Setup of SAML and SCIM for Azure

About

Users of Azure can integrate with Insightly via SAML & SCIM and once setup has occurred in both Insightly and Azure, users can be provisioned. The process defined in this article will guide Insightly System Admins through the process up SAML & SCIM setup for Azure; this process works in tandem with the setup of SAML and SCIM within Insightly as detailed in the Setting Up SAML and SCIM Integrations article. 

Step 1: Add a New Enterprise Application in Azure

1. Navigate to the Azure Portal: 
   https://portal.azure.com/#view/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/~/AppAppsPreview/menuId~/null
2. Select New Application.
   

3. In the search bar, type Insightly SAML.

4. Choose Insightly SAML from the results and click Create.
   

Step 2: Configure SAML Single Sign-On (SSO)

1. In the Enterprise Application menu, navigate to Single sign-on.

2. Choose SAML as the single sign-on method.
   

Basic SAML Configuration:

1. Click Edit next to Basic SAML Configuration.

2. Copy the following SAML login URL from Insightly CRM Application:

   https://crm.na1.insightly.com/settings/Saml or Within Insightly, go to System Settings > Security > SAML and SCIM, copy the Sign-in page URL field. 

3. Paste this URL into both fields:

   • Identifier (Entity ID)

   • Reply URL (Assertion Consumer Service URL)

SAML Certificate Configuration:

1. Download the SAML Certificate from Azure in either Base64 or Federation Metadata XML format. Base64 is recommended.

2. Go to the SAML settings page in Insightly: 

   https://crm.na1.insightly.com/settings/Saml

3. Upload the certificate or the metadata. Only one is needed.

4. Click Save button to apply the changes.(For configuration of SAML within Insightly, the Setting Up SAML & SCIM Integrations article can be reviewed.)

Step 3. Configure SCIM

Enable SCIM Provisioning in Insightly:

1. On the SAML configuration page in Insightly, check the box for Enable SCIM Provisioning and press Save. 
2. This will generate an auth token and reveal the SCIM endpoint.

Enable SCIM Provisioning in Azure:

1. In Azure, navigate to the Provisioning section for the app.
2. Click Get Started.
3. From the From the Provisioning Mode dropdown, select Automatic.

4. Paste the Tenant URL and Secret Token from Insightly into the corresponding fields.
   

5. Press Test Connection.
   

6. If successful, a notification will appear in the top-right corner.

7. Click Save to complete the setup.

8. On the Provisioning screen, click Start Provisioning. 

Step 4: Assign Users and Manage Provisioning

1. SAML and SCIM are now set up.
2. You can assign users to the app by navigating to the Users and Groups section in Azure.
3. User Provisioning occurs on a scheduled basis, so new users may not immediately appear in Insightly. You can manually trigger provisioning via the Provision on demand option if necessary.