Setup of Azure AD is relatively straightforward. The overall process is as follows:
- Create your company account at Clear To Go! (CTG). The user that does this will be the administrator on the account and can perform the actions needed here.
- Ensure CTG staff has configured your account to enable SAML. Open a ticket at email@example.com if this has not been discussed and completed.
- Follow the setup instructions in this document
- Your users should now be able to enter CTG from your portal.
1. Azure Setup
Create a new "Non Gallery" Enterprise App.
2. Azure App Configuration
Once the app is created, click on "Single sign-on" to start configuring it.
3. Basic SAML Configuration
From within CTG, Copy values from the section "SAML SP Information" and paste them into the Basic SAML Configuration in Azure:
- Reply URL
- Sign on URL
- Logout URL
Paste into Azure:
In order to have complete profiles in CTG, claims need to be configured in Azure. The following describe what is needed. Note, for the role claim, it's recommended to setup a Group Claim based on your security groups and under Advanced options, check "Customize the name of the group claim" and then check "Emit groups as role claims".
This will setup the claim to match the name and namespace described in the following table.
4. Clear To Go! Setup
From Azure, copy the following info from section 3, "SAML Signing Certificate" and paste them into the "SAML IdP Information" section in CTG:
- From Azure, copy the following info from section 4, "Set up [APP NAME]" and paste them into the "SAML IdP Information" section in CTG:
- Login URL
- Logout URL
- And from the Azure AD Identifier field, copy the the Tenant ID out of the URL and paste that into Tenant ID.
Paste into Clear To Go!:
5. Clear To Go! Role Mapping
In order to assign users to the proper security level, Security Groups are mapped to Roles in CTG. This is done by setting the Azure Object ID on the Role in CTG. Do this by opening the drop down under your name in the upper right corner. Choose Roles.
Find the Role you wish to map and click Edit. Paste the Object ID into the "Mapped To" field:
It is recommended you test with at least one user from each role type to ensure the role they are assigned in CTG is what is expected.