Before you Start

Before starting there are a few things you will need:​ 

• Admin access to your Microsoft Entra ID (Azure) environment.​
• Account Admin access to your Maptician environment.  This only applies if you are configuring the integration on your own without assistance from Maptician.​

Getting Started

Step 1: Log into your Microsoft Azure Portal

In your organization’s Microsoft Entra ID (Azure Active Directory) home screen, there should be a menu option on the left side labeled “Enterprise Applications”. Click this menu option.

Step 2: Start a New Application Setup

Click the button “New Application” at the top of the table seen below.

Step 3: Add Maptician to Your Applications

In the search application box, type “Maptician” and the application should appear in the list of results.  Click on the Maptician application to open the application properties window.​

At the bottom of the application properties window, click the Create button to add the Maptician application.​

Step 4: Maptician Enterprise App Overview

This will bring you to the screen below, which is your interface between Maptician and Azure Active Directory. The next steps can be taken in any order, but we will start with assigning users.​

Step 5: Assigning Azure Users and Groups

You must assign users or groups of users to the application before they will be granted access by Microsoft to use Single Sign‐on and be eligible for provisioning. Clicking on the “Add User/group” button will bring up a series of steps that depend on your Active Directory configuration, but are generally as simple as selecting individuals or groups that should be granted access to Maptician. 

After adding the users, click on the “Single sign‐on” menu option at the left of the screen.​

Step 6: Configure SAML-Based Single Sign-On

Here we will configure Maptician to be accessible through SAML‐based single sign‐on using employees’ Office 365 profiles. This does not provide Maptician with access to profile data or confidential credential information and setting up single sign‐on is an optional step, though highly recommended to streamline access and reduce the security implications of users managing one more password.

Select the SAML option below:​

Step 7: Set Up SAML Endpoints for Maptician SSO

Here we will configure the SAML endpoints for SSO access. The endpoints shown below are for a demo Maptician environment. Your endpoints will have the following structure: https://YourSubdomain.maptician.com/saml/acs_msft​

After the “Basic SAML Configuration” URLs have been set (steps 1-4), use the copy button to copy the “App Federation Metadata Url”.

This URL provides Maptician with the information to securely communicate with this environment. It needs to be sent to support@maptician.com or to your Maptician technical point of contact.  Alternatively, if you are configuring the SSO on your own, you can add the App Federation Metadata URL to your Maptician environment by following Step 7b.​

Step 7b: Enter the App Federation Metadata URL in Maptician

If you are configuring SSO on your own, below is where you would enter the App Federation Metadata Url from Step 7 on the previous page.  The SSO settings are located in your Maptician environment: Settings > Environment > Single Sign-on (SSO)

• Set the SSO Provider to Microsoft Azure AD and paste your App Federation Metadata Url into the SAML Metadata URL field. ​
• Optional: To restrict users to SSO-only logins, check the box for “Restrict Users to SSO Logins”​
• When done click the green Save Changes button.​

Step 8: Test and Verify SSO Integration Connection

If Step 7b has been completed, you can test the connectivity using the test feature below, or you can simply go to the standard Maptician login screen: https://[your subdomain].maptician.com and you should now see a “Sign-In with Microsoft” button above the traditional login fields.​

Step 9: Successful SSO Login

A successful login will immediately route you to your Maptician environment’s home screen with your associated profile. To log in, your Active Directory email address and Maptician profile email address must match.​