Set up SSO for Azure (SAML)

  • Only Admins can use this feature

Setting up a new SSO  integration for Azure with SAML

You need to be an Admin on TravelPerk and Azure to configure a new SSO integration following these steps:

  1. Go to Account Settings
  2. Select Integrations
  3. Find the SSO integration and click Set up
  4. Select SAML and click New integration

Once you've created a New integration, you'll need to configure it:

  1. Open Azure, go to the Active directory and select Enterprise Applications

    Screenshot_2020-11-11_at_14.08.40.png     

  2. Click New Application and Search for TravelPerk
  3. Add a name for the app and click Create
  4. Open the newly created TravelPerk app and go to the Getting Started section. Under Select a single sign-on method, enable the SSO and click SAML.

    Screenshot_2020-11-11_at_20.13.41.png

 

TravelPerk configurations for Azure

  1. Copy the SP entity URL and paste it into the Reply URL (Assertion Consumer Service URL) on Azure
  2. Copy the SP entity ID and paste it into Identifier (Entity ID) on Azure
  3. In the Sign on URL, enter your TravelPerk subdomain using the following format: https://{yourcompanyname}.travelperk.com

    Screenshot_2020-11-18_at_09.31.43.png
    Screenshot_2020-11-11_at_20.15.08.png

  4. Next to User Attributes & Claims, click Edit and click on the attribute name to edit it. The Attributes must be exactly the same as the following table, including punctuation:

    Claim name/Name Value/Source attribute
    givenname user.givenname
    surname user.surname
    name user.userprincipalname
    emailaddress user.userprincipalname
    Unique User Identifier user.userprincipalname
    image__23_.png
    Screenshot_2021-01-26_at_18.37.20.png
    image__24_.png
  5. Once these steps are completed, Azure will generate the IdP x509 certificate

 

Azure configurations for TravelPerk

  1. Copy the Azure AD Identifier from section 4 and paste it into the IdP entity ID on TravelPerk
  2. Copy the Login URL from section 4  and paste it into the IdP SSO service URL on TravelPerk

    copy-configuration-urls.png
  3. Copy the URL from the App Federation Metadata Url in section 3 and the SAML Sign In certificate and paste it into your browser
  4. Look for <X509Certificate></X509Certificate>and copy the text in between - this is your certificate
  5. Once copied, paste it into the Idp x509 cert on TravelPerk. In the browser, it will look similar to the screenshot below. We don't need the <X509Certificate></X509Certificate> tags.

    Screenshot_2020-11-11_at_20.36.41.png
    Screenshot_2020-11-18_at_09.32.47.png

  6. On TravelPerk, click Create integration

 

Add users to the TravelPerk app on Azure

You need to add users to the TravelPerk app on Azure before they can sign in.

  1. In the Azure app overview page, go to Manage
  2. Select Users and groups
  3. Click Add user and in the Add Assignment box, select Users and groups
  4. In Users and groups, select the users you want to give access to TravelPerk
  5. Click Select

If you have doubts about how to assign users to TravelPerk from Azure, see the Microsoft build guide.

 

Test your set up

  1. Open your browser in an incognito window
  2. Go to your TravelPerk subdomain: https://{yourcompanyname}.travelperk.com
  3. If you can sign in with SSO through Azure, your application was successfully set up 

Was this article helpful?