Articles in this section

Azure SSO

  • Updated
Follow

Introduction
Springboard support authentication with any SAML 2.0 compliant service. This documentation has been written on the assumption that you are using Azure AD. If you are using a different authentication provider, please request the required documentation from PeopleScout.
The steps required to configure Springboard to authenticate against your Azure AD tenancy are outlined below;

Assumptions
The following documentation assumes that you have the following in place;
• Office 365 Tenancy
• Azure AD Premium (Springboard is a non-gallery Application)
• Global Administrator privileges in Azure
• Azure Active Directory Security Group to grant access to Springboard

Prerequisites
Before commencing the steps below please ensure you have;
• Provided PeopleScout with your careers site URL e.g https://careers.mycompany.com
• The Metadata.xml file (provided by PeopleScout)

Dependencies
At the completion of this document you will have;
• Set up Springboard as an Enterprise Application with Azure AD
• Configured Springboard User role within Azure AD
• Configured claim rules
• Generated a Token Signing Certificate (Exported from Azure AD)

Create Enterprise Application

  1. Log into your Azure AD Portal (https://aad.portal.azure.com)
  2. Select Enterprise Applications
  3. Select New Application

    mceclip1.png

  4. Select Non-gallery application

    mceclip2.png

  5. Give the application an easily identifiable name such as “Springboard”
  6. Select Add

mceclip0.png

Configure Single Sign On (SSO)

  1. Select Configure single sign-on (required)mceclip3.png
  2. Select SAML

    mceclip4.png

  3. Select Upload metadata file
  4. Select the Metadata.xml file provided to you by PeopleScout

    mceclip5.png

  5. Confirm that the Identified (Entity ID) and Reply URL (Assertion Consumer Service URL) are correct They should match your careers site URL trailed by /sso-service-provider/
  6. Select Save
  7. Click “X” to close the Basic SAML Configuration Window

    mceclip6.png

  8. Select the pencil to edit User Attributes & Claims
  9. Remove all additional claims

    mceclip7.png

  10. Select Add new claim
  11. Name = RASP_ORG_ID
  12. Source attribute = XXXXX (Provided by PeopleScout)
  13. Select Save

mceclip8.png

 

Creating Springboard Role

  1. Navigate to Azure Active Directory
  2. Select App Registrations

    mceclip10.png

  3. Select Springboard
  4. Navigate to Manifest

    mceclip11.png

  5. Paste the following code into the manifest 
    {
    "allowedMemberTypes": [
    "User"
    ],
    "description": "SpringboardUser",
    "displayName": "SpringboardUser",
    "id": "257203a4-9e02-42ad-bff6-fb179520dadd",
    "isEnabled": true,
    "origin": "Application",
    "value": "SpringboardUser"
    }
    Please note: See below to confirm the desired format. This is the result of what we want our Manifest to look like. Notice the “SpringboardUser” role. Note: msiam_access role must be left as default. Do not amend this.
  6. Select Save

mceclip12.png

 

Assign Springboard User Role to User or Groups

  1. Navigate to Azure Active Directory
  2. Select Enterprise Applications

    mceclip14.png

  3. Select Springboard
  4. Select Users and Groups
  5. Select Add User

    mceclip15.png

  6. Select the User or Group you want to use to allow Springboard Access
  7. Select SpringboardUser role
  8. Select Assign

mceclip16.png

 

Providing Details to PeopleScout

  1. Select Single Sign On
  2. Download Certificate (Base 64)

    mceclip17.png

  3. Copy Login URL
  4. Send both Login URL and Certificate (Base 64) to your PeopleScout contact

mceclip18.png

Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles