Skip to main content
Version: 8.1

Single Sign-On via Microsoft Entra AD

You can integrate Creatio with Microsoft Entra Active Directory (Microsoft Entra AD) to manage single sign-on for all Creatio users that work in the corporate network.

Important

This example uses the https://site01.creatio.com/Demo_161215/ Creatio URL. Replace these URLs with the corresponding URLs of your sites when you perform the actual setup.

The following steps are the general procedure required to set up Single Sign-On in Creatio:

  1. Download the file that contains integration metadata. Read more >>>
  2. Perform the setup in Microsoft Entra AD. Read more >>>
  3. Perform the setup in Creatio. Read more >>>

Download the metadata

  1. Click the button to open the System Designer.
  2. Click Single Sign On configuration.
  3. Click . This opens a drop-down menu.
  4. Select "Microsoft Entra AD (formerly Azure AD)". This opens the setup page.
  5. Click Get metadata.
  6. Save the file to your local machine, then upload it to the Microsoft Entra portal to speed up the configuration.

Perform the setup in Microsoft Entra AD

To configure the settings below, register Creatio in the administrator account of the enterprise identity service of Microsoft Entra AD. Learn more: Official vendor documentation.

  1. Add a new SSO application (Trusted Relaying Party) to Microsoft Entra AD:

    1. Open the Enterprise applications section → All Applications.
    2. Click New application.
    3. Select "Creatio" in the Add from the gallery section and add the application. Learn more: [Official vendor documentation]](https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/bpmonline-tutorial#add-creatio-from-the-gallery).

  2. Open the Single sign-on section and specify the following parameters:

Parameter

Parameter Value

Single Sign-on Mode

Select SAML in this field.

Identifier

The full name of the website, for example: https://site01.creatio.com/Demo_161215/.

Reply URL

The full website name and /ServiceModel/AuthService.svc/SsoLogin address, for example: https://site01.creatio.com/Demo_161215/ServiceModel/AuthService.svc/SsoLogin

  1. Save the following data to perform the setup in Creatio (Fig. 1):

    • Microsoft Entra AD Identifier
    • Login URL
    • Logout URL
Fig. 1 Data required to perform the setup in Creatio
Fig. 1 Data required to perform the setup in Creatio
note

By default, Microsoft Entra AD passes the following fields to Creatio: Given name, Surname, Email address, Name. The email address serves as the username.

Perform the setup in Creatio

Follow these steps to set up single sign-on in Creatio:

  1. Click the button to open the System Designer.
  2. Click Single Sign On configuration.
  3. Click . This opens a drop-down menu.
  4. Select "Microsoft Entra ID (formerly Azure AD)". This opens the setup page.
  5. Fill out the following parameters:

Parameter

Parameter Value

Microsoft Entra identifier

The unique ID of the client. Retrieved while setting Okta up.

SingleSignOnServiceUrl

The URL of the identity provider’s single sign-on. For Microsoft Entra AD, this is usually https://login.microsoftonline.com/\<azure account="" id="">/saml2. Find out the settings of the added connector in your Microsoft account.

SingleLogoutServiceUrl

The URL of the identity provider’s single sign-off. For Microsoft Entra AD, this is usually https://logout.microsoftonline.com/\<azure account="" id="">/saml2. Find out the settings of the added connector in your Microsoft account.

  1. Fill out the provider's name to display on the Creatio login page in the Display name field.

  2. Turn on Just-In-Time Provisioning (optional). This mechanism automatically creates the corresponding Creatio user account with data from the identity provider, such as user group, employee name, contact information, etc. For company employees, select the Create and update company employees data when log in (Just-In-Time Provisioning) checkbox and map the fields. For external users, select the Create and update external users data when log in (Just-In-Time Provisioning) checkbox and map the fields (Fig. 2).

    Fig. 2 Set up Just-In-Time Provisioning
    Fig. 2 Set up Just-In-Time Provisioning

  3. Define your provider. To do this, select the Default provider checkbox.

  4. Test whether the provider is working correctly (optional). To do this, open the provider page and click Test Sign In.

    Fig. 3 Test the provider
    Fig. 3 Test the provider

Set up SSO authentication for Mobile Creatio

Mobile Creatio lets you log in using the Single Sign-On technology. To set up SSO authentication for Mobile Creatio, turn the "Use SSO in the mobile app" ("MobileUseSSO" code) system setting on.

If SSO authentication for Mobile Creatio is turned on, the app displays an identity provider page that includes the login and password fields.

See also

Single Sign-On via OneLogin

Just-In-Time User Provisioning

Microsoft Entra Seamless Single Sign-On: Quickstart (Official vendor documentation)

Microsoft Entra AD portal

Instructions on publishing your application in the gallery (Microsoft documentation)