[How-to] Configure Azure AD Single Sign-on (SSO) Integration With EZOfficeInventory

azure ad sso

In this article, we’ll guide you on how to integrate EZOfficeInventory with Azure Active Directory (AD). When you integrate EZOfficeInventory with Azure AD, you can:

  • Control in Azure AD who has access to EZOfficeInventory.
  • Enable your users to be automatically signed-in to EZOfficeInventory with their Azure AD accounts.
  • Manage your accounts in one central location i.e. the Azure portal.

To learn more about Single Sign-on with Azure AD, click here.

1. Prerequisites

To get started, you will require the following items:

  • An Azure AD subscription. If you don’t have a subscription, you can get a free account.
  • EZOfficeInventory single sign-on (SSO) enabled subscription.

2. Scenario Description

In this support blog, you configure and test Azure AD SSO in a test environment.

  •  EZOfficeInventory supports Service Provider initiated SSO
  • EZOfficeInventory supports Just In Time user provisioning

Note: The identifier of this application is a fixed string value so only one instance can be configured in one tenant.

3. Adding EZOfficeInventory from Gallery

In order to configure the integration of EZOfficeInventory into Azure AD, you need to add EZOfficeInventory from the Azure Gallery to your list of managed SaaS apps.

  1. Sign in to the Azure portal by using either your work or school account, or a personal Microsoft account.
Image for post

2. On the left navigation pane, go to the ‘Azure Active Directory’ service.

Image for post

3. Next navigate to ‘Enterprise Applications’.

Image for post

4. Here you have to select ‘All Applications’.

Image for post

5. To add a new application, click on ‘New application’.

Image for post

6. In the Browse Azure AD Gallery section, write ‘EZOfficeInventory’ in the search box.

7. Choose EZOfficeInventory from the results panel and then add the app by clicking on ‘Create’.

Wait a few seconds for the app to be added to your tenant.

4. Configure and Test Azure Single Sign-On for EZOfficeInventory

Configure and test Azure AD SSO with EZOfficeInventory using a test user, let’s call him, Rose Holt. For SSO to work correctly, you need to establish a link relationship between an Azure AD user and the related user in EZOfficeInventory.

To configure and test Azure AD SSO with EZOfficeInventory, complete the following building blocks:

  1. Configure Azure AD SSO to allow your users to use this feature.
    – Create an Azure AD test user — to test Azure AD single sign-on with Rose Holt.
    – Assign the Azure AD test user — to allow Rose Holt to use Azure AD single sign-on.
  2. Configure EZOfficeInventory SSO to configure the single sign-on settings on the EZOfficeInventory application side.
    Create an EZOfficeInventory test user to have a counterpart of Rose Holt in EZOfficeInventory that is linked to the Azure AD representation of a user.
  3. Test SSO to verify whether the configuration is working.

5. Configure Azure AD SSO

Follow these steps to enable Azure AD SSO in the Azure portal.

  1. In the Azure portal, on the EZOfficeInventory application integration page, go to the Manage section and select ‘Single sign-on’.

2. From the Select a single sign-on method page, select ‘SAML’.

3. On the Set up single sign-on with SAML page, click the ‘Edit’ button for Basic SAML Configuration to edit the settings.

4. In the Basic SAML Configuration section, enter the values for the following fields:

Type the following in these data fields:

  • Identifier (Entity ID): ezofficeinventory.com
  • Reply URL (Assertion Consumer Service URL): https://<SUBDOMAIN>.ezofficeinventory.com/users/auth/saml/callback
  • Sign-on URL: https://<SUBDOMAIN>.ezofficeinventory.com/users/sign_in

Note: Replace the “subdomain” text with the subdomain in your company’s EZOfficeInventory account URL. You can also contact the EZOfficeInventory team at support@ezofficeinventory.com for this value. Refer to the patterns displayed in the Basic SAML Configuration section in the Azure portal for additional fields.

5. EZOfficeInventory application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The screenshot below shows the list of default attributes. Click ‘Edit’.

Image for post

Copy the claim name URLs for user.givenname, user.surname, and user.mail and paste them onto the Attributes fields required in Step 5 of Section 6.3.

Image for post

6. In addition to the above, the EZOfficeInventory application expects a few more attributes to be passed back in the SAML response (shown below). These attributes are also pre-populated but you can review them according to your requirements.

7. On the Set up single sign-on with SAML page, in the SAML Signing Certificate section, click on the ‘Add Certificate’ button, go to Certificate (Base64), select ‘Download’ to download the certificate, and save it on your computer for Step 2 of Section 6.3.

Image for post

8. On the ‘Set up EZOfficeInventory’ section, copy the Login URL for Step 1 of Section 6.3.

5.1 Create an Azure AD test user

In this section, you’ll create a test user called Rose Holt in the Azure portal.

