- Only Admins can use this feature
Setting up a new SSO integration for Azure with SAML
You need to be an Admin on TravelPerk and Azure to configure a new SSO integration following these steps:
- Go to Account Settings
- Select Integrations
- Find the SSO integration and click Set up
- Select SAML and click New integration
Once you've created a New integration, you'll need to configure it:
- Open Azure, go to the Active directory and select Enterprise Applications
- Click New Application and Search for TravelPerk
- Add a name for the app and click Create
- Open the newly created TravelPerk app and go to the Getting Started section. Under Select a single sign-on method, enable the SSO and click SAML.
TravelPerk configurations for Azure
- Copy the SP entity URL and paste it into the Reply URL (Assertion Consumer Service URL) on Azure
- Copy the SP entity ID and paste it into Identifier (Entity ID) on Azure
- In the Sign on URL, enter your TravelPerk subdomain using the following format:
- Next to User Attributes & Claims, click Edit and click on the attribute name to edit it. The Attributes must be exactly the same as the following table, including punctuation:
Claim name/Name Value/Source attribute givenname user.givenname surname user.surname name user.userprincipalname emailaddress user.userprincipalname Unique User Identifier user.userprincipalname - Once these steps are completed, Azure will generate the IdP x509 certificate
Azure configurations for TravelPerk
- Copy the Azure AD Identifier from section 4 and paste it into the IdP entity ID on TravelPerk
- Copy the Login URL from section 4 and paste it into the IdP SSO service URL on TravelPerk
- Copy the URL from the App Federation Metadata Url in section 3 and the SAML Sign In certificate and paste it into your browser
- Look for <X509Certificate></X509Certificate>and copy the text in between - this is your certificate
- Once copied, paste it into the Idp x509 cert on TravelPerk. In the browser, it will look similar to the screenshot below. We don't need the <X509Certificate></X509Certificate> tags.
- On TravelPerk, click Create integration
Add users to the TravelPerk app on Azure
You need to add users to the TravelPerk app on Azure before they can sign in.
- In the Azure app overview page, go to Manage
- Select Users and groups
- Click Add user and in the Add Assignment box, select Users and groups
- In Users and groups, select the users you want to give access to TravelPerk
- Click Select
If you have doubts about how to assign users to TravelPerk from Azure, see the Microsoft build guide.
Test your set up
- Open your browser in an incognito window
- Go to your TravelPerk subdomain:
- If you can sign in with SSO through Azure, your application was successfully set up