Who can use this feature?
In this article, we will walk through the required steps to integrate your MS Entra ID (Azure AD) with Chili Piper.
Table of Contents
Things to Know
- You must be a Chili Piper admin to enable Single sign-on (SSO).
- You must use the same email address for both Chili Piper and your IdP.
Chili Piper supports any enterprise identity provider (IdP) using the SAML 2.0 protocol.
How to Configure SAML SSO for MS Entra ID
In the Admin Center, access SAML Configuration by clicking Integrations in the left-side menu and clicking the Single Sign-On tab. Then click Connect on the Single Sign-On card.
Before you can begin Step 1 to configure SAML for MS Entra ID, please ensure the following:
- If you have not already, you must create Chili Piper as a new Enterprise Application in MS Entra ID.
- If your MS Entra ID application has restrictions for users, assign users or groups to the Chili Piper application you have created so they can use Chili Piper.
Step 1
In MS Entra ID (Azure AD), go to the Single sign-on settings of your newly created application.
Copy and Paste the fields from Chili Piper into Azure. These URLS cannot be edited in any way or they will not work.
Please note that each Reply URL (Assertion Consumer Service URL) field must be completed:
- The one marked as Default must contain the /clients/common suffix nd
- The other one must not contain the suffix
Setting Up Attributes & Claims in MS Entra ID
In Attributes & Claims, click edit. Make sure the following Claims are created:
Name | Source | Source Attribute |
lastName | Attribute | user.surname |
firstName |
Attribute | user.givenname |
Attribute | user.mail |
Add a New Claim and use the table above to create each claim:
You MUST CLICK SAVE after creating claims
Once all Claims have been created, they will appear in section 2 of the SAML setup in MS Entra
Step 2
Copy the App Federation Metadata URL from MS Entra ID
Paste to Metadata URL field in Chili Piper in the Step 2 section of the IdP setup:
In Chili Piper, click Test Connection, and you will be directed to your IdP login screen. You must log into your IdP using the same credentials that you are logged into Chili Piper.
If the Connection is successful, you will be redirected back to Chili Piper to enforce SSO for all users.
If you want to enforce your users only logging in via your IdP, you can opt to do this now. This option will only be available if testing the connection in Step 2 is successful.