You can find out more about eSpatial and SSO here https://help.espatial.com/manage-groups-and-users/single-sign-on-sso-overview. In this article we look at the configration details to setup SSO between eSpatial and the SAML 2.0. compliant Microsoft Azure.
Enable SSO on your Account
You need to have an eSpatial Enterprise account.
- Click on your username drop down in the top right corner.
- Select Manager Groups & Users.
- Click on the SSO Configuration Link.
Microsoft Azure Configuration
- Add eSpatial as a new Azure AD application
- select SAML-based Sign-on in the dropdown
- Open the eSpatial Configure Single Sign On page
- Copy the value of Service Provider to Azure form Identifier field e.g. urn:com:espatial:186186
- Copy the value of SSO URL to Azure from Reply URL field e.g. https://maps.espatial.com/esWebApp/saml/SSO/alias/espatial186186
- Set to User Identifier user.mail
- Check the View and edit all other user attributes checkbox
- Edit givenname and remove the namespace and change the givenname to firstName
- Edit lastNamesame and remove the namespace
- Download the Metadata XML file, step number 8. Email this file to eSpatial (firstname.lastname@example.org) to make the file available to eSpatial.
- Select the Save button on top.
- On receipt of your XML Metadata file, we will upload this and send you a URL to the uploaded Metadata file.
- Set the Identity Provider URL to the URL we have sent you e.g. http://s3.amazonaws.com/ess-public/[text].xml
- Set to the Identity Provider Entity ID to the entityID URL included at the top of your Metadata XML file. e.g. https://sts.windows.net/4d61ae1d-cd95-44a9-be23-18483238f4ac/
- Uncheck the Manage security groups checkbox
- Enable SSO
Adding new users to eSpatial through Azure
- Now that you have successfully connected eSpatial and your Azure instance, you are ready to start giving individual users access to eSpatial using Azure.
- From Azure, grant the users access to eSpatial.
Login to eSpatial
- For the first login, the user must log into eSpatial from Azure or myapps.microsoft.com . (This will create the user on eSpatial).
- For subsequent logins, they can access eSpatial from your Azure login or directly from the eSpatial Login page.