18min

Setting up Microsoft and Azure Active Directory SSO

You can configure your ChartHop organization with Microsoft Azure Active Directory SSO.

Generate your XML metadata file

Before configuring the Microsoft/Azure SSO client to ChartHop, you will need to provide your Federation metadata XML file which can be downloaded here.

Set up SSO in Azure

To set up SSO for Active Directory in ChartHop, you must configure several settings in your Azure account:

  1. In the Azure portal, on the left navigation panel, select Azure Active Directory.
  2. Select Enterprise Applications.
  3. Select + New application.
  4. Name the application "ChartHop SSO" and select Create.
  5. Under Getting Started, select Option 2, Set up Single Sign-On.
  6. Under Manage, select Single Sign-On. 
  7. Set the following in Basic SAML Configuration:
    • Identifier (Entity ID) -  ChartHop
    • Reply URL - https://api.charthop.com/saml/sso/{org-slug}
    • Sign on URL - Leave this field blank.
    • Relay State - https://app.charthop.com
  8. Under Manage, select Users and Groups.
  9. Select Granted to use this application.

Set up Azure SSO in ChartHop

After you have configured your Azure portal settings, enable the SSO option and upload your generated metadata file to ChartHop:

  1. Select Org Settings from the options menu in the sidebar.
  2. Select the SSO tab.
  3. Toggle both Enable Azure Active Directory SSO and Enable Microsoft SSO.
  4. Upload your Federation Metadata XML file under Azure Active Directory IDP metadata file content.
  5. Select Save Settings.

Test the new login with Azure Active Directory to ChartHop

To test your Azure Active Directory and Microsoft SSO configurations with ChartHop:

  1. Log out of ChartHop.
  2. Visit https://app.charthop.com/{org-slug}/account/login where {org-slug} is your ChartHop organization's unique slug.

  3. Confirm that your Microsoft sign-in displays on the login screen.

If you encounter any issues during or after testing your SSO setup, please reach out to support@charthop.com.

Issues with alternative user emails

In some cases, such as during an acquisition, you may have users in your company with alternative email domains than the ones used by the main company. In general, a user's Active Directory email should be the same as the one used in their ChartHop accounts. Having different email domains may result in SSO login issues.

Microsoft suggests using a workaround in cases where users want to keep an original email domain.



Updated 20 Jul 2022
Did this page help you?
Yes
No
UP NEXT
Setting up Okta SSO
Docs powered by archbee