This article explains how to set up single sign-on (SSO) for MaintainX.
Prerequisites
Your organization must be on a MaintainX Enterprise Plan.
You must be an Administrator for your MaintainX organization.
Any domain that you plan to add to your SSO configuration must be verified via a MaintainX verification email.
Supported Protocols
Security Assertion Markup Language (SAML)
OpenID Connect (OIDC)
Step 1: Obtain Your Configuration Information From MaintainX
Sign into the MaintainX web application.
In the sidebar, select Settings > Customizations.
In the Customizations pane, select Single Sign-On (SSO) Self-Serve > Set SSO Preferences.
If MaintainX does not have IdP information for your organization, the Register Identity Provider dialog opens.
Select Create to generate your IdP information and open the Single Sign-On Configuration dialog.
If MaintainX does have IdP information for your organization, the Single Sign-On Configuration dialog opens right away.
You will need to provide the URLs in the following fields to your IdP:
Entity ID (Audience URI)
ACS URL
Start URL
Step 2a: Configure SSO with Your IdP
These instructions apply to most IdPs. If you’re using Microsoft Azure AD follow the instructions in Step 2b: Configuring SSO with Microsoft Azure AD.
Before you start:
To configure SSO with your IdP:
Sign into the MaintainX web application.
In the sidebar, select Settings > Customizations.
In the Customizations pane, select Single Sign-On (SSO) Self-Serve > Set SSO Preferences. The Single Sign-On Configuration dialog opens.
Sign into your IdP.
Copy the following URLs from the MaintainX Single Sign-On Configuration dialog to your IdP.
Entity ID (Audience URI)
ACS URL
Start URL
In your IdP, configure Attribute Mapping. Map the following attributes:
email
firstName
lastName
In your IdP, obtain the following information, and copy it to the corresponding fields in the MaintainX Identity Provider Configuration settings:
Issuer URI
Single Sign On (SSO) URL. Copy this to the Destination field in MaintainX as well.
In your IdP, download your signing certificate to your computer. Upload it to MaintainX from the Identity Provider Configuration settings:
Select Certificate > Upload, select the certificate you downloaded, and submit it.
In the MaintainX Single Sign-On Configuration dialog, scroll to the SAML Configuration settings, and configure the following:
Email Domains: Anyone with the domain(s) entered in the field will be routed to your IdP.
Note: Any domain that you plan to add to your SSO configuration must be validated by MaintainX.Default Role: This is the default role, in the MaintainX application, for users you create through SAML. For details about user types, see User Classes Explained.
Select Update to update your settings.
Step 2b: Configure SSO with Microsoft Azure AD
Before you start:
To configure SSO with Azure AD:
Sign in to the Microsoft Azure portal, and navigate to Azure Active Directory.
From the sidebar, select Manage > Enterprise applications.
In the Enterprise applications pane, select + New application.
Select + Create your own application. In the dialog box that opens, do the following:
Set the name of your application. We recommend you set it to
MaintainX
.Select Integrate any other application you don't find in the gallery.
Select Create.
Sign into the Sign into the MaintainX web application.
In the sidebar, select Settings > Customizations.
In the Customizations pane, select Single Sign-On (SSO) Self-Serve > Set SSO Preferences. The Single Sign-On Configuration dialog opens.
Copy the following URLs from the MaintainX Single Sign-On Configuration dialog to your application in the Azure AD portal.
Entity ID (Audience URI)
ACS URL
Start URL (Add this in Sign On)
In the Azure AD portal, do the following:
Navigate to the SAML Signing Certificate area
Select Download for Certificate (Base64)
Download the certificate to your computer.
You need the certificate to make Azure AD an identity provider in MaintainX.
Copy the following values from the Azure AD portal to the Identity Provider Configuration settings in the MaintainX web application Single Sign-On Configuration dialog:
In the MaintainX Identity Provider Configuration settings, select Certificate > Upload. Select the certificate you downloaded from Azure AD earlier, and submit it.
In the Azure AD portal, navigate to the Additional Claims settings, and configure the attribute mapping for the following fields:
email: set either
user.mail
oruser.principalname
depending on your Azure setupfirstName: set
user.givenname
lastName: set
user.surname
Note: Make sure to remove the namespace from the claims to have exactly those names.