Configuring InsideView Sales SSO and SAML Settings for Dynamics CRM with Azure AD

Follow

This article provides instructions to integrate InsideView with Azure Active Directory (Azure AD).

Integrating InsideView with Azure AD provides you with the following benefits:

  • You can control in Azure AD who has access to InsideView.
  • You can enable your users to automatically get signed-on to InsideView (Single Sign-On) with their Azure AD accounts.
  • You can manage your accounts in one central location - the Azure portal.

Prerequisites

To configure Azure AD integration with InsideView, you need the following items:

  • An Azure AD subscription
  • A InsideView single sign-on enabled subscription

Note: To test the steps in this article, you should follow these recommendations:

  • Do not use your production environment, unless it is necessary.
  • If you don't have an Azure AD trial environment, you can get a one-month trial.

Configuring and Testing Azure AD Single Sign-On

To configure and test Azure AD single sign-on with InsideView, you need to complete the following steps:

  1. Adding InsideView from the gallery
  2. Configuring SAML Settings in Azure AD for InsideView Sales
  3. Configuring STS Settings for InsideView Sales Single Sign-On
  4. Assign the Insideview application to the users in Azure AD

Adding InsideView from the Gallery

To configure the integration of InsideView in to Azure AD, you need to add InsideView from the gallery to your list of managed SaaS apps. To add InsideView from the gallery, follow these steps:

Step Description Details
1 Go to Azure Active Directory In the Azure portal, on the left navigation panel, click Azure Active Directory icon.

tutorial_general_01.png

2 Manage All Applications Navigate to Enterprise applications. Then go to All applications.

tutorial_general_02.png

3 Add new application To add new application, click New application button on the top of dialog.

tutorial_general_03.png

4 Search for InsideView In the search box, enter InsideView.

tutorial_insideview_search.png

5 Select and add the InsideView application  In the results panel, select InsideView, and then click Add to add the application.

tutorial_insideview_addfromgallery.png

Configuring SAML Settings in Azure AD for InsideView Sales

In this section, you enable Azure AD single sign-on in the Azure portal and configure single sign-on in your InsideView application.

To configure Azure AD single sign-on with InsideView, perform the following steps:

Step Description Details
1 Go to Single sign-on in Azure In the Azure portal, on the InsideView application integration page, click Single sign-on.

tutorial_general_04.png

2 Select Single sign-on mode On the Single sign-on dialog, select Mode as SAML-based Sign-on to enable single sign-on.

tutorial_insideview_samlbase.png

3 Set the SAML URLs On the InsideView Domain and URLs section, perform the following steps:

tutorial_insideview_url.png

In the Reply URL text box, type a URL using the following pattern:

https://my.insideview.com/iv/<STS Name>/login.iv

The STS Name is a unique identifier for the SSO settings that you have configured in Insideview Sales. For example, if STS Name is Org_UniqueName, postback URL will be:

https://my.insideview.com/iv/Org_UniqueName/login.iv.

In the Set additional URLs section, enter the Identifier (Entity ID) as https://my.insideview.com.

Click Save.

tutorial_general_400.png

4 Set user attributes and claims Select User Attributes & Claims and set the following attributes:
  • Enter emailaddress as user.userprincipalname
  • Enter givenname as user.givenname

  • Enter name as user.userprincipalname

  • Enter nameidentifier as user.userprincipalname

  • Enter surname as user.surname

image.png

Click Save.

5 Save the SAML Signing Certificate On the SAML Signing Certificate section, click Certificate (Raw) and then save the certificate file on your computer.

tutorial_insideview_certificate.png

Configuring STS Settings for InsideView Sales Single Sign-On

Note: Make sure that InsideView Sales username is same as Azure AD username to configure these settings.

Step Description Details
1 Open InsideView Admin Page Log into InsideView Sales with Account administrator user credentials.
2 Add SAML details Go to the Account Admin page and click SingleSignOn Settings. The following page opens:

admin_sso_smal.png

Note: Use the above two check-boxes to restrict users of your account from using their credentials to login or change their passwords. As an account admin, you can use this feature to ensure your users login via SSO . This feature provides foolproof security when the employee leaves a company. An account admin, however, can login with the credentials even when the check box is selected.

3 Enter the Attribute Statements To add STS details, click Add SAML button in the above screen. Ensure the STS details are entered in a single line with no spaces.

Enter the following details for SAML setting that you just create in Azure:

  • CRM Organization to Other
  • STS Name to a unique STS Name. Make sure the postback URL is same as the  STS Name that you have defined in Azure.
  • SAMLp/WS-Fed Unsolicited Endpoint to Azure insideview app redirect login URL of the format: https://myapps.microsoft.com/signin/name/appid, wherein Name is application name in Azure AD (InsideView), and App ID can be gathered from the App Federation Metadata URL in the Single Sign-On settings from Azure. For example:

    https://myapps.microsoft.com/signin/InsideView/a999e260-24c2-47d3-8702-b43be0f8bc33

  • In STS Certificate copy the content of the .cert file downloaded in Azure AD, SAML Signing Certificate from Azure AD, Certificate (Base64).
  • Enter CRM Email Mapping as http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
  • Enter CRM First Name Mappinghttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
  • Enter CRM Last Name Mapping as http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

image__1_.png

4 Finish the configuration Click Save to finish the configuration.

Note: STS Name, SAML/WS-Fed Unsolicited Endpoint, STS Certificate, User ID, Email Mapping are mandatory fields. The Org ID, however, is an optional one. InsideView recommends email mapping and user ID be the same for ease-of-use. Also, note that the user ID coming from STS must belong to the same account where self-serve is configured. Just in case if a user is new, the system configures the user to the same account where SAML Self-serve is configured. You also need to ensure you provide an enterprise-wide unique name for the STS Name. Use the same STS name for your post-back URL.

Assign the Insideview application to the users in Azure AD

To assign users to InsideView application, perform the following steps:

Step Description Details
1 Go to applications in the Azure portal In the Azure portal, open the applications view, and then navigate to the directory view and go to Enterprise applications then click All applications.

tutorial_general_201.png

2 Open the InsideView application In the applications list, select InsideView.

tutorial_insideview_app.png

3 Go to Users and Groups In the menu on the left, click Users and groups.

tutorial_general_202.png

4 Assign the application to a user group Click Add. Then select Users and groups in the Add Assignment dialog.

tutorial_general_203.png

On Users and groups dialog, select the the appropriate user in the Users list.

Click Select button in Users and groups dialog.

Click Assign button in Add Assignment dialog.

Was this article helpful?
0 out of 0 found this helpful
Powered by Zendesk