This guide provides step-by-step instructions for integrating ApartmentIQ with Microsoft Entra ID (formerly Azure Active Directory) using SAML Single Sign-On (SSO). By following this configuration, you can enable your users to securely access ApartmentIQ using their existing corporate credentials, improving both security and the end-user experience.
This document will walk you through the following key phases:
- Initial Application Creation & Set Up: How to create a new non-gallery application named "ApartmentIQ" within your Entra ID tenant.
- SAML Configuration: Setting the necessary identifiers and reply URLs to establish the connection.
- Attributes & Claims Customization: Mapping user data like email, first name, and last name to ensure proper user identification within ApartmentIQ.
- Final Hand-off & Testing in ApartmentIQ: Locating the App Federation Metadata URL to share with your Customer Success Manager and testing the final implementation.
Initial Application Creation: Create a Non-Gallery Application
Open the Applications section in the side panel and click on Enterprise applications.
Click on the “New application” button.
Click on “Create your own Application.”
In the Create your own application form, enter ApartmentIQ into the name of your app field, choose the Non-gallery option and click the “Create” button
Application Set Up
Assign Users and Groups
You can assign users and groups to the application now. This document assumes that you know how to do this already.
Set Up Single Sign On
Click on the “Get started” link in the “Set Up Single Sign On” section
Choose the SAML option on the next page
SAML Configuration
Click the edit button in the “Basic SAML Configuration” section of the SAML single sign up steps page
Enter the following Identifier (Entity ID) and ReplyURL (Assertion Consumer Service URL) values
Identifier: https://identity.apartmentiq.io
Reply URL: https://identity.apartmentiq.io/users/auth/saml/callback
After these are entered you can save the configuration
Attributes & Claims Customization
Click edit in the “Attributes & Claims” section
Optionally delete the name Claim. If you don’t delete it, it won’t break anything, but this field is not used.
Update the emailaddress, givenname, and surname Claims. For the emailaddress claim, change the name to email and delete the namespace value and save the claim.
For the givenname claim, change the name to first_name and delete the namespace value and save the claim. For the surname claim, change the name to last_name and delete the namespace value and save the claim. When you’re done the Attributes and Claims should look like this:
Final Hand-off and Testing in ApartmentIQ
Share the metadata URL with your ApartmentIQ Customer Success Manager (CSM).
In the SAML Certificates section of the SAML single sign up steps page copy the App Federation Metadata URL and send it and a list of initial Admin Users to your CSM. You can also provide a list of all users, along with permissions. Admins-need a template? Feel free to make a copy of this template and email it to your CSM.
After your CSM has confirmed that this setting has been configured in ApartmentIQ and your user has access to the ApartmentIQ, you can test the SAML configuration button with the Test button.
Testing For Normal Usage
Navigate to app.apartmentiq.io using your favorite browser and enter your UPN email address
Here’s an example of what your final settings should look like upon completion
Should you have any questions, please contact your Customer Success Manager or our Support Team for assistance.