Follow these instructions to configure your Azure AD account to connect to WhosOff for single sign on purposes.
1. FROM WITHIN YOUR AZURE ACCOUNT
- A Microsoft Entra user account. If you don't already have one, you can create an account for free
- One of the following roles: Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal
- Completion of the steps in Quickstart: Create and assign a user account
- You will need to have an existing account on WhosOff
- You will need to be a registered super user on your WhosOff account
- Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator
- Navigate to Identity > Applications > Enterprise applications > All applications
- Click '+ New Application'
- Enter the name of the existing application in the search box (Azure AD SAML Toolkit), and then select the application from the search results - you can rename this later if you wish, e.g. WhosOff SAML
- In the Manage section of the left menu, select Single sign-on to open the Single sign-on pane for editing
- Select SAML to open the SSO configuration page. After the application is configured, users can sign in to it by using their credentials from the Microsoft Entra tenant
The process of configuring an application to use Microsoft Entra ID for SAML-based SSO varies depending on the application. For any of the enterprise applications in the gallery, use the configuration guide link to find information about the steps needed to configure the application. The steps for the Azure AD SAML Toolkit 1 are listed in this article.
- In the 'Set up Azure AD SAML Toolkit 1' section, record the values of the Login URL, Microsoft Entra Identifier, and Logout URL properties to be used later.
2. CONFIGURE SINGLE SIGN-ON IN THE TENANT
To configure SSO in Azure AD, you will add sign-in and reply URL values, and download a certificate to begin the configuration of SSO in WhosOff.
- In the Entra admin center, select Edit in the Basic SAML Configuration section on the 'Set up single sign-on' pane
- For Identifier (Entity ID), enter WhosOff as the default (tick the default check box) and a secondary of https://app.whosoff.com
- For Reply URL (Assertion Consumer Service URL), enter https://app.whosoff.com/int/sso/azure/
- For Sign on URL, enter https://app.whosoff.com/int/<IntegrationGUID>/sso/azure/
- Select Save
- In the SAML Certificates section, select Download for Federation Metadata XML to download the SAML signing certificate and save it to be used later
NOTE: <IntegrationGUID> is unique to each company so must be replaced with your unique value. This can be found through WhosOff in the steps below.
3. CONFIGURE SINGLE SIGN-ON IN THE APPLICATION
- Login to your WhosOff account
- Click Administration on the Left Hand Menu
- Click Admin dashboard
- On the right of the resulting page, click Company settings
- Click on the Single Sign On tab (left hand side)
- From the SSO provider drop down, select Azure and click on Activate SSO
- Once activated, copy the Integration GUID and save it on your computer (this can be used to configure the tenant, following the steps above).
4. COMPLETE YOUR CONFIGURATION
- You will be prompted to supply your Meta Data file in WhosOff
- Click on the Choose file button to locate the file you downloaded earlier
- Once located, click on the Upload button
- If successful, you should receive a confirmation that looks like the following.
You can test the single sign-on configuration from the 'Set up single sign-on' pane. To test SSO:
- In the 'Test single sign-on with Azure AD SAML Toolkit 1' section, on the Set up single sign-on with SAML pane, select Test
- Sign in to the application using the Microsoft Entra credentials of the user account that you assigned to the application.
Note: If you would like to force users to Authenticate through Azure, make sure "Force SAML" is selected as "Yes" then click on Save Changes. This will only apply to users who log in on the web platform, the mobile app will not be affected.
Web / Online
3rd Party Integrations
sso, saml, azure ad, single sign on
How to setup Okta SSO
Companies using the Okta service can integrate their WhosOff, for Single Sign On purposes.
Creating a calendar feed
To view leave from WhosOff in an external calendar platform, a super user can set up calendar feeds.
Multi Factor / Two Factor Authentication
To enhance security on your WhosOff account, you can choose to enable two-factor authentication, this will require you to enter an extra code when logging in to the system.