Azure Active Directory (Azure AD), part of Microsoft Entra, is an enterprise identity service that provides single sign-on, multifactor authentication, and conditional access to guard against 99.9 percent of cybersecurity attacks.

 

Configure Azure AD SSO for Profit.co

Here’s how to integrate Profit.co with Azure Active Directory so that your users can automatically sign in to Profit.co using their Azure AD accounts.

Step 1

Login to Azure portal and access the Azure Active Directory

Azure Portal

Step 2

Click on Enterprise Applications from the manage navigation

Azure-enterprise-application

Step 3

Search for Profit.co and select the application.
Azure Application Visibility
Note: If you don’t find it there, kindly click on “New Application” and search to add it to your account.

After selecting the application click on Create

Got Feedback

Step 4

Select Single Sign-on in the left menu and select ’SAML’

SAML SSO

Click on the Edit button and click on Save

SAML based Sign on
SAML Configuration

Step 5

After saving, scroll down a bit and download the Federation Metadata XML in the SAML certificates.
SAML Certificates

Step 6

Now select Users and groups in the left menu, and click “Add user” to assign the app to the users.
Azure
Select
Add

Navigate to Settings from the left navigation panel.

Click on Integrations, On the Connectors page, Select the SAML SSO tab and click on the Azure AD Authorize button.

all_my_okrs
integration

Click on Authorize Azure AD and paste Issuer ID and X509 certificate, then click “click Register button.

Register Azure Ad

Step 7

Once the app is assigned, the users can find the Profit.co under My Apps. Clicking on the app would take them to their Profit.co account.

SAML My Apps

Reference

https://docs.microsoft.com/bs-cyrl-ba/azure/active-directory/manage-apps/add-gallery-app

 

Configure Azure AD SSO and User Provisioning using custom app creation

Step 1

Navigate to the Azure Portal Home Page and click on Enterprise Applications.

welcome_azure

Step 2

Click on the New Application button.

enterprise

Step 3

To start creating your own application, click the button. Name the application (for example, Profit.co OKR Software), choose Integrate any other application (Non-gallery), and then click the “Create” button.

cloud_platform
integrate_application

Step 4

Following the creation of the application, the Application Detail page will be displayed as shown below, and under Single sign-on and Provisioning options on the left menu, we must enter the Profit.co SSO and SCIM Configuration Details.

properties

Step 5

Navigate to Single sign-on -> SAML and enter the following details. Click on the Edit button of the Basic SAML Configuration Section.

Click on Add identifier and provide

US Region –

azure_us azure_us

(or)

EU Region –

azure_eu azure_eu

Click on Add reply URL and provide

US Region –

azure_us azure_us

(or)

EU Region –

azure_eu azure_eu

disabled

saml_based_sign_on
basic_saml_config

Step 6

Navigate to the Users and groups option in the left menu and click on Add user/group to add the required users and groups to the app.

Note : Nested Groups are not supported.

user_groups

Step 7

Got to https://myapplications.microsoft.com/. The assigned app (Profit.co OKR Software) will be listed here. Clicking on the App will redirect to the user’s Profit.co Account.

profit_app

Step 8

Navigate to the Provisioning option in the left menu and click on the Get started button.

provisioning

Step 9

Choose Automatic under Provisioning Mode and enter the following information.

Tenant URL

Either

rest-vm rest-vm

(or)

eu2-rest rest-vm

based on the region of your Profit.co Application.

Secret Token

To generate the secret token in Profit.co, go to Settings → Security → API Access and get the values of API Key and SCIM Key.

Form the Secret Token in the following format and provide it in the Secret Token field.

[API_KEY]:[SCIM_KEY]

To verify the SCIM connection, click the Test Connection button. When the validation is successful, click the Save button in the top left corner.

provisioning-mode

Step 10

Navigate to the Provisioning option again and click on the Start Provisioning button.

provisioning

Step 11

Profit.co will create a user each time a user is assigned to this application. A user’s access to profit.co will be suspended if they are uninstalled from the App.

Profit.co will update every 45 minutes with the latest information.

The supported attributes are as follows,

  • First name
  • Last name
  • Email address
  • Active status
  • JobTitle
  • Department
  • Managers

Note:

1. If a department already exists in Profit.co in either an enabled or disabled state, it will be merged. No duplicate departments will be created. The user sync to the department won’t take place if the department is disabled.

2. The department will be created as a new department if it does not already exist in Profit.co.

How do I disable the department and job title mapping fields?

In Azure AD SSO Click on Edit attribute mappings under Manage User Provisioning and select the Provision Azure AD users

provisining
test_connection

Remove the job title and department attribute from the attribute mapping, and then click Save.

attribute_mapping