SSO Configuration

Security Assertion Markup Language (SAML) is an open standard that allows identity providers (IdP) to pass authorization credentials to service providers (SP). We support SAML 2.0 with Azure Active Directory for single sign on with our product. 

Features

The user can mix and match both Active Directory integrated users as well as native users, as needed. New SSO users do NOT need to be specifically invited, they can simply log in and an account will automatically be created. NOTE: This is limited by how Azure AD is configured.

 

How it works

Here is an example of the sign in process using Azure AD. If the user is not yet in the system, they will be created upon first login.
mceclip0.png

How to Configure Azure AD

User Management

Ensure users are created with the appropriate Domain(s). This Domain will need to be added into Functionize in a later step. More than one domain may be included in Functionize.

mceclip2.png

Create a New Application in Azure AD

  1. To create a New Enterprise Application, click on All Applications from the left navigation.
  2. Click New Application.
    mceclip3.png
  3. Input the name of your application.
    mceclip8.png
  4. Next, users or groups will need to be assigned to the new application.

How to Assign Group(s) to the New Application

  1. Click on Overview in the left navigation panel.
  2. Select 1. Assign users and groups and assign.
    mceclip4.png
  3. Then it's time to set up SAML Integration.

How to Configure the SAML Integration

  1. Select Single Sign On from the left navigation panel.
    mceclip5.png
  2. Then update the SSO Basic Configuration.

How to Update the SSO Basic Configuration

In Basic SAML Configuration

  1. Enter "functionize_sso_identifier" as the Entity ID
  2. Enter "https://app.functionize.com/ssologin/www" as the Reply URL
    mceclip6.png
  3. Then pull data to be entered into the Functionize application.

How to Pull Data to Enter into Functionize Application

  1. Download the Federation Metadata XML file
  2. Copy the Azure AD Identifier
    mceclip7.pngNOTE: Functionize pulls the default configuration values for email and name, no changes are needed.

 

How to Configure Functionize

  1. In Functionize, go to the Team tab *Only a user that is set as Team Admin can see this setting.
  2. Fill out the saml integration details as follows:
    Type: Select Azure AD from the dropdown menu.
    Domain Name: Enter the Domain Name *comma separated domains may be added if needed
    Azure AD Identifier (IDP): Paste the Azure AD Identifier as previously pulled from Azure configuration.
    Federation Metadata XML: Upload file previously pulled from Azure configuration.
  3. Then click Submit.
    mceclip8.png

To Complete the SetUp

  1. Click SSO Validate on the left panel.
  2. Click Test Login to complete the setup. These will walk the user through the full login process.
    mceclip16.png
  3. Once a successful Login and Logout attempt have occurred, the SSO Validated step will show a green checkmark.
    mceclip17.png 

To Access Functionize Using Single Sign On (SSO) 

  1. Click the Sign in with SSO link on the login page.
    mceclip0.png
  2. Enter the email address with your company domain that has been set up with Azure AD), the click Continue.
  3. Enter password.
  4. Click Sign In.