Ultimo Developer
  • Welcome
  • Getting started
    • Introduction
    • Software editions
  • API guide
    • REST
      • Requesting data
      • Inserting data
      • Inserting data in batch
      • File uploads
      • Query options
      • Special characters
      • Testing REST
      • Additional security
      • Limits and Quotas
    • HTTP POST
      • Overview of a POST request
      • Requesting data
      • Inserting data
      • Testing HTTP POST
      • Additional security
    • SOAP
      • Overview of a POST request
      • Requesting data
      • Inserting data
      • Testing SOAP
      • Additional security
    • Third party integration
    • Error handling
  • CONNECTORS
    • BI Platform
      • Create database user
      • Connect to the database
      • Expiring passwords
    • Exchange Online
      • Email import
      • Custom SMTP
    • LDAP
      • LDAP connector
      • Cloud vs On Premises
    • SCIM
    • OCI
    • Universal Print
      • Prerequisites & limitations
      • How to setup
  • API key Templates
    • Introduction
    • Master data
      • Cost centers
      • Departments
      • Employees
      • Service contracts
      • Suppliers
    • Assets
      • Technical Service
      • Medical Assets
      • Fleet objects
      • Infra objects
      • IT Configuration-Items
    • Jobs
      • Technical Service jobs
      • Medical jobs
      • Fleet jobs
      • Infra jobs
      • IT-incidents
      • Attach or change images
    • Article
      • Create articles
      • Create article supplier
    • IoT
      • REST
      • HTTP POST
      • SOAP
    • Reservations
      • Create reservation
      • Update reservation
      • Cancel reservation
      • Get reservations
    • Track & Trace
  • Database
    • BI overview
      • BI functions
      • BI views
  • Azure documentation
    • Terms & Conditions
    • Azure migration
      • Export alternatives
      • Import alternatives
      • LDAP
    • Setup standard Single Sign On with MS Entra ID
    • Azure Authentication
    • Azure IP addresses
    • Azure AD SCIM provisioning
  • Have a question?
    • Ask on our Customer Portal
    • Contact Customer Support
Powered by GitBook
On this page
  • Creating new enterprise application
  • Setup single sign on (SAML2)
  • User assignment
  • OpenID Connect (OIDC)
  1. Azure documentation

Azure Authentication

PreviousSetup standard Single Sign On with MS Entra IDNextAzure IP addresses

Last updated 1 hour ago

Creating new enterprise application

If you want to separate ultimo production and ultimo test, then we recommend to create two enterprise applications.

Go to your Microsoft Entra ID and search for enterprise applications

Click on new application

Click on create your own application

Create the application with the name Ultimo and the setting integrate any other application you don't find in the gallery (Non-gallery) and click on the bottom side on create.

Setup single sign on (SAML2)

Click on set-up single sign on

Click on SAML

Click on Upload metadata file.

Select the xml file that was provided in the mail

Check if the input is correct and click on save.

Identifier production: https://<customerurl>.ultimo.net/Saml2 Reply URL production: https://<customerurl>.ultimo.net/Saml2/Acs Identifier test: https://<customerurl>-test.ultimo.net/Saml2 Reply URL test: https://<customerurl>-test.ultimo.net/Saml2/Acs

Check image below for details:

User assignment

Click on Users and groups

Click on add user/group

- Click on none selected and invite users in case u want to invite users to the application, otherwise click on select a role and add the security group within Azure AD to grant access.

If you don’t want to provide a domain account to Ultimo, please invite the consultant so he can use his Ultimo e-mail to test the SSO during implementation.

If you invite users, then they have to accept the mail to gain access.

Send the following information to Ultimo so they can start the implementation:

App Federation Metadata Url Federation Metadata XML (Download XML and add as attachment) Domain account e-mail or invitation to Ultimo app in previous step. Domain account password or invitation to Ultimo app in previous step.

OpenID Connect (OIDC)

Select Microsoft Entra ID and then select Manage > App Registrations in the left side menu.

Click on New Registration and use the following values:

a. Enter a Name for the application

b. For Supported account types choose Accounts in this organizational directory only

c. For Redirect URI choose Web and enter the URL of the environment, followed by 'signin-oidc'. For example https://customer.ultimo.net/signin-oidc

d. Press register

Go to Authentication on the left side menu, and check boolean 'ID tokens (used for implicit and hybrid flows)'. Press save.

Based upon the customers’ preferences, it is also possible to use other methods of authenticating, including using ‘secrets’.

Go back to Overview from the left side menu, and copy the value of 'Directory (tenant) ID'.

Click Endpoints on the top of the overview page and copy the value of 'OpenID Connect metadata document'.