  1. From the left pane in the Azure portal, go to Azure Active Directory, select Users, and then select All users.
Image for post

2. Select ‘New user’ at the top left of the screen.

Image for post

3. In the User properties, follow these steps:

  • In the Name field, enter ‘Rose Holt’.
  • In the User name field, enter the username@companydomain.extension. For example, ‘roseholt@ezofficeinventory.com’.
  • Check the Show password box, and then write down the value that’s displayed in the Password box.
Image for post
  • Hit ‘Create’.

5.2 Assign the Azure AD test user

In this section, you’ll enable Rose Holt to use Azure single sign-on by granting access to EZOfficeInventory.

  1. In the Azure portal, go to Enterprise Applications, and then select All applications.
  2. In the list of applications, select EZOfficeInventory.
  3. In the app’s overview page, go to the Manage section, and select ‘Users and groups’.

4. Select ‘Add User’, then click on Users and Groups in the Add Assignment dialog.

5. In the Users and Groups dialog, choose Rose Holt from the Users list, then click the ‘Select’ button at the bottom of the screen.

6. If you want to display any role value in the SAML assertion, in the Select Role dialog, select the appropriate role for the user from the list and then click the Select button at the bottom of the screen.

7. In the Add Assignment dialog box, click the ‘Assign’ button.

Image for post

6. Configure EZOfficeInventory SSO

Once you have set up the EZOfficeInventory app on your preferred SAML identity provider i.e. Azure AD in this example, configure the settings in EZOfficeInventory from Settings → Add Ons → SAML Integration.

6.1 Whitelisting the IPs on SAML

Some identity providers require IPs to be whitelisted. Ensure that the following two IPs are whitelisted in your SAML settings:

1. 54.221.243.145

2. 50.16.201.234

6.2 Add EZOfficeInventory consumer service URL to your SAML settings in Azure AD

You can obtain the EZOfficeInventory consumer service URL from Settings → Add Ons → SAML Integration:

https://<Your Company Subdomain>.ezofficeinventory.com/users/auth/saml/callback

Copy and paste the EZOfficeInventory consumer service URL in the Reply URL field from the previous Step 4 of Section 5.1.

6.3 Fill in the configuration settings

You need to configure the following information in your EZOfficeInventory’s account (see image below to identify the fields):

Image for post

1. Unique Identity Provider URL: Find and copy your Login URL from Step 8 of Section 5.1 (see the image below). You will be required to paste this link in the ‘Identity Provider URL’ field while configuring EZOfficeInventory for SAML Integration.

2. Identity Provider Certificate: This certificate is unique for every Account Owner and is provided by the identity provider. Copy the text from Certificate (Base64) that you downloaded and saved from Step 7 of Section 5.1. (see image below).

Image for post

EZOfficeInventory will use the certificate to validate the response from your identity provider letting the user to login in using SAML.

Note: Be careful to follow the below format for the certificate when pasting it in the certificate field so EZOfficeInventory validates your identity provider’s certificate without any error. It’s as follows:

— –BEGIN CERTIFICATE — –

your certificate details here

— –END CERTIFICATE — –

3. Login Button Text: By default, it’s labeled as ‘Access through SAML SSO’. You can rename it to any other preferred text e.g. Access using Rose Holt Corp Login.

4. Clock Drift: A delay of a few seconds is possible when different time zones are involved to ensure that the response generated by a server remains valid.

5. Attributes required for SAML configuration: Last Name and Email attributes need to be present for EZOfficeInventory. These attributes/parameters have to be sent over to EZOfficeInventory from your identity provider. In Azure AD, you can copy these parameters from Step 5 and 6 of Section 5.1. Map these parameters in EZOfficeInventory. If your Last Name attribute in SAML is last_name, then fill in ‘last_name’ against the Last Name field. The same format has to be followed for the Email.

6. EZOfficeInventory Role by default: This option enables  you to add users as either Administrators or Staff Users.

Scroll to the top of the Add Ons page in EZOfficeInventory settings, and click ‘Update’. You now have a SAML-enabled EZOfficeInventory account.

This is how your SAML configuration settings should look like at the end:

6.4 Create EZOfficeInventory test user

In this section, a user named Rose Holt is created in EZOfficeInventory. EZOfficeIventory supports just-in-time user provisioning, which is enabled by default. There will be no action item for you in this section. If a user doesn’t already exist in EZOfficeInventory, a new one is created after authentication.

7.Test SSO

In this section, you will be able to test your Azure AD single sign-on configuration using the Access Panel.

When you click the EZOfficeInventory tile in the Access Panel, you should be automatically signed in to the EZOfficeInventory for which you set up SSO. For more information about the Access Panel, see Introduction to the Access Panel.

Read more: How to Implement User Provisioning via SCIM with Azure AD in EZOfficeInventory

About EZOfficeInventory

EZOfficeInventory is the leading asset tracking software. It allows you to track, maintain, and report on equipment from anywhere, at any time. We offer a free 15-day trial – no credit card required!


Don't forget to share this post!