The guide takes you through the steps to setup Single Sign On between Microsoft Azure and CustomerGauge. This will allow users to login using their Microsoft Azure Credentials to log into CustomerGauge.



In Microsoft Azure Portal


  1. From the menu, go to your Azure Active Directory



  2. From the Azure Active Directory menu, go to the Enterprise Applications


  3. To facilitate the Single Sign-on, you need to create a new application.

    1. Go to the Manage --> All Application

    2. Click on the "New Application" button, you can find this on the top of the page

    3. Select the Non Gallery Application, you can put any name you want for the application (for the purpose of this guide we will name it CGSSO). Add the application


    4. Configure the Single Sign-on settings

      1. Choose the "SAML -based Sign-on" as the Single Sign-on mode

      2. Configure the Domain & URLs

        1. Identifier: Login to your CustomerGauge platform and go to the SingleSignOn Manager. Enable the SSO if it has not been enabled before and copy the Entity ID information you find at the bottom. Remember to remove the trailing slash from the URL when you paste it.

        2. Reply URL: Login to your CustomerGauge platform and go to the SingleSignOn Manager. Enable the SSO if it has not been enabled before and copy the Assertion Consumer Service URL information you find at the bottom. Remember to remove the trailing slash from the URL when you paste it.

        3. User Identifier: User.mail

        4. Check the box of "View and edit all other user attributes"

          1. Delete givenname, surname, and name attributes

          2. Edit the emailaddress attributes

            1. Change name to email

            2. Remove the value from the namespace 

          3. Create the following attributes

            Name    
            Value
            Mandatory    
            customergauge_user_role            
            Choose from the following
            WorkflowUser
            User
            Admin
            No. If it is not specified, the default role will be "User"
            organization_id    
            Add your tenant id here
            • Go to Azure Active Directory
            • Go to Manage --> Properties
            • Copy the Directory ID. This is your tenant ID
            Yes            



                                                                               
            user_division
            It is particularly useful in case you have a hierarchy setup in CG.
            We will use this attribute to link the user to a specific division or department.
            No. If it is not specified, the default value will be "Global"
            user_firstname    
            user.givenname    
            No
            user_lastname
            user.surname
            No
            user_country
            User's country (in 2 digit ISO code)
            No
            user_telephone
            user.telephone
            No


        5. Create new certificate

          1. Select SHA-1 as the signing algorithm

          2. Check the "Make unused certificate active"

          3. Download the certificate

        6. Click the configure CGSSO

          1. Copy the following information

            1. SAML Single Sign-On Service URL
            2. SAML Entity ID
        7. Go back and Save 



In CustomerGauge

  1. Go to the Single Sign-On Manager inside the CustomerGauge platform, it will be under the Setup Menu. If the SSO is disabled, please enable it first.
  2. Enter the following information
    1. Entity ID: Enter the SAML Entity ID value you copied previously
    2. Identity Provider: Microsoft
    3. Single Sign ON Service URL: Enter the SAML Single Sign-On Service URL value you copied previously
    4. Open the certificate you downloaded prviously in a text editor, copy and paste the content in to the Certificate box
    5. Calculate the certificate fingerprint
      1. Go to this website https://www.samltool.com/fingerprint.php
      2. Paste the certificate content to the X.509 CERT field
      3. Chose sha1 as the algorithm
      4. Calculate the fingerprint
      5. Copy the formatted fingerprint result
      6. Paste it
    6. Tenant ID: enter your azure tenant ID 
  3. Save


Congratulations, now you can use Microsoft Azure credentials to login to your CustomerGauge account