Security Assertion Markup Language (SAML) is an open standard that allows identity providers (IdP) to pass authorization credentials to service providers (SP). We support SAML 2.0 with Azure Active Directory for single sign on with our product.
The user can mix and match both Active Directory integrated users as well as native users, as needed. New SSO users do NOT need to be specifically invited, they can simply log in and an account will automatically be created. NOTE: This is limited by how Azure AD is configured.
How it works
Here is an example of the sign in process using Azure AD. If the user is not yet in the system, they will be created upon first login.
How to Configure Azure AD
1. Ensure users are created with the appropriate Domain(s). This Domain will need to be added into Functionize in a later step. More than one domain may be included in Functionize.
Create a New Application in Azure AD
1. To create a New Enterprise Application, click on All Applications from the left navigation.
2. Click New Application.
3. Input the name of your application. See below:
4. Next, users or groups will need to be assigned to the new application.
How to Assign (your) Group(s) to the New Application
1. Click on Overview in the left navigation panel.
2. Select 1. Assign users and groups and assign.
3. Then it's time to set up SAML Integration.
How to Configure the SAML Integration
1. Select Single Sign On from the left navigation panel.
2. Then update the SSO Basic Configuration.
How to Update the SSO Basic Configuration
1. In Basic SAML Configuration,
Enter "functionize_sso_identifier" as the Entity ID
Enter "https://app.functionize.com/ssologin/www" as the Reply URL
2. Then pull data to be entered into the Functionize application.
How to Pull Data to Enter into Functionize Application
1. Download the Federation Metadata XML file
2. Copy the "Azure AD Identifier"
NOTE: Functionize pulls the default configuration values for email and name, no changes are needed.
How to Configure Functionize
1. In Functionize, go to the Team Settings tab *Only a user that is set as Team Admin can see this setting.
- Type = Select Azure AD from the dropdown menu.
- Domain Name = Enter the Domain Name *comma separated domains may be added if needed
- Azure AD Identifier (IDP) = Paste the Azure AD Identifier as previously pulled from Azure configuration.
- Upload the Federation Metadata XML file as previously pulled from Azure
Then click Submit.
To Complete the SetUp
1. Click SSO Validate to test login on the left panel
2. AND click Test Login in order to complete the setup. These will walk the user through the full login process.
Once a successful Login and Logout attempt have occurred, the SSO Validated step will show green:
To Access Functionize Using Single Sign On (SSO)
1. Click the Sign in with SSO link on the login page.
2. Enter the email address with your company domain that has been set up with Azure AD), the click Continue.
3. Enter password.
4. Click Sign In.