Home Quick Setup Guide Timus Manager Timus Connect App

SAML Integration for Microsoft Entra ID(Azure AD)

Follow these steps to integrate Microsoft Entra ID with Timus using SAML 2.0 for secure Single Sign-On (SSO).

1. Creating an Entra ID Application

  1. Navigate to Entra ID:

    • Click on Microsoft Entra ID from the home page.

  2. Access Enterprise Applications:

    • In the sidebar, click Manage and select Enterprise Applications.

  3. Create a New Application:

    • Click New Application.

    • Select Create your own application.

    • Fill in the Name field and create the application.

  4. Configure Single Sign-On:

    • Click Single Sign-On.

    • Choose SAML as the integration method.

2. Configuring SAML 2.0 in Entra ID

  1. Edit Basic SAML Configuration:

    • Click Edit in the Basic SAML Configuration section.

    • Identifier: Ensure it matches the Microsoft Entra Identifier.

      • Why: The Identifier (Entity ID) should be consistent with the issuer provided by Microsoft Entra ID. This prevents conflicts and ensures unique configuration for each tenant.

    • Reply URL (Assertion Consumer Service URL): Enter https://auth.timuscloud.com/user/external/saml

  2. Edit Attributes & Claims:

    • Click Edit under Attributes & Claims.

    • Ensure attributes like firstname and lastname are included.

    • The NameID should remain as userPrincipalName (which represents the user’s email).

  3. Edit SAML Certificates:

    • Ensure that both Sign SAML response and Sign SAML assertion options are selected.

3. (Optional) Enabling Encryption

  1. Enable Token Encryption:

    • Click Token Encryption.

    • Import your public key here, and paste the private key in the Timus encryption key field.

4. Configuring Timus SAML Integration

  1. Access Timus Manager:

    • Log in to the Timus Manager portal.

    • Go to Settings -> Integrations.

  2. Manage SAML 2.0 Integration:

    • Click Manage under SAML 2.0.

    • Fill in the fields according to the mapping provided in the table below.

    Entra ID FieldTimus Equivalent

    Login URL

    Service URL

    Microsoft Entra Identifier

    Identifier

    Certificate

    X.509 Certificate

  3. Complete the Setup:

    • Save the configuration. Your SAML integration is now ready.

5. Assign Users and Test the Integration

  1. Assign Users to the Application:

    • In Entra ID, navigate to Users and Groups.

    • Assign users to the application.

  2. Test the Application:

    • Use a different browser or incognito mode to test the SSO process by logging in as an assigned user.

    • When configuring SAML with Microsoft Entra ID, be aware that settings may take some time to propagate across the system. After making any changes, users should wait a few minutes and then refresh the application page before attempting to sign in again. This delay ensures that all configurations are correctly applied before users are redirected to Timus upon successful authentication.

PreviousSingle Sign-On Integration with SAML GuideNextSAML Integration for Okta AD

Last updated