This guide provides step-by-step instructions for integrating ApartmentIQ with Microsoft Entra ID (formerly Azure Active Directory) using SAML Single Sign-On (SSO). By following this configuration, you can enable your users to securely access ApartmentIQ using their existing corporate credentials, improving both security and the end-user experience.
This document will walk you through the following key phases:
- Initial Application Creation & Set Up: How to create a new non-gallery application named "ApartmentIQ" within your Entra ID tenant.
- SAML Configuration: Setting the necessary identifiers and reply URLs to establish the connection.
- Attributes & Claims Customization: Mapping user data like email, first name, and last name to ensure proper user identification within ApartmentIQ.
-
Final Hand-off & Testing in ApartmentIQ: Locating the App Federation Metadata URL to share with your Customer Success Manager and testing the final implementation.
Please Note
You will need to provide your CSM with your Metadata URL upon completion.
Initial Application Creation: Create a Non-Gallery Application
Open the applications section in the side panel and click on “Enterprise Applications”
Click on the “New Application” button
Click on “Create Your Own Application.”
In the Create your own application form, enter ApartmentIQ into the name of your app field, choose the Non-gallery option and click the “Create” button
Application Set Up
Assign Users and Groups
You can assign users to the application now. This document assumes that you know how to do this already.
Set Up Single Sign On
Once users have been added, click “Set Up Single Sign On” in the Getting Started section.
Choose the "SAML" option on the next page
SAML Configuration
Click the edit button in the “Basic SAML Configuration”, section 1 of the SAML single sign up page.
Enter the following Identifier (Entity ID) and ReplyURL (Assertion Consumer Service URL) values
- Identifier: https://identity.apartmentiq.io
- Reply URL: https://identity.apartmentiq.io/users/auth/saml/callback
Add these and save.
Attributes & Claims Customization
Click edit in the “Attributes & Claims”, section 2 in the single sign on set up page.
You will need to update the default claims within the “Additional Claims” section in your system.
- Change emailaddress to email and delete the namespace value. Save the claim.
- Change givenname to first_name and delete the namespace value. Save the claim.
- Change surname to last_name and delete the namespace value. Save the claim.
- Delete the user.userprincipalname
When you’re done the Attributes and Claims should look like this:
Final Hand-off and Testing In ApartmentIQ
Click edit in the “SAML Certificates” section, step 3 in the single sign on set up page.
Final Step
Copy the App Federation Metadata URL and send it to your CSM.
You can also provide an initial list of all users, along with permissions to your CSM. Admins-need a template? Feel free to make a copy of this template and email it to your CSM. (optional step)
After your CSM has confirmed that this setting has been configured in ApartmentIQ and your user has access to the ApartmentIQ, you can test the SAML configuration button with the Test button.
Testing For Normal Usage
Navigate to app.apartmentiq.io using your favorite browser and enter your UPN email address
Here’s an example of what your final settings should look like
Should you have any questions, please contact your Customer Success Manager or our Support Team for assistance.
Next Step: SCIM
If you intend to configure SCIM provisioning, your CSM will need to provide you with a token. We would be happy to arrange a call to discuss this further.