Skip to content
English
Support Ticket
  • There are no suggestions because the search field is empty.

Single Sign-on with Azure AD

How to set up users to sign in with SSO through Azure

  • Different eSPACE Subscription Tiers include Different Features Including Single Sign On
    • In order to know if this feature is included in your eSPACE subscription tier, please contact support@espace.cool.

  • Viewing Your Subscription Details
    • Each eSPACE admin with access to Billing can view what subscription tier your organization currently has and everything that is included in their account under Settings > Other > Billing > Manage.

For those who are on an eSPACE subscription tier that includes Single Sign On, you will be able to configure your organization's eSPACE account to be accessed and users to be authenticated via your network provider.  For more information general on how SAML SSO works with eSPACE, please read this article: How SAML Single Sign-On Works

  • Only eSPACE Admins can get to the SSO Integration Setup page in eSPACE

 

The following instructions will help you configure eSPACE to allow Single Sign-on through your Azure AD account.

  1. Login to portal.azure.commceclip1.png
  2. Click Azure Active Directorymceclip2.png
  3. On left side, click Enterprise Applicationsmceclip3.png
  4. Click "+ New Application"mceclip7.png
  5. Search for "Azure AD SAML" and click "Azure AD SAML Toolkit", the click "Create"
    • You can also choose to "Create your own application" (select the "Non-Gallery" option).mceclip8.gif
  6. Click "Set up single sign on" option under Getting Startedmceclip6.png
  7. Click SAML option
  8. Edit the Basic SAML Configuration panel
    1. For Identifier, set to https://app.espace.cool
    2. For the Reply URL (ACS URL) enter the value from eSPACE SSO Setup page
    3. For Sign-on URL enter https://app.espace.cool/Account/SSOAuth  
    4. Click "Save" for the panelmceclip0.png
  9. Edit the "Attributes & Claims" panel
    • In the Additional Claims:
      1. Click the row with Value "user.mail" and update the following (and "Save" when done):
        • Name is email
        • Namespace is blank
      2. Click the row with Value "user.givenname" and update the following (and "Save" when done):
        • Name is firstname
        • Namespace is blank
      3. Click the row with Value "user.surname" and update the following (and "Save" when done):
        • Name is lastname
        • Namespace is blankmceclip1.png
  10. In the SAML Signing Certificate
    • Download the  Federation Metadata XML, and upload to the eSPACE SSO Setup page.
    • The previous step should populate the Certificate and and Single Sign On Service URL.mceclip3.png
  11. In the Required Attributes section of eSPACE, confirm the attribute names match what was entered in the Attribute and Claims section above (email, firstname, lastname).  These fields are case sensitive and you must enter them exactly as seen in step 9.  mceclip1.png
  12. On the Properties page (of Azure) modify the name, logo, and assignment setting and visibility of the app.  Use the Users and Groups page to manage who can access the app.
    • If a "Create new login..." option is selected, be sure to select the appropriate login account to be cloned for any new users provisioned via SSO.  eSPACE will copy all settings and configurations about the user (including roles, module access, location access).  The following WILL NOT be cloned:
      • Billing Contact role

      • Name, Email address, Employee IDmceclip6.pngNOTE:  Below is an eSPACE logo you can use:

  13. On the eSPACE SSO Setup page, adjust the User Provisioning setting as desired. Be sure to set the appropriate Integration Adminmceclip5.png

NOTE:  Under User Provisioning, if you choose "Create a new login account and allow them immediate access" there is a chance a duplicate user account could be created if a single user has been using an alias or had a name change resulting in a new email address.

 
 
GRAPHIC CTAs-ES.png