Step 1: Create a SAML application within your Identity Provider.

Microsoft Azure SAML Setup

• Login to your Azure Portal at https://portal.azure.com/
   
• Browse to Microsoft Entra ID
  
• Browse to Azure Active Directory
• Click Enterprise Applications → New Application → Create your own application
• Give it a name to match the MasterLibrary product and select “Integrate any other application you don't find in the gallery (Non-gallery)”
• Click “Single sign-on” and then select “SAML”
• Basic SAML Configuration
  • Identifier (Entity ID)
    • Enter a unique name that corresponds to the MasterLibrary product
  • Reply URL (Assertion Consumer Service URL)
    • https://XXXXX.mlworkorders.com/MLSAMLConnect.aspx
      • Replace “XXXXX” with your custom MasterLibrary subdomain
• Attributes & Claims
  • You will map 3 new additional attributes via “Add Claim” here, and they need to match exactly as entered here  
    • FirstName
      • user.givenname
    • LastName
      • user.surname
    • Email
      • user.mail
    • ExternalID
      • user.employeeid
  • Add a group claim
    • This is where you will select the Groups you want to pass through to automatically assign Role(s) to the Users within MasterLibrary.  This is a nice way to give Users some default roles and capabilities, especially if you segment within Groups in Azure already.
    • You can select “All Groups” or select specific ones if you’d prefer
    • The source attribute is “Group ID”
    • Under Advanced Options select “Customize the name of the group claim” with a Name of “Group”
    • 
      
    • Note: if your group limit exceeds 150, please use the option "Groups assigned to the application"
• SAML Certificates
  • Click edit to pop the sidebar and then click the dots next to the Active certificate and select "Base64 certificate download”
    • This will download a file you will need to open for Step 2 below within MasterLibrary
• Click “Assign users and groups” to grant access to this application to a subset of your Users

Step 2: Configure your Identity Provider within Work Orders.

1. Select Settings > Single Sign On > SAML Configuration. The SAML Integration Admin page appears.  

2. Next to Azure, click . A pop-up appears.

   Note: You may see two rows for Okta, one with a checkbox in the For Mobile column and one without a checkbox in that column.  To set up the web app, select in the row without the For Mobile checkbox selected. To set up the mobile app, select in the row with the For Mobile checkbox selected.

3. Do the following:
   1. Under Entity ID, enter your Azure Identifier (Entity ID).
   2. Under Issuer, enter the Microsoft Entra Identifier.
   3. Under Login Link, if desired, enter the User Access URL from the Azure Properties.

   4. Under Certificate, enter the IdP signing certificate from the Entra SAML configuration.

      Notes: You downloaded this from Azure. Enter it here. On the certificate, remove ---Begin Certificate--- and ---End Certificate---.

4. Click Save.

Step 3: Set default Roles for Users who login via SAML.

Once you log in to your MasterLibrary product you will navigate to Admin → Single Sign On → SAML Group Settings.  From there, you will configure the SAML Groups you indicated in Step 1 and what default set of Roles you want to give to Users within that Group.

*Passing "Group" is required*

Note: You can create as many SAML Groups as you’d like, and each time a User logs in they will get whatever Roles you indicate on all of the Groups they are a part of.  You can also manage additional Roles within MasterLibrary as usual, but you can not remove these default ones so make sure they apply to all users within the group.

For Azure: Group Name field will be the Object ID for each group established in Step 1