After SAML setup in Microsoft Azure is completed, a user from the client company will create an account in ARC FACILITIES (this user becomes the account owner) and then create a contact group in ARC FACILITIES. 

The basic workflow is as follows:

  • A user opens ARC Facilities application through web browser
  • Upon reaching the login screen user navigates to Login through SSO screen where user enters email ID
  • ARC Facilities detects that the account is setup for SSO and redirects the user to the IDP. 
  • The user enters their credentials with the IDP.
  • The IDP validates the user, then redirects the user back to ARC Facilities, providing the user’s information and groups to ARC Facilities

ARC Facilities, using the information provided by the IDP, logs the user into their account and sets permissions as defined for the user’s group

Steps to gather config info from Microsoft Azure (IDP)

To configure the Identity Provider to be used with ARC Facilities, you will need to enter some information into the IDP and extract some information for ARC Facilities. 

 Selection of Identity provider and entering domain name

  • Click on the profile button in the application and then click SSO to open the SSO setting page.
  • Select the Identity provider as “Entra ID- AZURE AD”. 
  • Then enter your company domain name in the domain name text box in the below shown screen.

 

Identity provider configuration (It can be done in two ways):

  1. Pasting the IDP metadata URL in the blank box 
    1. Copy the App Federation metadata URL from the IDP page.
    2. Next paste the App Federation Metadata URL in the ARC Facilities application 

 

3. Once done scroll down and click the [Save] button to successfully configure SSO for your account.

 

  1. Adding the IDP metadata URL manually

Click on the [Add Manually] button under Identity provider configuration in ARC Facilities application. 

 

 

Open the IDP page for Microsoft Azure & follow the below mentioned steps:

 

  • Copy the Login URL and Microsoft Entra Identifier from the IDP page as shown in the below screenshot. 

  • Login URL to be pasted in the blank box of “Identity provider SSO URL” & “Microsoft Entra Identifier” to be pasted in “Identity provider URL (Entity ID)”.

              

  • From the IDP page SAML Certificates section download a copy of the Certificate (Raw) from the IDP.

  • Once downloaded upload the certificate in the application SSO page.

  • Now you need to compare & verify the following data between the application SSO page and IDP page opened in the background.
  1. Attributes & Claims

On the IDP page you can find the ‘Attribute & claims’ heading, click on [Edit] button present beside it to open the details page of it. Then compare the data there with the application’s SSO page.

Screenshot below shows the IDP page’s Additional claims section

 

Screenshot below displays application SSO page’s attribute mapping section

Now, you need to match both the screen and verify whether the IDP page’s additional claims section data is similar with the application SSO page’s Attribute mapping data or not. If found mismatched, click on [Edit attribute] button to enter the correct data from the IDP page.


Note: These mappings are case sensitive and must be matched exactly.