Microsoft Entra ID Integration Guide

Customers on the Enterprise plan can integrate Testfully with Microsoft Entra ID to enable Single Sign-On (SSO) for their organization. This guide will walk you through the steps to set up the integration.

Prerequisites

Before you begin, you need to have the following:

  • A Testfully account on the Enterprise plan
  • An Azure account with access to Microsoft Entra ID
  • A Microsoft Entra ID tenant
  • An Azure account with the necessary permissions to create or install applications in Microsoft Entra ID

Microsoft Entra ID Settings

The following settings are required to complete the integration. Microsoft Entra ID provides far more options than what is required for the integration. This guide focuses on the settings that are necessary for the integration with Testfully. For more information on Microsoft Entra ID settings, please refer to the official Azure documentation. For other settings, please adjust based on the requirements of your organization.

Step 1: Create an Enterprise Application in Microsoft Entra ID

An Enterprise Application in Microsoft Entra ID enables SaaS products such as Testfully to securely integrate with your Microsoft Entra ID tenant using OAuth 2.0 and Open ID Connect industry standards. This section takes you through the process of creating a dedicated Enterprise application in Microsoft Entra ID.

To start the integration, you need to create an Enterprise application in Microsoft Entra ID. Follow the steps below to create the application:

  1. Sign in to the Azure Portal, and navigate to the Microsoft Entra ID service. The easiest way to open Microsoft Entra ID is to search for "Microsoft Entra ID" in the search bar at the top of the Azure Portal, and click on the Microsoft Entra ID service from the search results.

  2. Click on the Enterprise applications tab in the left sidebar.

  3. Click on the New application button, then click on Create your own application to create a new application.

  4. Provide a name for the application (e.g., Testfully). At this stage, you may see a message from Microsoft Entra ID saying "We found the following applications that may match your entry", but you can ignore this message and proceed with creating a new application.

  5. Select Register an application to integrate with Microsoft Entra ID (App you're developing) as the application type. Please note that you will need this option to enable SSO for your enterprise application.

  6. Click on the Create button to create the application.

  7. From the Supported account types section, select the appropriate option based on your organization's requirements. This won't impact the SSO integration with Testfully. If you're unsure which option to select, we recommend selecting the "Accounts in this organizational directory only" option, which is the most common option for SSO integrations with Microsoft Entra ID.

  8. From the Redirect URI section, select Single-page Application (SPA) as the application type, and provide https://app.testfully.io/sso/azure/callback as the Redirect URI. Please note that this is the default redirect URI for Testfully's SSO integration with Microsoft Entra ID.

  9. Click on the Register button to create the application.

Congratulations! You have successfully created an Enterprise application in Microsoft Entra ID, and configured the necessary settings for SSO integration with Testfully. You can now proceed to the next step to collect the application details required for the integration.

Step 2: Collect Application Details

For Testfully to complete the SSO integration with Microsoft Entra ID, you need to provide Testfully with two non-sensitive IDs from the application you created in Microsoft Entra ID. This section guides you through the process of collecting these IDs.

There are two IDs you need to collect from the application you created in Microsoft Entra ID and pass them to Testfully for the integration:

  1. In the Azure Portal, open the Microsoft Entra ID service, and navigate to the Enterprise applications tab from the left sidebar.

  2. Click on the application you created in the previous step to open the application overview page.

  3. On the application overview page, click on the Single sign-on tab from the left sidebar. It's located under the Manage section in the left sidebar.

  4. From the Configure application properties section, click on the Go to application button to configure the application properties.

  5. Form the Essentials section, copy the Application (client) ID and Directory (tenant) ID values.

  6. Provide these values to Testfully via support@testfully.io. Our team will use these values to complete the integration on our end.

Step 3: SCIM Provisioning (Optional)

SCIM Provisioning makes user management easy at scale. As soon as an employee leaves your company, their access to Testfully can be automatically revoked, ensuring that only active employees have access to your organization's resources.

