Configuring SSO for MaintainX

Explains how to set up single sign-on (SSO) for MaintainX using Microsoft Azure Active Directory or other identity providers (IdPs).

J
Written by Jamal Rahal
Updated over a week ago

This article explains how to set up single sign-on (SSO) for MaintainX.

Prerequisites

  • Your organization must be on a MaintainX Enterprise Plan.

  • You must be an Administrator for your MaintainX organization.

  • Any domain that you plan to add to your SSO configuration must be verified via a MaintainX verification email.

Supported Protocols

  • Security Assertion Markup Language (SAML)

  • OpenID Connect (OIDC)

Step 1: Obtain Your Configuration Information From MaintainX

  1. Sign into the MaintainX web application.

  2. In the sidebar, select Settings > Customizations.

  3. In the Customizations pane, select Single Sign-On (SSO) Self-Serve > Set SSO Preferences.

    • If MaintainX does not have IdP information for your organization, the Register Identity Provider dialog opens.

      Select Create to generate your IdP information and open the Single Sign-On Configuration dialog.

    • If MaintainX does have IdP information for your organization, the Single Sign-On Configuration dialog opens right away.

  4. You will need to provide the URLs in the following fields to your IdP:

    • Entity ID (Audience URI)

    • ACS URL

    • Start URL

Step 2a: Configure SSO with Your IdP

These instructions apply to most IdPs. If you’re using Microsoft Azure AD follow the instructions in Step 2b: Configuring SSO with Microsoft Azure AD.

Before you start:

To configure SSO with your IdP:

  1. Sign into the MaintainX web application.

  2. In the sidebar, select Settings > Customizations.

  3. In the Customizations pane, select Single Sign-On (SSO) Self-Serve > Set SSO Preferences. The Single Sign-On Configuration dialog opens.

  4. Sign into your IdP.

  5. Copy the following URLs from the MaintainX Single Sign-On Configuration dialog to your IdP.

    • Entity ID (Audience URI)

    • ACS URL

    • Start URL

  6. In your IdP, configure Attribute Mapping. Map the following attributes:

    • email

    • firstName

    • lastName

  7. In your IdP, obtain the following information, and copy it to the corresponding fields in the MaintainX Identity Provider Configuration settings:

    • Issuer URI

    • Single Sign On (SSO) URL. Copy this to the Destination field in MaintainX as well.

  8. In your IdP, download your signing certificate to your computer. Upload it to MaintainX from the Identity Provider Configuration settings:

    • Select Certificate > Upload, select the certificate you downloaded, and submit it.

  9. In the MaintainX Single Sign-On Configuration dialog, scroll to the SAML Configuration settings, and configure the following:

    • Email Domains: Anyone with the domain(s) entered in the field will be routed to your IdP.

      Note: Any domain that you plan to add to your SSO configuration must be validated by MaintainX.

    • Default Role: This is the default role, in the MaintainX application, for users you create through SAML. For details about user types, see User Classes Explained.

  10. Select Update to update your settings.

Step 2b: Configure SSO with Microsoft Azure AD

Before you start:

To configure SSO with Azure AD:

  1. Sign in to the Microsoft Azure portal, and navigate to Azure Active Directory.

  2. From the sidebar, select Manage > Enterprise applications.

  3. In the Enterprise applications pane, select + New application.

  4. Select + Create your own application. In the dialog box that opens, do the following:

    • Set the name of your application. We recommend you set it to MaintainX.

    • Select Integrate any other application you don't find in the gallery.

    • Select Create.

  5. Sign into the Sign into the MaintainX web application.

  6. In the sidebar, select Settings > Customizations.

  7. In the Customizations pane, select Single Sign-On (SSO) Self-Serve > Set SSO Preferences. The Single Sign-On Configuration dialog opens.

  8. Copy the following URLs from the MaintainX Single Sign-On Configuration dialog to your application in the Azure AD portal.

    • Entity ID (Audience URI)

    • ACS URL

    • Start URL (Add this in Sign On)

  9. In the Azure AD portal, do the following:

    • Navigate to the SAML Signing Certificate area

    • Select Download for Certificate (Base64)

    • Download the certificate to your computer.

    You need the certificate to make Azure AD an identity provider in MaintainX.

  10. Copy the following values from the Azure AD portal to the Identity Provider Configuration settings in the MaintainX web application Single Sign-On Configuration dialog:

    • Copy the Login URL in Azure AD to the Single Sign On (SSO) URL and Destination fields in MaintainX.

      The Login URL starts with https://login.microsoftonline.com/

    • Copy the Azure AD Identifier in Azure AD to the Issuer URI field in MaintainX.

      The Azure AD Identifier starts with https://sts.windows.net/

  11. In the MaintainX Identity Provider Configuration settings, select Certificate > Upload. Select the certificate you downloaded from Azure AD earlier, and submit it.

  12. In the Azure AD portal, navigate to the Additional Claims settings, and configure the attribute mapping for the following fields:

    • email: set either user.mail or user.principalname depending on your Azure setup

    • firstName: set user.givenname

    • lastName: set user.surname


    Note: Make sure to remove the namespace from the claims to have exactly those names.

Did this answer your question?