Follow

How to setup single sign-on for Citation HR with Azure Active Directory (Non-Gallery Application)

This article details the steps that need to be taken within Azure Active Directory before attempting to configure SAML 2.0 SSO setup with Citation HR Software and Azure Active Directory serving as the Identity Provider.

These instructions illustrate how to configure Microsoft Azure Active Directory (AD) as the IdP for Citation HR Software. Please refer to the Azure documentation for additional information about the steps in the Azure portal.

Please Note: Configuring and installing Azure Active Directory is beyond the scope of this guide.

Additionally, this guide is for setting up Azure Active Directory as "Authentication Only" mode in Citation HR Software.

Pre-requisites

Please ensure that you have the following before you start configuring Azure AD as the IdP:

  • a Premium Azure Active Directory subscription (Premium P1 is the minimum level at which SAML SSO becomes available with non-gallery applications);

  • An Existing instance of Azure Active Directory.

Steps

Adding Citation HR Software as a Non-Gallery Application

1.  In the Azure portal, on the left navigation pane, click "Azure Active Directory".

1Dashboard_-_Microsoft_Azure.png
2. Click "Enterprise applications".

Dashboard_-_Microsoft_Azure.png
3. Click "New application".

Enterprise_applications_-_Microsoft_Azure.png
4. Click Create your own application and enter Citation HR and select the Non-gallery option.

5. Click "Create".

Configuring SAML SSO in Azure To configure SAML SSO in Azure:

1. In the Azure portal, on the left navigation pane, click "Azure Active Directory".

1Dashboard_-_Microsoft_Azure.png

2. Click "Enterprise applications".

Dashboard_-_Microsoft_Azure.png


3.  Click the "Citation HR" application you added in step 4 above.

4.  Click "Single sign-on".

5Dashboard_-_Microsoft_Azure.png 

5.  For "Single Sign-on Method", choose "SAML".

For the field "Identifier (Entity ID)" use https://login.hrassured.com/app/saml

For the field "Reply URL (Assertion Consumer Service URL" use https://login.hrassured.com/app/saml

User Attributes - for "User Identifier", select "user.mail".

For all other attributes, edit them so they match the below values

Enter the following values and then click "Save".
mceclip4.png

 Please note: The name of the attribute MUST be exactly as shown below (spaces included). It will cause issues if there are any deviations to the name.

NAME

VALUE

Email / User ID

user.mail

Name ID

user.mail

First Name

user.givenname

Last Name

user.surname

Note: Remove ALL namespaces under each of the "Additional Claims" section

Please see below for a visual reference of how the screen should look like.

6.  Download the Metadata XML file as you will need the contents of this XML in the Citation HR settings.

 

After the Metadata XML is downloaded, it needs to be made available to Client Success team so that we can continue with the rest of the set up on our side.

Additionally, you will need to send Citation HR your User Access URL. You can find your User Access URL in the "Enterprise Application" -> "Properties" section (Please see screenshot below)

Once SAML SSO has been configured, we will test the login by getting you to try to login from Azure AD.

Note #1: If you get this screen, try to login once more from Citation HR/Office Portal and you will be redirected to the correct screen. This issue only occurs for the first time a user is trying to login via SSO. This is issue is on our bug backlog and will be fixed soon FIXED DECEMBER 2021

mceclip5.png

Note #2: If you or your users receive this error screen

mceclip0.png

the Login URL in your Citation HR SSO setup page needs to have the correct login URL entered. For example: 

against the Citation HR Settings > Account Settings > Security > SSO > Login URL

mceclip2.png