Azure AD Settings (for Organizations)

This function is being provided as a proof-of-concept experiment. If you would like to use it, please contact us using the form below.
Inquiry Form

 

Functional Overview

We will set up AzureAD SAML2.0 authentication to log in to the ovice account. Once authenticated, the user will have member privileges to access all spaces belonging to the organization.

 

Advance Preparation

1. Make sure you have the necessary permissions to set it up

  • Assigning the Azure AD "Application Administrator" role
  • ovice's organization owner or group that has been assigned  the permission group

2. Click the three dots in the space header and select the "Organization" tab.
The Organization tab is only accessible to  organization owners.

alt

3. Click on "Organization Settings" → "Integration"

4. Click on the "Azure AD SAML" app

Screenshot 2023-10-10 at 11.48.42 AM.png

5. Enter "." (or any other dummy strings) for the Microsoft Entra ID Identifier,  Login URL, Logout URL, and Certificate (Base64). The correct input values ​​will be set later.

Screenshot 2023-10-10 at 10.21.14 AM.png

9. Click "Save"

10. Click on the "Azure AD SAML" app and reopen it

Do not close the setting screen in this state.

 

Azure AD configuration

1.  Access  https://portal.azure.com/#home

2. Click "Microsoft Entra ID"

Screenshot 2023-10-06 at 7.58.52 AM.png

3. Click "+ Add"

4. Click "Enterprise application"

5. Click "Create your own application"

Screenshot_2023-03-24_at_2.32.38_PM.png

6. Enter a name and click "Create."

There is no need to change any other options on this screen.

7. Click "Set up single sign-on" → "SAML"

8. Click "Edit" for Basic SAML Configuration

Screenshot_2023-03-24_at_2.36.19_PM.png

9. Click "Add Identifier" and "Add Response URL" to display the input area for each.

10.  Copy and paste the items displayed on the AzureAD screen you prepared in  advance to the AzureAD side.

ovice setting screen (copy source) AzureAD settings screen (paste destination)
Identifier Identifier (Entity ID)
Reply URL Reply URL (Assertion Consumer Service URL)
IDP Login URL Sign on URL (Optional)

Screenshot 2023-10-10 at 10.27.20 AM.png

*In the above image, the ovice screen is on the left and the AzureAD screen is on the right.

11. Click "Save" and close the Basic SAML Configuration with the X button

Screenshot_2023-03-24_at_2.52.57_PM.png

12. Click "Edit" for Attributes and Claims

Screenshot 2023-10-06 at 8.29.58 AM.png

13. Amendments to Existing Claims

Click on the following two items in "Additional Requests", update the changes and click "Save".

The value of the claim to be changed changes
user.mail Change the name to "mail"
user.userprincipalname Change the source attribute to "user.displayname"
*No double quotes around it.

 

14. Addition of new claims

Click "Add new claim", register the following two items, and then click "Save".

Screenshot 2023-10-06 at 8.40.39 AM.png

name Namespace Source Attribute
department http://schemas.xmlsoap.org/ws/2005/05/identity/claims user.department
jobtitle http://schemas.xmlsoap.org/ws/2005/05/identity/claims user.jobtitle

*There are no double quotes around the source attribute.

15. Close attributes and claims with the X button

16. Click "Users and Groups" on the side menu → "Add User/Group"

Screenshot_2023-03-24_at_3.32.13_PM.png

17. Click on "None Selected" for the user

18. Select any user and click "Select"

19. Click "Assign"

Screenshot_2023-03-24_at_3.36.18_PM.png

20. Click "Single Sign-On" on the side menu → "Download" for Certificate (Base64)

Screenshot_2023-03-24_at_2.57.43_PM.png

21. Check the item "Set up XX (any name)"

Screenshot 2023-10-06 at 8.13.52 AM.png

Do not close the Azure AD settings screen in this state.

 

ovice Settings

1. Copy and paste the items in step 21 of  the AzureAD settings  to the ovice settings screen

AzureAD settings screen (copy source) ovice setting screen (paste destination)
Login URL

IDP Login URL

Microsoft Entra ID Identifier Entity ID
Logout URL

IDP Logout URL

Screenshot 2023-10-10 at 10.31.46 AM.png

*In the above image, the AzureAD  screen is on the left and the ovice screen is on the right.

3.  Open the certificate downloaded in step 20  of the Azure AD settings  in a  text editor app on your computer.

*For Mac, right-click the certificate file and select "Open with other application" to open it with the "TextEdit" app.

4. Copy all and paste into IDP 509 Cert

*Please include "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----".

5. Click "Save"

 

Log in using AzureAD (organization)

Please refer to the following to log in.
Logging in using Azure AD (organization)

 

If you fail to log in using Azure AD (organization)

Please check the following:

 

Tips

  • Space access settings or Blacklists for each space in an organization take precedence.
  • When authenticating with Azure AD (organization), if a new ovice account is created, the display name, department, and job title of the Microsoft account will be automatically reflected in the account information.
  • If you have already accessed the ovice space and changed your account information, the Microsoft account information will not be reflected in ovice during Azure AD authentication.
  • If the Azure AD settings screen does not appear, try forcing a refresh of the screen.
    How to force a refresh

Articles in this section

See more