SSO setup using Microsoft Entra ID
This how-to-guide describe how to set up SSO with Microsoft Entra ID with Conveyor. The first part covers the basic SSO setup and the second part explains how to add Groups to the SSO setup. Adding SSO groups is optional and this is primarily useful for larger organizations, that have groups in Microsoft Entra ID.
SSO setup
On a high level, the SSO setup consists of the following steps:
- You create a new Enterprise Application in Azure AD In order to connect to Conveyor, you will need to have the following information: the entity id and the reply url. You can ask for the values of these parameters to the Conveyor support team.
- You configure the necessary user attributes. The only required claim is the email address as this is the user identifier in Conveyor. If you want to use SSO groups, you will also need to configure the groups claim, for more information look here.
- After configuring these settings, you will be able to download the SAML metadata XML. Send this information to the Conveyor support team, such that they can configure it in a next step.
- (optional) If you already have users working with Conveyor and you have a test-domain to configure SSO, this is a recommended practice. This way the current users are not impacted and we can still fine-tune the settings.
- When everything is working correctly, we can switch to the production domain such that all users are using SSO.
Integrating SSO Group mapping with Microsoft Entra ID
Prerequisites
This feature requires that SSO login has been set up for your Conveyor installation. If that is not set up, please contact Conveyor support.