If you do not already have a Microsoft Azure account, create a free Azure Account , using the same email address prefix you use to sign in to integrator.io. For example, if you sign in to integrator.io with the email address: celigo-labs@celigo.com your Azure email address should be: celigo-labs@celigolabs.onmicrosoft.com.
Important
Do not allow any user of the Celigo platform to use the Microsoft User Principal Name (UPN) as the email address they use to sign in. Attempting to use a UPN for SSO authentication will result in an error.
Use the following steps to configure Azure as your SSO provider for integrator.io.
Once you have created your Azure account with the same email address you use to sign in to integrator.io, use the following steps to create a Microsoft Entra ID
tenant:
-
Log in to the Azure portal, and select Create a resource from the homepage.
-
In the left navigation menu, select Identity, and then search for and select Microsoft Entra ID.
-
Click Create on the Microsoft Entra ID service.
-
Enter your Organization name, Initial domain name, and your Country or region, then click Create (at the bottom of the page).
-
After a few moments, the page displays a link to manage your tenant. Click the link to access the Overview page.
-
This page confirms your tenant was successfully created.
-
Navigate to the tenent page and in the left navigation menu, click User flows under Policies.
-
In the Select a user flow type section, click Sign in.
-
.Enter a name in the B2C_1_ field, and in the Local accounts section, click Email signin.
-
In the Application claims section, check the following Return claim items:
-
City
-
Country/Region
-
Display Name
-
Email Addresses
-
Given Name
-
Identity Provider Access Token
-
Surname
-
User's Object ID
-
-
Save the user flow.
-
Click App registrations in the left navigation menu under Manage.
-
Click + New registration.
-
Enter an application name and the callback URL in the Redirect URI field in the form and click Register.
-
Copy the Application client ID to use as the Client ID for your integrator.io iClient.
-
Click Add a certificate or secret.
-
Click + New client secret, enter the name, and click Add.
-
Save the value in the Value field of the created Client to enter into integrator.io as the Client Secret for your integrator.io iClient.
-
Select the Authentication tab, and in the Web section under Redirect URIs, click Add URI to add the redirect URL.
-
In the Implicit grant and hybrid flows section, check Access tokens (used for implicit flows) and ID tokens (used for implicit and hybrid flows in the Authentication page).
-
Click Save.
-
Select the Overview tab, and click Endpoints in the application to retrieve the Issuer URL.
-
Copy the OpenID Connect metadata document endpoint URL (including /v2.0) to enter as the Issuer URL in integrator.io. For example:
http://login.microsoftonline.com/<yourTenantId>/v2.0Note
Only copy the URL to
/v2.0. Do not copy the entire URL or any part of the URL beyond/v2.0. -
Navigate to Home, and click Branding & properties in the left navigation menu.
-
Find the Home page URL field and enter:
https://integrator.io/sso/<your-organization-ID>. This URL should be identical to the Application login URL in integrator.io. Use the following steps to find your Application login URL in integrator.io:-
Log in to integrator.io using account owner credentials.
-
Click the avatar icon in the upper right corner of integrator.io, then click Security.
-
The Security tab opens.
-
-
Save your settings and sign in to your integrator.io environment using the Application login URL. You may be prompted to allow access on first log in depending on your configuration.
See Enable single sign-on (SSO) for instructions for configuring SSO for integrator.io.