Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update euromonitor-passport-tutorial.md #1234

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update euromonitor-passport-tutorial.md #1234

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
48 changes: 27 additions & 21 deletions docs/identity/saas-apps/euromonitor-passport-tutorial.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,13 +28,13 @@ In this tutorial, you'll learn how to integrate Euromonitor International with M
To get started, you need the following items:

* A Microsoft Entra subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
* Euromonitor International single sign-on (SSO) enabled subscription.
* Euromonitor International subscription.

## Scenario description

In this tutorial, you configure and test Microsoft Entra SSO in a test environment.

* Euromonitor International supports **SP and IDP** initiated SSO.
* Euromonitor International supports **SP** initiated SSO.

## Add Euromonitor International from the gallery

Expand All @@ -59,7 +59,6 @@ To configure and test Microsoft Entra SSO with Euromonitor International, perfor
1. **[Create a Microsoft Entra test user](#create-an-azure-ad-test-user)** - to test Microsoft Entra single sign-on with B.Simon.
1. **[Assign the Microsoft Entra test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Microsoft Entra single sign-on.
1. **[Configure Euromonitor International SSO](#configure-euromonitor-international-sso)** - to configure the single sign-on settings on application side.
1. **[Create Euromonitor International test user](#create-euromonitor-international-test-user)** - to have a counterpart of B.Simon in Euromonitor International that is linked to the Microsoft Entra representation of user.
1. **[Test SSO](#test-sso)** - to verify whether the configuration works.

<a name='configure-azure-ad-sso'></a>
Expand All @@ -70,26 +69,35 @@ Follow these steps to enable Microsoft Entra SSO.

1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](~/identity/role-based-access-control/permissions-reference.md#cloud-application-administrator).
1. Browse to **Identity** > **Applications** > **Enterprise applications** > **Euromonitor International** > **Single sign-on**.
1. On the **Select a single sign-on method** page, select **SAML**.
1. In the **SAML Signing Certificate** section, click copy button to copy **App Federation Metadata Url** and save it on your computer.

![Screenshot shows the Certificate download link.](common/copy-metadataurl.png "Certificate")

1. You need to send the **App Federation Metadata Url** to the [Euromonitor International support team](mailto:passport.support@euromonitor.com). They set this setting to have the SAML SSO connection set properly on both sides. Wait for a reply.
1. After receiving configuration values from Euromonitor's reply, proceed below.

1. On the **Select a single sign-on method** page, select **SAML**.
1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.

![Edit Basic SAML Configuration](common/edit-urls.png)

1. On the **Basic SAML Configuration** section, perform the following steps:

a. In the **Identifier (Entity ID)** text box, type a URL using the following pattern:
a. In the **Identifier (Entity ID)** text box, paste the URL provided by Euromonitor support using the following pattern:

`https://auth.euromonitor.com/<CustomerID>`

b. In the **Reply URL** text box, type the URL:
b. In the **Reply URL** text box, paste the URL:

`https://auth.euromonitor.com/saml20/sp/acs`

1. If you wish to configure the application in **SP** initiated mode, then perform the following step:

In the **Sign on URL** textbox, type a URL using the following pattern:
c. In the **Sign on URL** text box, paste the URL provided by Euromonitor support using the following pattern:

`https://login.euromonitor.com/Account/ExternalLogin?provider=<PROVIDER>&returnUrl=<PROVIDER>-signin-oidc&login_hint=<CustomerID>`

> [!NOTE]
> These values are not real. Update these values with the actual Identifier and Sign-on URL. Contact [Euromonitor International support team](mailto:passport.support@euromonitor.com) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Microsoft Entra admin center.
> These values are not real. Update these values with the actual Identifier and Sign-on URL. [Euromonitor International support team](mailto:passport.support@euromonitor.com) provides these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Microsoft Entra admin center.

1. Euromonitor International application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes.

Expand All @@ -106,9 +114,13 @@ Follow these steps to enable Microsoft Entra SSO.
| jobtitle | user.jobtitle |
| companyname | user.companyname |

1. On the **Set up single sign-on with SAML** page, In the **SAML Signing Certificate** section, click copy button to copy **App Federation Metadata Url** and save it on your computer.
1. Unless otherwise requested, Euromonitor strongly recommends the below configuration option:

![Screenshot shows the Certificate download link.](common/copy-metadataurl.png "Certificate")
* Browse to **Properties**. Set **Assignment Required?** to 'No'.

![Properties page.](common/properties.png "Image")

![Assignment required option.](common/user-assignment-not-required.png "Image")

<a name='create-an-azure-ad-test-user'></a>

Expand Down Expand Up @@ -142,28 +154,22 @@ In this section, you'll enable B.Simon to use single sign-on by granting access

## Configure Euromonitor International SSO

To configure single sign-on on **Euromonitor International** side, you need to send the **App Federation Metadata Url** to [Euromonitor International support team](mailto:passport.support@euromonitor.com). They set this setting to have the SAML SSO connection set properly on both sides.
The [Euromonitor International support team](mailto:passport.support@euromonitor.com) configures and administers all application-side settings.

### Create Euromonitor International test user

In this section, you create a user called B.Simon in Euromonitor International. Work with [Euromonitor International support team](mailto:passport.support@euromonitor.com) to add the users in the Euromonitor International platform. Users must be created and activated before you use single sign-on.
In this section, you create a user called B.Simon in Euromonitor International. The SSO will allow you to self-register the test user on the application side without Euromonitor support action.

## Test SSO

In this section, you test your Microsoft Entra single sign-on configuration with following options.

#### SP initiated:

* Click on **Test this application**, this will redirect to Euromonitor International Sign on URL where you can initiate the login flow.

* Go to Euromonitor International Sign-on URL directly and initiate the login flow from there.

#### IDP initiated:

* Click on **Test this application**, and you should be automatically signed in to the Euromonitor International for which you set up the SSO.

You can also use Microsoft My Apps to test the application in any mode. When you click the Euromonitor International tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Euromonitor International for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510).
You can also use Microsoft My Apps to test the application in any mode. When you click the Euromonitor International tile in the My Apps, you should be automatically signed in to the Euromonitor International for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510).

## Next steps

Once you configure Euromonitor International you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Defender for Cloud Apps](/cloud-app-security/proxy-deployment-any-app).
Once you configure Euromonitor International you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Defender for Cloud Apps](/cloud-app-security/proxy-deployment-any-app).