Setup of SAML and SCIM for Azure

About

Users of Azure can integrate with Insightly via SAML & SCIM and once setup has occurred in both Insightly and Azure, users can be provisioned. The process defined in this article will guide Insightly System Admins through the process up SAML & SCIM setup for Azure; this process works in tandem with the setup of SAML and SCIM within Insightly as detailed in the Setting Up SAML and SCIM Integrations article. 

In this Article

Add a New Enterprise Application and Configure SAML

  1. To add a new enterprise application, navigate to https://portal.azure.com/#view/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/~/AppAppsPreview/menuId~/null

    1. Click New Application and then via the Browse screen, click Create Your Own Application.

    2. Provide a name for the application and select the Integrate any other application you don't find in the gallery (Non-gallery) option and click Create.

  2. To configure SAML, within Azure left click Single sign-on and select SAML from the options.

    1. Edit the Basic SAML Configuration section as applicable.

    2. Within Insightly, via System Settings > Security > SAML and SCIM, copy the Sign-in Page URL field and paste the URL into the into the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) fields within Azure. For configuration of SAML within Insightly, the Setting Up SAML & SCIM Integrations article can be reviewed.

    3. Edit the Attributes & Claims section as applicable and remove all additional claims. Insightly only needs the Required claim.

    4. To download the SAML Certification from Azure and upload it to Insightly, use either the Certificate (Base64) option or the Federation Metadata XML option to download from Azure.

      1. Within Insightly, navigate to System Settings > Security > SAML and SCIM and upload the certificate or metadata (only one is needed) and click Save. For configuration of SAML within Insightly, the Setting Up SAML & SCIM Integrations article can be reviewed. 


Configure SCIM

  1. To configure SCIM for Azure, ensure that SCIM is enabled in Insightly by reviewing the Setting Up SAML & SCIM Integrations article. 

  2. Within Azure, on the application’s page, select Provisioning from the left menu and click Get Started.

    1. Via the Provisioning Mode dropdown, select Automatic and paste the SCIM URL and the SCIM Token from Insightly into the Tenant URL and Secret Token fields and click Test Connection
       

    2. If the connection is successful, a notification in the top right corner of the page will display indicating that the supplied credentials are authorized to enable provisioning. 

    3. After the settings have been saved, attribute mapping options will appear. Click the Provision Azure Active Directory Groups option and disable it.

    4. Next, click the Provision Azure Directory Users option and clean delete all unused attributes leaving only the following: 

    5. To enable SCIM in Azure, via the Provisioning screen, click Start Provisioning. SAML and SCIM are now set up and users can be assigned to the app.

      1. User provisioning occurs on a schedule so users may not be immediately added to Insightly. Provisioning can be manually triggered via the Provisioning screen by clicking Provision on demand.


Was this article helpful?