Single Sign-On via Microsoft Entra AD
You can integrate Creatio with Microsoft Entra Active Directory (Microsoft Entra AD) to manage single sign-on for all Creatio users that work in the corporate network.
This example uses the https://site01.creatio.com/Demo_161215/
Creatio URL. Replace these URLs with the corresponding URLs of your sites when you perform the actual setup.
The following steps are the general procedure required to set up Single Sign-On in Creatio:
- Download the file that contains integration metadata. Read more >>>
- Perform the setup in Microsoft Entra AD. Read more >>>
- Perform the setup in Creatio. Read more >>>
Download the metadata
- Click the button to open the System Designer.
- Click Single Sign On configuration.
- Click . This opens a drop-down menu.
- Select "Microsoft Entra AD (formerly Azure AD)". This opens the setup page.
- Click Get metadata.
- Save the file to your local machine, then upload it to the Microsoft Entra portal to speed up the configuration.
Perform the setup in Microsoft Entra AD
To configure the settings below, register Creatio in the administrator account of the enterprise identity service of Microsoft Entra AD. Learn more: Official vendor documentation.
-
Add a new SSO application (Trusted Relaying Party) to Microsoft Entra AD:
- Open the Enterprise applications section → All Applications.
- Click New application.
- Select "Creatio" in the Add from the gallery section and add the application. Learn more: [Official vendor documentation]](https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/bpmonline-tutorial#add-creatio-from-the-gallery).
-
Open the Single sign-on section and specify the following parameters:
Parameter | Parameter Value |
---|---|
Single Sign-on Mode | Select SAML in this field. |
Identifier | The full name of the website, for example: |
Reply URL | The full website name and |
-
Save the following data to perform the setup in Creatio (Fig. 1):
- Microsoft Entra AD Identifier
- Login URL
- Logout URL
By default, Microsoft Entra AD passes the following fields to Creatio: Given name, Surname, Email address, Name. The email address serves as the username.
Perform the setup in Creatio
Follow these steps to set up single sign-on in Creatio:
- Click the button to open the System Designer.
- Click Single Sign On configuration.
- Click . This opens a drop-down menu.
- Select "Microsoft Entra ID (formerly Azure AD)". This opens the setup page.
- Fill out the following parameters:
Parameter | Parameter Value |
---|---|
Microsoft Entra identifier | The unique ID of the client. Retrieved while setting Okta up. |
SingleSignOnServiceUrl | The URL of the identity provider’s single sign-on. For Microsoft Entra AD, this is usually |
SingleLogoutServiceUrl | The URL of the identity provider’s single sign-off. For Microsoft Entra AD, this is usually |
-
Fill out the provider's name to display on the Creatio login page in the Display name field.
-
Turn on Just-In-Time Provisioning (optional). This mechanism automatically creates the corresponding Creatio user account with data from the identity provider, such as user group, employee name, contact information, etc. For company employees, select the Create and update company employees data when log in (Just-In-Time Provisioning) checkbox and map the fields. For external users, select the Create and update external users data when log in (Just-In-Time Provisioning) checkbox and map the fields (Fig. 2).
-
Define your provider. To do this, select the Default provider checkbox.
-
Test whether the provider is working correctly (optional). To do this, open the provider page and click Test Sign In.
Set up SSO authentication for Mobile Creatio
Mobile Creatio lets you log in using the Single Sign-On technology. To set up SSO authentication for Mobile Creatio, turn the "Use SSO in the mobile app" ("MobileUseSSO" code) system setting on.
If SSO authentication for Mobile Creatio is turned on, the app displays an identity provider page that includes the login and password fields.
See also
Just-In-Time User Provisioning
Microsoft Entra Seamless Single Sign-On: Quickstart (Official vendor documentation)
Instructions on publishing your application in the gallery (Microsoft documentation)