- Active Emtrain account
- Azure account with Active Directory tenant
- All users must have valid email address in Active Directory
- All AI user’s email addresses must match the user’s primary email address in Active Directory
- The AI account’s API Key (obtain this by navigating to the Site Config area of the Manage Tools and choose the Integration tab.)
Configuration and Set-up:
- Log into the Azure management console and select the Azure Active Directory service.
- Select the appropriate Active Directory tenant and click the Enterprise Applications option in the Manage sidebar.
- Click New Application.
- In the Azure AD Gallery Preview section, click Create your own application.
- Enter the name of the application and select the “Integrate any other application you don’t find in the gallery”. Click Create.
- When prompted to select a single sign on method, choose SAML.
- In section 1, Basic SAML Configuration, enter the Identifier URL, Reply URL and Relay State URL. You will need to construct these URLs by replacing the bracketed portions in the template URLs below with your account’s specific values. Contact customer support for assistance if you do not know your account’s subdomain.
- In section 2, User Attributes and Claims, click Edit.
Create the following attributes. Note the attribute names are case sensitive and must be entered as shown below.
- Name: API_KEY
Source Attribute: Your accounts API key
- Name: Email
Source Attribute: user.email
- Name: FirstName
Source Attribute: user.firstName
- Name: LastName
Source Attribute: user.lastName
The final list of user attributes should look like this:
- Name: API_KEY
- Download the Base64 certificate from the SAML Signing Certificate.
- In the Manage sidebar, click Properties, then copy the User Access URL, which is needed to complete the setup on your Emtrain account. Save this URL for the next steps in the process. Upload the Emtrain logo in the Logo section while you are on the Properties page.
- Log into your Emtrain AI account with an account administrator user.
- Navigate to Manage > Site Config and select the Integrations tab.
- From the SSO Integration section, chose Azure SSO from the dropdown menu
- Open the Azure Base64 certificate in a text editor and copy and paste the certificate body, minus the -----BEGIN CERTIFICATE-----,-----END CERTIFICATE----- lines into the SSO x.509 Certificate field. Paste the Azure User Access URL into the SSO Entry Point field. Click Save.
- The Azure SSO integration is now configured. Visiting your account’s subdomain will redirect users to the User Access URL and authenticate them via SAML.
Once the integration has been completed, users can log in via the following ways:
- Following a link to your Emtrain AI account, such as the link included in campaign notifications. They will automatically be redirected to the User Access URL, authenticated by Azure, and logged into their AI user profile.
- A Single Sign On portal.
In order to log in with this integration, the user’s primary email in Azure must match the email address on their corresponding Emtrain AI user profile. If the email address in the Azure SAML request does not match the email address on the Emtrain AI user profile, the login attempt will fail and the user will be shown an error message that a user with their email address was not found.
Any user who will use the Azure/Emtrain SSO integration must be assigned the Emtrain application in Azure Active Directory. If the Azure AD administrator has not assigned the user the application, they will get an Azure-based error message informing them that they do not have access to log in with this application.