Azure AD SSO integration with Perkbox

PREREQUISITES

  • Ensure that all Azure AD users of the Perkbox application have a valid Azure AD license applied
  • Note: the Azure AD user’s profile needs to have the usage location field specified to a country in order to be assigned an Azure AD license
  • Ensure that all Azure AD users have their first name and last name set under their Azure AD user profile
  • Under the Azure AD user’s profile, check and NOTE whether the user’s email address is recorded either under the Email LDAP field or under the Alternate Email LDAP field

ADDITIONAL DOCUMENTATION RESOURCES

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-custom-apps

INSTRUCTIONS

1.On Azure Portal, Add new Enterprise Application 

  • Add a Non-gallery application assign a meaningful name, e.g. Perkbox
  •   Assign Azure AD user(s) to your newly created application for Perkbox
  • Configure SSO
  • Select SAML-based Sign On option from drop down
  • Have your customer Perkbox Admin portal open, on the SSO configuration section

IMPORTANT NOTE: need to first generate a metadata XML file your IdP (in this case, Azure AD) to upload to your Perkbox Admin SSO configuration page in order to obtain your unique Identifier URL

2.On the Perkbox Admin portal

  1. Head to the Admin Dashboard
  2. Access 'Login & Integrations' > 'Set up SSO'

  • Under SAML Request Type section of Step 1
  • Check off Requires AuthNRequest box
  • under the SAML Request Name field, enter SAMLRequest
  • under the SAML Request Issuer field, this is an unique URL (problem is that you can’t obtain the unique URL without getting to Step 2)
  • First enter the URL, https://sso.perkbox.com/v1/provider/
  • Hit CONTINUE button
  • Under STEP 2 section, copy the unique string next to Value: (NOTE: ignore the URL next to Key: )
  • Go back to the SAML Request Issuer field from Step 1 section
  • Append the string to the end of the URL under SAML Request Issuer field, e.g. https://sso.perkbox.com/v1/provider/ YOUR_VALUE_FROM_STEP_2_SECTION_HERE
  • Hit the CONTINUE button again
  • Hit Test & Save, keep the page open
  • Go back to the Azure portal, Enterprise Application SSO configuration page to continue

3. Continuing configuration from the Azure portal, Enterprise Application SSO configuration page section

  • Save configuration under Azure
  • Scroll down to the User Attributes section
  • Click on View and edit all other user attributes checkbox to reveal more options
  • There will be four metadata attribute rows
  • Copy this URL into your clipboard, https://sso.perkbox.co.uk/SAML/Attributes/User
  • Update the row with name “givenname” to FirstName, and replace the Namespacedefault URL with the URL saved in your clipboard
  • Update the row with name “surname” to LastName, and replace the Namespacedefault URL with the URL saved in your clipboard
  • Update the row with name “emailaddress” to Email and replace the Namespace default URL with the URL saved in your clipboard
  • NOTE: check where your Azure AD users email address is stored under their profile
  • If your Azure AD users have their email addresses listed under the LDAP field Email, then keep the Value field at default, user.mail
  • Otherwise, if your Azure AD users have their email addresses listed under the LDAP field Alternate Email, then change the Value field from user.mail to user.othermail
  • The last metadata attribute row does not require modification
  • SAVE the new SSO configuration
  • Download the metadata XML file

4. Go to the Perkbox Admin portal SSO configuration page

  • Upload the new metadata XML file from Azure
  • Hit Continue button
  • Hit Test & Save
  • Should be successful
Did this answer your question?