Introduction
This is the guide for configuring Single Sign-On (SSO) for your organization. This manual provides instructions for setting up the new SSO module of ValidSign, allowing you to log into the application, the mobile app, and the Word and Google Drive add-in. ValidSign also offers an SSO configuration for SignerSSO, which makes it possible to use SSO during the signing of documents. Follow the next guide to set this up: Guide for Setting up SignerSSO.
Single Sign-On configuration with Microsoft EntraID (AzureAD)
This manual consists of several steps. The first step is setting up the Azure App:
- Log in to your AzureAD tenant as a global administrator;
- Click on 'Microsoft Entra ID' in the left menu;
- Then click on 'Enterprise Applications';
- Click the 'New application' button at the top;
- Click the button 'Create your own application' at the top again;
- Enter the name of the app, for example, 'ValidSign', so that you can easily find it later;
- Choose the option 'Integrate any other application you don’t find in the gallery (Non-gallery)' and click on 'Create';
- You will now be on the overview page of our app, then click on 'Single sign-on' and choose 'SAML';
- Click on the 'Edit' button in the 'Basic SAML Configuration' and fill in the following information:
- Identifier (Entity ID)
Production (my.validsign.eu): urn:sso:mw:saml:my:ValidSign:eu
Acceptance (try.validsign.eu): urn:sso:mw:saml:try:ValidSign:eu - Reply URL (Assertion Consumer Service URL)
Production (my.validsign.eu): https://my.validsign.eu/ssonew/saml/SSO
Acceptance (try.validsign.eu): https://try.validsign.eu/ssonew/saml/SSO - Sign on URL (optional)
Production (my.validsign.eu): https://my.validsign.eu/ssonew/saml/login/alias/ValidSign?ENTITY_ID_OF_YOUR_AZURE_AD_TENANT
Acceptance (try.validsign.eu): https://try.validsign.eu/ssonew/saml/login/alias/ValidSign?ENTITY_ID_OF_YOUR_AZURE_AD_TENANT
You can find the Entity ID (ENTITY_ID_OF_YOUR_AZURE_AD_TENANT) of your tenant by clicking on 'Microsoft Entra ID' in the left menu and then 'Enterprise Applications', search for the app you've just created and open it. Go to 'Single sign-on' and scroll down. Copy the value of the field 'Microsoft Entra Identifier' under 'Set up ValidSign' and copy the 'Tenant ID'. Replace the text 'ENTITY_ID_OF_YOUR_AZURE_AD_TENANT' with the recently copied 'Tenant ID' in the 'Sign-on URL'; - Logout Url (optional)
Production (my.validsign.eu): https://my.validsign.eu/saml/SingleLogout
Acceptance (try.validsign.eu): https://try.validsign.eu/saml/SingleLogout - Then click on 'Save' at the top;
- Identifier (Entity ID)
-
Next, click on 'Edit' under 'Attributes & Claims' and fill in the following information:
-
First, delete all the default added 'Additional claims' that start with 'http://schemas.xmlsoap.org/' by clicking on the three dots and selecting 'Delete';
-
Next, click on 'Add new claim', enter 'email' as the 'Name' and select 'user.mail' as the 'Source attribute'. Then click 'Save';
-
Next, click on 'Add new claim', enter 'firstname' as the 'Name' and select 'user.givenname' as the 'Source attribute'. Then click 'Save';
-
Next, click on 'Add new claim', enter 'lastname' as the 'Name' and select 'user.surname' as the 'Source attribute'. Then click 'Save'. The claim configuration will look as follows;
-
-
Then, send the 'Metadata URL' of the app to our service desk. You can find this by navigating to this app and going to 'Single sign-on', then scroll down and copy the value of the field 'App Federation Metadata Url' under the 'SAML Certificates' tab;
-
The setup of the Azure app is thereby completed on your side. Now we can proceed to finalize the configuration for you, and you will receive feedback when the Single Sign-On application is ready for use.