All Collections
SSO & SCIM User Provisioning
How to set up SSO for Microsoft Azure AD (with JIT UP)
How to set up SSO for Microsoft Azure AD (with JIT UP)

Explains how to set up Single Sign on with Just in Time User Provisioning for Microsoft Azure AD

T
Written by Thomas Papen
Updated over a week ago

Log into Azure portal

1. Log in to your Azure portal and go to “Enterprise applications”

Create the Tribeloo SSO / User Provisioning application

If you are setting up the Tribeloo - Azure integration for the first time, you will need to create a new application. Otherwise, skip to step 4

2. Select '+ New application'

3. Search 'Tribeloo', select Tribeloo from the list and click on create

Set up SSO

4. Search for and open the Tribeloo app. Careful! There can be 2 Tribeloo apps: 1 for providing access to the Outlook calendar of employees for the Outlook add-in and one for the SSO / User Provisioning. Please make sure to select the 2nd one.

5. Select “Set up single sign on”

6. Select “SAML”

7. Setup the Basic SAML Configuration

8. You can also manage the users or groups of users in your organization that have access to the application

9. That’s it for the setup on the Azure side, but we still need to get some data to the Tribeloo side: the Azure generated values for Login URL and Azure AD Identifier will be used on the SSO configuration page in Tribeloo. We also need to download the Certificate (Base64)

10. Now open the Tribeloo app, and navigate to the Menu (1), Admin (2) and then select User Management (3) and then the SSO (4) tab

11. We can now fill the Azure data into the Tribeloo SSO configuration form

  • The value of the Azure AD Identifier field from Azure should be filled in the Issuer URL field on the Tribeloo form

  • The value of the Login URL field from Azure should be filled in the Tribeloo field named SSO login URL

  • !! Note that these two values are in a different order on the Azure form and the Tribeloo form

  • The content of the downloaded certificate should be put in the field named Certificate on the Tribeloo form (open it with Notepad and copy all text)

  • Don't forget to Save and then Enable SSO

Optional: Just In Time User Provisioning with SSO

This is recommended if you are not planning to set up SCIM or manual provisioning

Two additional user claims can be added to the SSO setup in Azure AD to improve Just in Time user provisioning with Tribeloo:

  • “Tribeloo.displayname” will allow the Tribeloo Username to be mapped to the “user.displayname” available in Azure AD

    • If this mapping is not available, user email is used as Tribeloo Username

  • “Tribeloo.site” will allow the user to be provisioned directly to a “Home site” in Tribeloo if the value received corresponds to the name of a Tribeloo site

    • If this mapping is not available or doesn’t match to a Tribeloo site, user will be created without “Home site” (Site= None).

    • Reach out to support if the site names in Azure AD do not match the site names in Tribeloo

12. In the “Single sign-on” tab, click “Edit user attributes & claims”

13. Set up the additional user claims as shown below

  • Map “Tribeloo.displayname” to “user.displayname”

  • Map “Tribeloo.site” to the value that will provide the name of the Home site in Azure AD. In this example this is user.physicaldeliveryofficename.

If you have questions or difficulties with your Tribeloo/Azure AD SSO integration, please contact Tribeloo support via support@tribeloo.com

Did this answer your question?