ChartHop for Administrators
...
Access Settings
Configuring SSO options

Setting up Microsoft and Azure Active Directory SSO

You can configure your ChartHop organization with Microsoft Azure Active Directory SSO.

Generate your XML metadata file

Before configuring the Microsoft/Azure SSO client to ChartHop, you will need to provide your Federation metadata XML file which can be downloaded here.

Set up SSO in Azure

To set up SSO for Active Directory in ChartHop, you must configure several settings in your Azure account:

  1. In the Azure portal, on the left navigation panel, select Azure Active Directory.
  2. Select Enterprise Applications.
  3. Select + New application.
  4. Name the application ChartHop SSO and select Create.
  5. Under Getting Started, select Option 2, Set up Single Sign-On.
  6. Under Manage, select Single Sign-On. 
  7. Set the following in Basic SAML Configuration:
    • Identifier (Entity ID) -  ChartHop
    • Reply URL - https://api.charthop.com/saml/sso/{org-slug}
    • Sign on URL - Leave this field blank.
    • Relay State - https://app.charthop.com
  8. Under Manage, select Users and Groups.
  9. Select Granted to use this application.

Set up Azure SSO in ChartHop

After you have configured your Azure portal settings, enable the SSO option and upload your generated metadata file to ChartHop:

  1. From the left sidebar, select Access.
  2. From the sub-menu, select Settings.
  3. Scroll to the SSO section on the page.
  4. Toggle both Enable Azure Active Directory SSO and Enable Microsoft SSO.
  5. Upload your Federation Metadata XML file under Azure Active Directory IDP metadata file content.
  6. Select Save Settings.

Test the new login with Azure Active Directory to ChartHop

To test your Azure Active Directory and Microsoft SSO configurations with ChartHop:

  1. Log out of ChartHop.
  2. Visit https://app.charthop.com/{org-slug}/account/login where {org-slug} is your ChartHop organization's unique slug.
  3. Confirm that your Microsoft sign-in displays on the login screen.

If you encounter any issues during or after testing your SSO setup, please reach out to [email protected].

Issues with alternative user emails

In some cases, such as during an acquisition, you may have users in your company with alternative email domains than the ones used by the main company. In general, a user's Active Directory email should be the same as the one used in their ChartHop accounts. Having different email domains may result in SSO login issues.

Microsoft suggests using a workaround in cases where users want to keep an original email domain.





Updated 21 Jan 2024
Doc contributor
Did this page help you?
PREVIOUS
Setting up OneLogin SSO
NEXT
Setting up Okta SSO
Docs powered by Archbee