To automate user provisioning and deprovisioning in Testfully, you can enable SCIM provisioning for your organization using an Enterprise Application in Microsoft Entra ID. SCIM (System for Cross-domain Identity Management) is a standard protocol for automating the exchange of user identity information between identity providers and service providers.

Follow the below steps to enable SCIM provisioning for Testfully using Microsoft Entra ID:

  1. Sign in to the Azure Portal, and navigate to the Microsoft Entra ID service. The easiest way to open Microsoft Entra ID is to search for "Microsoft Entra ID" in the search bar at the top of the Azure Portal, and click on the Microsoft Entra ID service from the search results.

  2. Click on the Enterprise applications tab in the left sidebar.

  3. Click on the New application button, then click on Create your own application to create a new application.

  4. Provide a name for the application (e.g., Testfully SCIM). At this stage, you may see a message from Microsoft Entra ID saying "We found the following applications that may match your entry", but you can ignore this message and proceed with creating a new application.

  5. Select Integrate any other application you don't find in the gallery (Non-gallery) as the application type. Please note that you will need this option to enable SCIM provisioning for Testfully.

  6. Click on the Create button to create the application.

  7. From the left sidebar, click on the Provisioning tab.

  8. Click on the New configuration button to configure the provisioning settings.

  9. In the Tenant URL field, provide the dedicated SCIM endpoint provided by Testfully.

  10. In the Secret Token field, provide the secret token provided by Testfully.

  11. Click on the Test connection button to verify the connection. Once the connection is successful, click on the Create button to save the configuration.

  12. From the Manage section of the left sidebar, Click on Provisioning link.

  13. Open the Mappings section and click on the Provision Microsoft Entra ID Groups link. In the Enabled field, select No to disable group provisioning, as Testfully does not support group provisioning at the moment. Then, click on the Save button to save the changes.

  14. Go back to the previous screen and click on the Provision Microsoft Entra ID Users link. Please ensure that the Enabled field is set to Yes to enable user provisioning. Then, delete all the attribute mappings except for the following attributes under with the following values for the customappsso Attribute column: userName, displayName, emails[type eq "work"].value, name.givenName, externalId and name.familyName.

    The Attribute Mappings table should look like the following after the changes:

    customappsso AttributeMicrosoft Entra ID AttributeMatching precedence
    userNameuserPrincipalName1
    activeSwitch([IsSoftDeleted], , "False", "True", "True", "False")
    displayNamedisplayName
    emails[type eq "work"].valuemail
    name.givenNamegivenName
    name.familyNamesurname
    externalIdmailNickname

    Click on the Edit button to edit the attribute mappings, and make sure that the form values for each column match below for the attributes mentioned above. These values are default values provided by Microsoft Entra ID, so in most cases, you won't need to change anything.

    Mapping TypeExpressionSource AttributeTarget AttributeMatch objects using this attributeMatching precedenceApply this mapping
    DirectN/AuserPrincipalNameuserNameYes1Always
    DirectN/AdisplayNamedisplayNameNoN/AAlways
    DirectN/Amailemails[type eq "work"].valueNoN/AAlways
    DirectN/AgivenNamename.givenNameNoN/AAlways
    DirectN/Asurnamename.familyNameNoN/AAlways
    ExpressionSwitch([IsSoftDeleted], , "False", "True", "True", "False")N/AactiveNoN/AAlways
    DirectN/AmailNicknameexternalIdNoN/AAlways

  15. From the Target Object Actions section, select Create, Update and Delete. Then, click on the Save button to save the changes.

  16. Go back to the previous screen, make sure that the Provisioning Status is set to On, and click on the Save button to enable SCIM provisioning for Testfully.

  17. To assign users to the application, click on the Users and groups tab from the left sidebar, then click on the Add user/group button to add users or groups to the application. Please note that only assigned users will be provisioned to Testfully.

  18. Test out the provisioning by using the Provision on demand feature to provision a user to Testfully, and verify that the user is successfully provisioned in Testfully. To do this, click on the Provision on demand button from the left sidebar, search and select a user from the "Selected user" field, then click on the Provision button to provision the user to Testfully.

Next
Getting started