Azure Authentication
Last updated
Last updated
If you want to separate ultimo production and ultimo test, then we recommend to create two enterprise applications.
Go to your Azure Active Directory and search for enterprise applications
Click on new application
Click on create your own application
Create the application with the name Ultimo and the setting integrate any other application you don't find in the gallery (Non-gallery) and click on the bottom side on create.
Click on set-up single sign on
Click on SAML
Click on Upload metadata file.
Select the xml file that was provided in the mail
Check if the input is correct and click on save.
Identifier production: https://<customerurl>.ultimo.net/Saml2
Reply URL production: https://<customerurl>.ultimo.net/Saml2/Acs
Identifier test: https://<customerurl>-test.ultimo.net/Saml2
Reply URL test: https://<customerurl>-test.ultimo.net/Saml2/Acs
Check image below for details:
Click on Users and groups
Click on add user/group
- Click on none selected and invite users in case u want to invite users to the application, otherwise click on select a role and add the security group within Azure AD to grant access.
If you don’t want to provide a domain account to Ultimo, please invite the consultant so he can use his Ultimo e-mail to test the SSO during implementation.
If you invite users, then they have to accept the mail to gain access.
Send the following information to Ultimo so they can start the implementation:
App Federation Metadata Url Federation Metadata XML (Download XML and add as attachment) Domain account e-mail or invitation to Ultimo app in previous step. Domain account password or invitation to Ultimo app in previous step.
Select Azure Active Directory and then select App Registrations on the left side menu.
Click on New Registration and use the following values:
a. Enter a Name for the application
b. For Supported account types choose Accounts in this organizational directory only
c. For Redirect URI choose Web and enter the URL of the environment, followed by 'signin-oidc'. For example https://customer.ultimo.net/signin-oidc
d. Press register
Go to Authentication on the left side menu, and check boolean 'ID tokens (used for implicit and hybrid flows)'. Press save.
Based upon the customers’ preferences, it is also possible to use other methods of authenticating, including using ‘secrets’.
Go back to Overview from the left side menu, and copy the value of 'Directory (tenant) ID'.
Click Endpoints on the top of the overview page and copy the value of 'OpenID Connect metadata document'.