Requirements:
- Active Emtrain account
- Azure account with Active Directory tenant
- All users must have valid email address in Active Directory
- All user’s email addresses must match the user’s primary email address in Active Directory
- The account’s API Key (obtain this by navigating to the Site Config area of the Manage Tools, choose the Integration tab, and Enable SSO.)
Configuration and Set-up:
- Log into the Azure management console and select the Azure Active Directory service.
- Select the appropriate Active Directory tenant and click the Enterprise Applications option in the Manage sidebar.
- Click New Application.
- In the Azure AD Gallery Preview section, click Create your own application.
- Enter the name of the application and select the “Integrate any other application you don’t find in the gallery”. Click Create.
- When prompted to select a single sign on method, choose SAML.
- In section 1, Basic SAML Configuration, enter the Identifier URL, Reply URL and Relay State URL. You will need to construct these URLs by replacing the bracketed portions in the template URLs below with your account’s specific values. Contact customer support for assistance if you do not know your account’s subdomain.
PLEASE NOTE: for the following instructions the url should NOT include ".admin"
-
- Click Save when you have entered the basic SAML parameters.
- In section 2, User Attributes and Claims, click Edit.
Create the following attributes. Note the attribute names are case sensitive and must be entered as shown below.-
- Name: API_KEY
Source Attribute: Your accounts API key - Name: Email
Source Attribute: user.email - Name: FirstName
Source Attribute: user.firstName - Name: LastName
Source Attribute: user.lastName
The final list of user attributes should look like this:
- Name: API_KEY
-
- Download the Base64 certificate from the SAML Signing Certificate.
- In the Manage sidebar, click Properties, then copy the User Access URL, which is needed to complete the setup on your Emtrain account. Save this URL for the next steps in the process. Upload the Emtrain logo in the Logo section while you are on the Properties page.
Emtrain Setup:
- Log into your Emtrain account with an account administrator user.
- Navigate to Manage > Site Config and select the Integrations tab.
- Select to Enable SSO, chose Azure SSO from the Provider dropdown menu
- Open the Azure Base64 certificate in a text editor and copy and paste the certificate body, minus the -----BEGIN CERTIFICATE-----,-----END CERTIFICATE----- lines into the SSO x.509 Certificate field. Paste the Azure User Access URL into the SSO Entry Point field. The SSO Logout Redirect URL field is optional and can be left blank. Click Save.
- The Azure SSO integration is now configured. Visiting your account’s subdomain will redirect users to the User Access URL and authenticate them via SAML.
Additional considerations:
Once the integration has been completed, users can log in via the following ways:
- Following a link to your Emtrain account, such as the link included in campaign notifications. They will automatically be redirected to the User Access URL, authenticated by Azure, and logged into their Emtrain user profile.
- A Single Sign On portal.
In order to log in with this integration, the user’s primary email in Azure must match the email address on their corresponding Emtrain user profile. If the email address in the Azure SAML request does not match the email address on the Emtrain user profile, the login attempt will fail and the user will be shown an error message that a user with their email address was not found.
Any user who will use the Azure/Emtrain SSO integration must be assigned the Emtrain application in Azure Active Directory. If the Azure AD administrator has not assigned the user the application, they will get an Azure-based error message informing them that they do not have access to log in with this application.