in Microsoft Azure
In the Audience field, enter the Identifier provided in the "Basic SAML Configuration" of Microsoft Azure
After clicking "Save," an API Key will be provided. Click copy to use it for user provisioning
Go to the Provisioning page
Click "Edit Provisioning"
Go to the "Admin Credentials" tab and fill in the fields:
In the "Tenant URL" field, enter the Base-B URL "https://api.baseb.app/scim/v2/"
In the "Secret Token" field, enter the API Key.
Click "Save"
If you have questions or difficulties with the Base-B/Microsoft Azure integration, contact Base-B support via suporte@baseb.com.br
The document assumes that you are already using Microsoft Office 365 ID or Microsoft Entra ID in your organization and want to use Microsoft Entra ID to allow users to authenticate with Base-B. Microsoft Entra ID itself can be connected to an on-premises Active Directory and use Entra ID federation, pass-through authentication, or password hash synchronization.
Contents
Requirements
Configuration Steps
Known Issues/Troubleshooting
Requirements
User provisioning based on the SCIM protocol and Single Sign-On via SAML are only available for paying customers on Base-B.
Refer to the Microsoft Entra ID pricing page to see the applicable fees for using Microsoft Entra ID.
Configuration Steps
Configure the provisioning functionality and single sign-on as follows.
Enable Single Sign-On functionality
In Microsoft Azure
In Microsoft Azure, under Enterprise Applications, you will need to follow these steps:
Click the “New Application” button
Search for Base-B and select the Base-B application
Once the application is added, go to the Single Sign-On page
In step 1 (Basic SAML Configuration), fill in the fields:
Fill in the "Identifier" field with a name for the application
In the "Reply URL" field, enter the Base-B URL https://api.baseb.app/v1/sso/saml?companyGroupId=id. Don't forget to replace "id" with your company’s ID.
In step 3 (SAML Certificates), click edit and then select the option “Sign SAML response and assertion” and click save
Download and copy the content of the certificate available in step 3 (SAML Certificates)
In Base-B
In Settings > Integrations > Applications, select the Microsoft Azure integration
A screen will be presented which should be filled out as instructed below:
In the certificate field, enter the certificate downloaded from "SAML Certificates" in Microsoft Azure
In the Audience field, enter the Identifier provided in the "Basic SAML Configuration" of Microsoft Azure
After clicking "Save," an API Key will be provided. Click copy to use it for user provisioning
Enable User Provisioning functionality
In Microsoft Azure
Go to the Provisioning page
Click "Edit Provisioning"
Go to the "Admin Credentials" tab and fill in the fields:
In the "Tenant URL" field, enter the Base-B URL "https://api.baseb.app/scim/v2/"
In the "Secret Token" field, enter the API Key.
Click "Save"
Known Issues/Troubleshooting
If you have questions or difficulties with the Base-B/Microsoft Azure integration, contact Base-B support via suporte@baseb.com.br
Updated on: 05/17/2024
Thank you!