SSO Setup Instructions for Azure IdP Humanity HelpDesk - SSO Setup Instructions for Azure IdP

Popular help topics: Scheduling, Setup, Time Clock, Leave Request

SSO Setup Instructions for Azure IdP

   
From your    
Computer                                                                        Applies to    Manager


Objective

The objective of this tutorial is to show the integration of Azure and Humanity. After completing this tutorial, the Azure AD users you have assigned to Humanity will be able to single sign into the application at your Humanity company site (service provider initiated sign on) or using the Introduction to the Access Panel.
 

Things to know before you begin:

To configure Azure AD integration with Humanity, you need the following items:

  1. An Azure AD subscription.
  2. A Humanity single-sign-on enabled subscription.
  3. You should have at least one active directory created on Azure.

The scenario outlined in this tutorial consists of the following building blocks:

  1. Enabling the application integration for Humanity
  2. Configuring single sign-on
  3. Configuring user provisioning
  4. Assigning users

Enabling the Application Integration for Humanity


Step 1: Login to https://portal.azure.com and click Azure Active Directory as shown in Image 1
 

User-added image

Image 1


Step 2: Click Enterprise Applications as shown in Image 2
 

User-added image

Image 2


Step 3: Click New application Tab as shown in Image 3
 

User-added image

Image 3


Step 4: Under Add from the gallery textbox type "Humanity", Humanity Application will pop up as shown in Image 4
 

User-added image

Image 4


Step 5: Click on "Humanity". The description of this app will be shown, click Add as shown in Image 5
 

User-added image

Image 5

Back to Top

Configuring single sign-on


Step 1: The Quick Start page will open. Click Configure single sign-on (required) as shown in Image 6
 

User-added image


Image 6
 

Step 2: From the Single Sign-on Mode drop-down select SAML-based Sign-on as shown in Image 7
 

User-added image


Image 7
 

Step 3: Now login to your Humanity account in a new browser tab and go to Settings (Gear icon), then click Single Sign-On tab from the left panel. Check the boxes next to SAML Enabled and Allow Password Login options as shown in Image 8
 

User-added image

Image 8
 

Step 4: Copy the SAML Login URL as shown in Image 9

Step 5: Switch to the tab where you opened Azure and paste it to Sign on URL and Identifier (Entity ID) text boxes. In Identifier (Entity ID) textbox replace the “includes/
samlwith “app” as shown in Image 9

Step 6: From the User Identifier drop-down select "user.email" as shown in Image 9

 

User-added image

Image 9
 

Step 7: Scroll down the page, and click Configure Humanity as shown in Image 10
 

User-added image

Image 10
 

Step 8: Scroll down the opened panel to Quick Reference section and do the following as shown in Image 11

  • Copy Azure AD Single Sign-On Service URL (in this example it’s https://login.microsoftonline.com/dff1b1c5-d5d2-4483-bf02-866215073ed0/saml2 ) and paste it into the SAML Issuer URL textbox on Humanity.
 
  • Copy Azure AD Sign Out URL (in this example it’s https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0 ) and paste it into the Remote Logout URL textbox on Humanity.
 
  • Click Download Azure AD Signing Certificate (Base64 encoded) link. When the file downloads, open it from a text editor (like Notepad in Windows, TextEdit on Mac, gedit on Linux, Sublime Text, etc.).
 
User-added image

Image 11

Once you have completed the steps, you will be able to view the content as shown in Image 12

Step 9: Copy the content, and paste it into the X.509 Certificate textbox on Humanity

 
User-added image

Image 12
 
When it's completed, the form on Humanity side would look like Image 13

Step 10: Click Save Settings tab
 

User-added image

Image 13

Back to Top

Configuring User Provisioning

Provisioning of users is a manual process. The azure administrator should add all the users from Azure to Humanity, make sure that Humanity emails and Azure usernames match, and activate Humanity user profiles so they can log in to Humanity. If there is no user profile on Humanity side with an email that matches username of currently signed in Azure user, the error message like this will pop up:
 
User-added image

Note: Humanity Single Sign-On feature uses SAML 2.0 and email as a unique identifier of a user.

Back to Top

Assigning Users


Close both Configure sign-on and Single Sign-on panels. Now you need to assign some users from Azure Active Directory to newly created Humanity application to allow them to use it.

Step 1: Click Users and groups and Click + Add user, as shown in Image 14, it will redirect you to a new panel named Add Assignment.


 
User-added image

Image 14

Step 2: Click None Selected and from the right side panel, check the boxes next to the name of the users who should have access to Humanity via Azure. Click Select tab once the selection is complete as shown in Image 15
 
User-added image

Image 15

Step 3: Click Assign tab to assign selected users as shown in Image 16

 
User-added image
 

Image 16

When successful, the popup message would appear on your screen as shown below:

 
User-added image

Now, you would need to add corresponding users on Humanity.

Step 4: Go to Staff tab, click Add Employees, Enter their First Name, Last Name and Email address so that their emails match Azure usernames or import employees by creating
a .CSV file/.XLSX file as shown in Image 17
 
User-added image
Image 17

Note: After adding the employees, you will be prompted to assign them position/s which is an optional step. Also, to allow users to log in, their profiles must be activated.

Back to Top

Related Articles:

  1. Importing Employees From a .csv/.xlsx file
  2. Send Activation Emails / Manually Activate
  3. Not Activated / Bulk Activation

If you have any queries, please don't hesitate to reach us at support@humanity.com. Happy Scheduling!