Microsoft Entra ID (Active Directory) Integration

The Microsoft Entra ID (formerly Active Directory) integration will allow you to authenticate the users of your Progressive Web App or Approvals solution against your own existing Entra ID user pool. CivicPlus's Entra ID integration uses SAML 2.0.

Important Note

• This integration is separate from the Custom IdP (Identity Provider) integration with Entra ID and CivicPlus.

Configure Entra ID App

1. To use the integration, you must have an Entra ID App configured. In the example below, we are using the Enterprise application and choosing the Integrate any other application you don't find in the gallery (Non-gallery) option.

Progressive Web App Instructions

1. Sign in to your site

2. Navigate to Apps and click Manage on your app

3. Navigate to the Developer Tools tab

4. Click the Configure SAML button under Integrate with a SAML SSO Provider

5. Follow the SAML Configuration and Instructions

   • Entra ID Setup

     1. Create a Single Sign-On application in your Entra ID

     2. Copy the Identifier (Entity ID) into your application configuration

     3. Copy the Reply URL (Assertion Consumer Service URL) into your application configuration

     4. Copy the App Federation Metadata URL from your Single Sign-On application

   • App Federation Metadata Url: Enter the URL you copied from your application

   • Mapping Additional User Details: The listed claims can be added to your Single Sign-On application which will be included in the submission data

6. Click Save

   Note:

   After clicking the Save button, users will be redirected straight to your Entra ID login screen when clicking the Login button in this app.

Approvals Instructions

1. Sign in to your site

2. Navigate to the Approvals tab

3. Select the Approvers tab

4. Enable the Integrate with a SAML SSO Provider toggle

5. Click Edit Groups to configure the groups assigned to your SAML users

   Note:

   Your existing groups will not carry over as SAML groups. These will need to be reconfigured if you have existing flows using the same group name.

6. Click Add Group

7. Add a group name and enter the notification email addresses for the group

   Note:

   To ensure your users have access to the correct approvals, you will need to map the configured group name to your SAML user claims.

8. Click Save

9. Follow the SAML Configuration and Instructions for your Entra ID/Active Directory integration

   • Entra ID Setup

     1. Create a Single Sign-On application in your Entra ID

     2. Copy the Identifier (Entity ID) into your application configuration

     3. Copy the Reply URL (Assertion Consumer Service URL) into your application configuration

     4. Copy the App Federation Metadata URL from your Single Sign-On application

     5. App Federation Metadata Url: Enter the URL you copied from your application

     6. Mapping Additional User Details: The listed claims can be added to your Single Sign-On application, which will be included in the submission data

        Note:

        To ensure your users have access to the correct approvals, you will need to map the configured group name to your SAML user claims.

10. Click Save