Configuring Azure AD Single Sign On
If you've opted for Single Sign On (SSO) as part of your organization's GroupMap plan, please follow the instructions below to set up the GroupMap application in Azure Active Directory.
In your Azure Active Directory dashboard, select "Enterprise Applications"
Click "New Application"
Click "Create your own application"
- Select "Integrate any other application you don't find in the gallery (Non-gallery)" (at the time of writing GroupMap is not yet listed in the Azure Active Directory marketplace).
- Enter the application name "GroupMap"
On the Overview page, click on "Assign users and groups".
Click "Add user/group"
Click "None Selected" and start assigning the users of interest. Once all user have been selected, click on "Assign".
Back on the Overview page Click "Set up single sign on".
In the Single sign-on pane, select method "SAML".
- Edit the Basic SAML Configuration and enter the Identifier and Reply URLs provided by your GroupMap representative during onboarding. Both values are identical and will be in the format "https://yourcompany.groupmap.com/". In the future this will be the URL you can browse to in order to sign directly into GroupMap.
- Click "Save"
- Edit the "Attributes and Claims" section to show the following:
- "Unique User Identifier (Name ID)": user.mail
- "emailaddress": user.mail
- "givenname": user.givenname
- "name": user.principalname
- "surname": user.surname
Make sure to Save your changes.
Back on the Single sign-on page download a copy of the Certificate (Base 64) in the "SAML Certificates" section - you'll need to provide a copy to your GroupMap onboarding contact.
- You'll also be presented with a set of information we require. The key section is below: make note of the following information and pass it to your GroupMap contact:
- Login URL
- Azure AD Identifier
Congratulations! The Azure AD integration is ready to go on your side. Once GroupMap has received the information above we'll let you know once single sign-on has been enabled and is ready to use.
Once you've completed the steps above and the GroupMap team has enabled Single Sign-On for your organization, any existing GroupMap email login accounts matching your company's domain (eg. email@example.com) will be migrated to use SSO sign in; and you will no longer be able to sign in using your old GroupMap email / password combinations.
Users who attempt to sign via the GroupMap login screen will be prompted to browse to your SSO login page - https://yourcompany.groupmap.com/