The guide takes you through the steps to setup Single Sign On between Microsoft Azure and CustomerGauge. This will allow users to login using their Microsoft Azure Credentials to log into CustomerGauge.
In Microsoft Azure Portal
- From the menu, go to your Azure Active Directory
- From the Azure Active Directory menu, go to the Enterprise Applications
To facilitate the Single Sign-on, you need to create a new application.
Go to the Manage --> All Application
Click on the "New Application" button, you can find this on the top of the page
Select the Non Gallery Application, you can put any name you want for the application (for the purpose of this guide we will name it CGSSO). Add the application
Configure the Single Sign-on settings
Choose the "SAML -based Sign-on" as the Single Sign-on mode
Configure the Domain & URLs
Identifier: Login to your CustomerGauge platform and go to the SingleSignOn Manager. Enable the SSO if it has not been enabled before and copy the Entity ID information you find at the bottom. Remember to remove the trailing slash from the URL when you paste it.
Reply URL: Login to your CustomerGauge platform and go to the SingleSignOn Manager. Enable the SSO if it has not been enabled before and copy the Assertion Consumer Service URL information you find at the bottom. Remember to remove the trailing slash from the URL when you paste it.
User Identifier: User.mail
Check the box of "View and edit all other user attributes"
Delete givenname, surname, and name attributes
Edit the emailaddress attributes
Change name to email
Remove the value from the namespace
Create the following attributes
Name Value Mandatory customergauge_user_role Choose from the following
No. If it is not specified, the default role will be "User" organization_id Add your tenant id here
- Go to Azure Active Directory
- Go to Manage --> Properties
- Copy the Directory ID. This is your tenant ID
user_division It is particularly useful in case you have a hierarchy setup in CG.
We will use this attribute to link the user to a specific division or department.
No. If it is not specified, the default value will be "Global" user_firstname user.givenname No user_lastname user.surname No user_country User's country (in 2 digit ISO code) No user_telephone user.telephone No
Create new certificate
Select SHA-1 or SHA-256 as the signing algorithm
Check the "Make unused certificate active"
Download the certificate
Click the configure CGSSO
Copy the following information
- SAML Single Sign-On Service URL
- SAML Entity ID
Go back and Save
- Go to the Single Sign-On Manager inside the CustomerGauge platform, it will be under the Setup Menu. If the SSO is disabled, please enable it first.
- Enter the following information
- Entity ID: Enter the SAML Entity ID value you copied previously
- Identity Provider: Microsoft
- Single Sign ON Service URL: Enter the SAML Single Sign-On Service URL value you copied previously
- Open the certificate you downloaded previously in a text editor, copy and paste the content in to the Certificate box
- Calculate the certificate fingerprint
- Go to this website https://www.samltool.com/fingerprint.php
- Paste the certificate content to the X.509 CERT field
- Chose sha-1 or sha-256 as the algorithm
- Calculate the fingerprint
- Copy the formatted fingerprint result
- Paste it
- Tenant ID: enter your azure tenant ID
Congratulations, now you can use Microsoft Azure credentials to login to your CustomerGauge account