Skip to main content
Version: 8.0All Creatio products

Single Sign-On via Azure AD

note

This article is relevant to Creatio version 8.0.3 and later. If you need to set up integration with Creatio version 8.0.2 and earlier for testing purposes or to look for errors, follow the instructions for Creatio version 7.18.

You can integrate Creatio with Azure Active Directory (Azure AD) to manage single sign-on for all Creatio users that work in the corporate network.

Important

The example uses the https://site01.creatio.com/Demo_161215/ Creatio URL. Replace these URLs with the corresponding URLs of your sites when you perform the actual setup.

In general, the following steps are required to set up Single Sign-On in Creatio:

  1. Download the file that contains the integration metadata. Read more >>>
  2. Perform the setup in Azure AD. Read more >>>
  3. Perform the setup in Creatio. Read more >>>

Download the metadata

  1. Click the button to open the System Designer.
  2. Click Single Sign On configuration.
  3. Click . This opens a drop-down menu.
  4. Select "Azure AD." This opens the setup page.
  5. Click Get metadata.
  6. Save the file to your local machine. Then upload it to the Azure portal to speed up the configuration.

Perform the setup in Azure AD

To configure the settings below, register Creatio in the administrator account of the enterprise identity service of Azure Active Directory (Azure AD). Learn more in the Microsoft documentation.

  1. Add a new SSO application (Trusted Relaying Party) to Azure AD:

    1. Open the Enterprise applications section → All Applications.
    2. Click New application.
    3. Select "Creatio" in the Add from the gallery section and add the application. Learn more in the Microsoft documentation: Add Creatio from the gallery.

  2. Open the Single sign-on section and specify the following parameters:

    1. Select "SAML" in the Single Sign-on Mode parameter.
    2. Enter the full website name, for example, https://site01.creatio.com/Demo_161215/, in the Identifier parameter.
    3. Enter the full website name and /ServiceModel/AuthService.svc/SsoLogin address, for example, https://site01.creatio.com/Demo_161215/ServiceModel/AuthService.svc/SsoLogin, in the Reply URL parameter.

  3. Save the following data to perform the setup in Creatio (Fig. 1):

    • Azure AD Identifier
    • Login URL
    • Logout URL
Fig. 1 Data required to perform the setup in Creatio
Fig. 1 Data required to perform the setup in Creatio
note

By default, Azure AD passes the following fields to Creatio: Given name, Surname, Email address, Name. The email address serves as the username.

Perform the setup in Creatio

Follow these steps to set up single sign-on in Creatio:

  1. Click the button to open the System Designer.

  2. Click Single Sign On configuration.

  3. Click . This opens a drop-down menu.

  4. Select "Azure AD." This opens the setup page.

  5. Fill out the following parameters:

    1. Enter the unique identifier you got while setting up Azure AD in the Azure identifier parameter.
    2. Enter the URL of the identity provider’s single sign-on in the SingleSignOnServiceUrl parameter. For Azure AD, this is usually https://login.microsoftonline.com/<azure account="" id="">/saml2. Find out the settings of the added connector in the Azure account.
    3. Enter the URL of the identity provider’s single sign-off in the SingleLogoutServiceUrl parameter. For Azure AD, this is usually https://logout.microsoftonline.com/\<azure account="" id="">/saml2. Find out the settings of the added connector in the Azure account.

  6. Fill out the provider's name to display on the Creatio login page in the Display name field.

  7. Turn on Just-In-Time Provisioning (optional). This mechanism automatically creates the corresponding Creatio user account with proper data from the identity provider, such as user group, employee name, contact information, etc. To do this, select the Create and update users data when log in (Just-In-Time Provisioning) checkbox and map the fields.

    Fig. 2 Set up Just-In-Time Provisioning
    Fig. 2 Set up Just-In-Time Provisioning

  8. Define your provider.

    For Creatio version 8.0.9 and later

    Slect the Default provider checkbox.

    For Creatio version 8.0.7 - 8.0.8

    Specify the provider in the "Default SSO provider" system setting ("DefaultSsoProvider" code) and save the changes. Instructions: Manage system settings.

    For Creatio version 8.0.3 – 8.0.6

    Select your provider in the SSO identity provider field and save the changes.

  9. Test whether the provider is working correctly (optional).

    For Creatio version 8.0.7 and later

    Open the provider page and click Test Sign In.

    For Creatio version 8.0.3 – 8.0.6

    Click Test (Fig. 3).

    Fig. 3 Test the provider
    Fig. 3 Test the provider

See also

Single Sign-On via OneLogin

Just-In-Time User Provisioning

Azure Active Directory Seamless Single Sign-On: Quickstart (Azure Active Directory product documentation)

Azure AD portal (open the Azure AD portal)

Instructions on publishing your application in the gallery (Microsoft documentation)