Skip to main content
Version: 8.4.X

Azure AD

ServiceOps offers support for SAML 2.0, which facilitates integration for Single Sign-On. ServiceOps acts as the Service Provider (SP) and it integrates with Identity Providers (IdP) using SAML 2.0. The integration basically involves supplying details about SP to IdP and vice-versa. ​Once you integrate ServiceOps with an IdP, the users simply have to sign-in to IdP and then, they can automatically sign-in to ServiceOps from the respective identity provider’s GUI without having to provide credentials again. ​ServiceOps supports integration with Azure.

To configure SSO with the Azure AD service, follow the below steps:

  1. Sign in to the Microsoft Azure portal.

Microsoft Azure Portal Home page

  1. In the Azure services section, click Azure Active Directory > Enterprise Applications, and click New Application.

Create New Application

  1. In the next screen, click Create your own application, enter the app name, select the option "Integrate any other application you don't find in the gallery", and click Create. The app will get created. Here, the app name is SSO App.

Create your own application

  1. Next, click Single sign-on from the left panel, and select the method as SAML.

Select SAML

  1. Edit the Basic SAML Configuration and configure the following details. These are available from ServiceOps.
    1. Identifier Entity ID
    2. Reply URL
    3. Sign-on URL
    4. Relay State
    5. Logout URL

Edit SAML Configuration

ServiceOps SAML details

  1. Edit the Attributes & Claims and add a new claim for mapping the field with the ServiceOps field. Here, Company field is mapped.

Enter the Name, select Source as Attribute, and enter the Source attribute. Once done, click Save. Similarly, you can map other fields.

  1. In the SAML Certificates, download the Federation Metadata XML file, copy the details from it, and paste them in the ServiceOps.

Metadata XML file

  1. Next, click Self-service from the left panel,
    • Enable the option "Allow users to request access to this application?"
    • Assign the group whose users you want to add in the app by clicking Select group link, selecting the desired group, and clicking Select.
    • Once added, click Save.

Self-service

  1. Now, sign-in to the ServiceOps portal as a Technician.

  2. Navigate to Settings > Admin > Users > SSO Configuration > Identity Providers and click Add Identity Provider. The following popup appears.

SSO Configurations

  1. Provide the following details. In this, the IDP details of the Azure AD portal are to be configured in the ServiceOps while the SP details in the Azure AD. The IDP details are available in the metadata file downloaded from Azure in the point no.6.
Parameter                     Description
NameEnter the name of the identity provider.
PrimaryEnable if you want to set this provider as the primary SSO.
Auto Create UserEnable if the user is to be created automatically, if not available in the system. By default, disabled.
IDP Entity IDEnter the Entity ID of the IDP from the Azure portal. It is a mandatory field.
IDP Login URLEnter the login URL of the IDP on which the user will get redirected. It is a mandatory field. You can get this from the Azure portal.
IDP Logout URLEnter the logout URL of the IDP on which the user will be redirected once signing-out from the ServiceOps portal. If not provided, the user will remain on the same page. This field is optional.
IDP Security CertificateEnter the certificate that IDP provides for integration. The response sent by the IDP is validated using it.

Azure AD - IDP Details

SP Entity IDIt displays the entity ID of the Service Provider. You have to configure this in the Azure portal.
Assertion Consumer URLIt displays the endpoint of the ServiceOps application where the IDP posts the SAML responses. You have to configure this in the Azure portal.
SP Single Logout URLIt displays the URL to which the user gets redirected after sign-out. You have to configure this in the Azure portal.
SP Public KeyIt is provided by the Service Provider.
SP Private KeyIt is provided by the Service Provider.
MappingsMap additional fields required for more details. Using this, whenever the values of the mapped fields are changed in the respective provider, they will automatically get updated in ServiceOps.

Note: Field Mapping is unsupported for Multi-Select Drop Down, Checkbox, Date Field, and Dependent (Custom Type) field types.

  1. Click Add, and the provider will be displayed on the list page. The SSO is now configured.

  2. You can verify this, by opening the ServiceOps Portal, and signing-in using the SSO Login button as shown below.

ServiceOps Portal

  1. You will be redirected to the Microsoft Azure sign-in page, as shown below.

Microsoft Azure Sign-in Page

  1. Sign-in to Microsoft Azure, and you will be redirected to the ServiceOps Portal. For Signing out, go to username, and click Sign-Out. You will be redirected again to the Microsoft Azure page.

Signing-Out from the ServiceOps Portal