Single Sign-On (SSO) - Set up Citation HR as a Service Provider on Microsoft Azure Active Directory

This article details the steps that need to be taken within Azure Active Directory before attempting to configure SAML 2.0 SSO setup with Citation HR Software and Azure Active Directory serving as the Identity Provider.

These instructions illustrate how to configure Microsoft Azure Active Directory (AD) as the IdP for Citation HR Software. Please refer to the Azure documentation for additional information about the steps in the Azure portal.

Please Note: Configuring and installing Azure Active Directory is beyond the scope of this guide.

Additionally, this guide is for setting up Azure Active Directory as "Authentication Only" mode in Citation HR Software, as this is our recommended option. 

Pre-requisites

Please ensure that you have the following before you start configuring Azure AD as the IdP:

  • a Premium Azure Active Directory subscription (Premium P1 is the minimum level at which SAML SSO becomes available with non-gallery applications);
  • An Existing instance of Azure Active Directory.

Steps

Adding Citation HR Software as a Non-Gallery Application

1.  In the Azure portal, on the left navigation pane, click "All Services".

2. Click "Enterprise applications".

3. Click "New application".

4. Click Create your own application and enter CitationHR and select the Non-gallery option.

5. Click "Create".

 

Configuring SAML SSO in Azure To configure SAML SSO in Azure:

1. In the Azure portal, click "Enterprise applications"

2. Click the "CitationHR" application you added in step 4 above.

3. Click "Single sign-on".

4.  For "Single Sign-on Method", choose "SAML".

For the field "Identifier (Entity ID)" use https://login.citationhr.com/app/saml 

For the field "Reply URL (Assertion Consumer Service URL" use https://login.citationhr.com/app/saml

User Attributes - for "User Identifier", select "user.mail".

For all other attributes, edit them so they match the below values and then click "Save".

mceclip4.png

Please note: The name of the attribute MUST be exactly as shown below (spaces included). It will cause issues if there are any deviations to the name.

NAME

VALUE

Email / User ID

user.mail

Name ID

user.mail

First Name

user.givenname

Last Name

user.surname

Note: Remove ALL namespaces under each of the "Additional Claims" section

Please see below for a visual reference of how the screen should look when you have entered all the details:

5.  Download the Metadata XML file as you will need to upload the contents of this XML in the Citation HR settings.

 

After the Metadata XML is downloaded, you can continue your setup of SSO using Single Sign-on (SSO) - How to Set Up. You will need the Metadata for Step 3 - but make sure you don't skip ahead as you may still need to do Step 2!

There is also an additional piece of information you will need to enter into your Citation HR Software Settings after configuring SAML SSO in Azure. You will need to enter you User Access URL in point 8 of Step 3 in Single Sign-on (SSO) - How to Set Up. You can find your User Access URL in the "Enterprise Application" -> "Properties" section (Please see screenshot below)

 

 

Note #1: If you or your users receive this error screen

mceclip0.png

the Login URL in your Citation HR SSO setup page needs to have the correct login URL entered. For example: 

against the Citation HR Settings > Account Settings > Security > SSO > Login URL

mceclip2.png

Related to