In this article you will find the necessary steps to configure a connection between Azure and Mosaic's authentication platform to establish a Single-Sign-On experience for your enterprise users using Mosaic.
If at any time there are questions or issues with the connection, please reach out to support@mosaic.pe for assistance.
Azure Configuration
- Navigate to your Azure Admin Portal > Enterprise Applications and choose New Application, then Create your own application
- Enter "Mosaic" as the name of the app, and choose a Non-gallery application
- Within the "Set up single sign on" section, choose SAML
- Within the Set up Single Sign-On with SAML, edit the Basic SAML Configuration.
- Add an identifier under the Identifier (Entity ID) section as:
urn:amazon:cognito:sp:us-east-1_snwpaAR4h
- Add a Reply URL as:
- Press Save to exit the Basic SAML Configuration area
- Ensure that the givenname, surname, and emailaddress attributes are set in the Attributes & Claims section.
- Copy the App Federation Metadata Url value from the SAML Certificates section, and email to support@mosaic.pe
- In the Users & Groups section, assign access to Mosaic to the users within your organization.
Mosaic Configuration
Once you have completed the steps above, please email support@mosaic.pe with the metadata from Step 9, as well as a list of all possible domains that might be authenticating via your Azure instance. For example: yourdomain.com, yourdomain.net, etc.
SSO User Provisioning
Mosaic supports user provisioning to enable Entra ID to automatically create and disable user accounts within Mosaic depending on their application access. We recommend following the additional steps to enable this functionality. Note this can only be completed once SSO has been successfully established for your organization.
1. Obtain your Provisioning Token
- Login to Mosaic as a user with admin permissions.
- Navigate to your organization admin page by clicking on your account name in the top right corner, and selecting "Admin"
- Navigate to the "Integrations" page using the left sidebar
- Find the SCIM User Provisioning integration, and click "Install", and then "Generate Token".
- Copy the Base URL and API Token
Note: The token is only visible once and is valid for 365 days. Creating a new token will invalidate the previously used token.
2. Setup Provisioning in Entra
- Navigate to the Mosaic Enterprise Application
- Navigate to Manage > Provisioning on the left sidebar
- Click "New configuration" on the top bar
- Paste the URL and token copied from the previous section into the tenant details and click Test Connection.
- If the test is successful, complete the setup by clicking the "Create" button at the bottom of the screen.
Provisioning is now complete. If you experience any difficulty in setting up provisioning or any errors caused by provisioning requests, please email us at support@mosaic.pe for further assistance.
Comments
0 comments
Please sign in to leave a comment.