ⓘ You’ll need to have at minimum “Cloud Application Administrator” privileges in Microsoft Azure AD to setup the Pequity app & make the appropriate application configurations needed. |
ⓘ You must be a Pequity administrator to make site-wide configurations in Pequity. |
Contents Overview:
-
Create a Pequity User Group in Microsoft Azure AD
- STEP 1: Configure Microsoft Azure AD SSO
-
STEP 2: ASSIGN USERS & GROUPS
- Step 2.1 Select the pencil icon next to the Basic SAML Configuration section
- Step 2.2 Select the pencil icon to edit User Attributes & Claims
- Step 2.3 Download the SAML Signing Certificate > Federation Metdata XML
- Step 2.4 Copy the Azure AD Identifier, & Logout URL under Set up Pequity section 4
- STEP 3: PROPERTIES - USER ACCESS URL
- Full List to Provision to Pequity
Create a Pequity User Group in Microsoft Azure AD
- From your Default Directory page, Select “Group”, then “New Group”
- Toggle the Group Type to “Security”, then name the group “Pequity Users” and ensure the Membership type is set to “Assigned”
- Select Create Group
- Add all appropriate users who should have access to the Pequity app
📣 Please note: this group assignment will only control if an employee can login to Pequity. Once logged into Pequity, the specific Pequity user permissions (like which compensation Ranges that employee can view) will be dictated in the Pequity user settings. |
Configure Microsoft Azure AD SSO
Once you have logged into your Microsoft Azure AD Admin portal, navigate to “Enterprise Applications”, then “All Applications.” Click New Application to get started. On the next screen, select NON GALLERY APPLICATION. Name the application “Pequity”.
STEP 1: ASSIGN USERS & GROUPS
Click on “Assign Users & Groups”. Select “add user” and find the Pequity Group. Then click “Assign”. Once done, head back to the overview page for Step 2.
STEP 2: SET UP SINGLE SIGN ON
From the overview page, select “Set up single sign on” to enable users to sign into Pequity with their Azure AD Credentials.
Select the SAML module to begin configuration.
Step 2.1 Select the pencil icon next to the Basic SAML Configuration section
To begin the set up for single sign-on with SAML, click on the pencil icon in the Basic SAML Configuration box.
Please enter the following information:
- Identifier (Entity ID): https://COMPANYNAME.pequity.app/api/saml2/metadata
- Reply URL (Assertion Consumer Service URL): https://COMPANYNAME.pequity.app/api/saml2/acs/
📣 Please note that this Entity ID URL should NOT have a trailing slash. This is intentional. If a trailing slash is added to this link, the setup will not work. |
Click SAVE in the top left corner of the screen, then close the basic SAML configuration screen. You can select “No, I’ll Test Later” since Pequity will still need to configure on our end before testing is possible.
Step 2.2 Select the pencil icon to edit User Attributes & Claims
Modify the existing attribute names as follows. The first value listed is the "Microsoft Azure AD attribute" and the second is the Pequity App attributes:
- Basic Information > emailaddress to Email
- Basic Information > givenname to first_name
- Basic Information > surname to last_name
Step 2.3 Download the SAML Signing Certificate > Federation Metadata XML
Click the download button next to Federation Metadata XML and save to send to the Pequity team.
Step 2.4 Copy the Azure AD Identifier, & Logout URL under Set up Pequity
Copy the following links to provide to the Pequity team:
- Azure AD Identifier
- Logout URL
STEP 3: PROPERTIES - USER ACCESS URL
Navigate to the “Properties” section of the Pequity application on the left hand side of your screen. Then copy the User Access URL to send to Pequity.
Full List to Provision to Pequity
Once you’ve completed all of the above steps, you will want to reach back out to your Pequity project manager and provide them with the following:
- Downloaded Federation Metadata XML file from Step 2.3
- Following URLs:
- User Access URL (ie. Login URL) from step 3
- Azure AD Identifier from Step 2.4
- Logout URL from Step 2.4
Congratulations! You’ve setup Microsoft Azure SSO for Pequity 🎉
🎉 All done! Questions?
We’re here to help! Drop us a line.