Step 1: Preparation in Azure/Entra
1. Log into Azure/Entra using an admin account.
2. Create a new Enterprise Application:
Go to Applications > Enterprise Applications > New Application.
Choose Create your own application and name it, e.g., “vPlan SSO”.
Select Integrate any other application you don’t find in the gallery and configure Single Sign-On settings.
3. Configure SAML SSO:
After the app is created, navigate to Single Sign-On settings and select SAML.
Retain the necessary details for vPlan configuration.
Step 2: Set Up SAML Connection in vPlan
1. Log into vPlan with an admin account.
Go to Configuration > Security > Single Sign-On (SSO).
Start a new connection by clicking the + icon or edit an existing one.
2. Configure the SAML Connection:
Name: Choose a name for this connection.
Sign-In URL: Enter the Azure Login URL.
Sign-Out URL: Enter the Azure Logout URL.
X.509 Certificate: Use the Azure-provided certificate in Base64 format.
Note
Currently, vPlan requires a temporary certificate to save the initial SAML connection. In azure it is only posible to generate a certificate after vPlan Indentifier is filled. Use the temporary certificate provided below if needed.
Temporary Certificate
-----BEGIN CERTIFICATE-----
MIIC8DCCAdigAwIBAgIQMAoZhpBnnJNPKedtd6+ILzANBgkqhkiG9w0BAQsFADA0
MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZp
Y2F0ZTAeFw0yNDEwMDcxNTAyMzhaFw0yNzEwMDcxNTAyMzhaMDQxMjAwBgNVBAMT
KU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZoh3XMDTlVgb0mvYXk/uihaDwRo
2/podHbFQijLiSSPxF/ryC+4+z31J3kcn34D/0IX+UAF+8Pu/sXy4mx2/HDVPf3c
NF8iK6XYlgl1gyhOljsiMe/RxwCfBx3vAXz0AAjAEeXTLfOBMYCSfK/cO7PJ1ees
mkh2n1708XLiGm/3Z0XtE2Uti5P2kpX3jDwxO2MyxlYvbQJ+1jgG4neqVhWlVGOu
E70ielJBhYHjdJHeibbiaRnuYmiNzwBIS4PAe+Hvq32aOIluAtsubkGCGpDnc10b
/ulAKq3W4DB/JTzZqI0IkpVeYYhrY2zkj5VCkakpj56DilQZv2KmcieSpQIDAQAB
MA0GCSqGSIb3DQEBCwUAA4IBAQCENUmOPCvuJ9dQKj7ARZ5GilmaQ2oWZmUp1R3h
tzAMVuxkZdjFKj7RPt1XAU+MyaVBBYo5FbmlpRL/l0dEUiTBnri+tY341j5yH+Tu
8ZxwPIqZ53b8Ok9+Vt4FJ10Hr3Usw9lZFU0j4OA3nKUJJYxPAXWTE6juwruUi2of
E7/dsKxL3rJUTjxeUyI/ZV18jED0yUUb1bpe1/kH+bOajdnVV3VTlDrmaMwCveSU
AYMmAuFd98kn9wGVwmHeKZJGUC1hpHp6TPY0vRgCQdNsB5mohSr8AUGBT+8HCkqK
I6xlrl3291jJS0ytP70oMJZJ9bWwSVmeqZ22pBBwOO+0Fgx0
-----END CERTIFICATE-----
After saving, re-open the connection to view additional fields needed for Azure configuration.
Step 3: Complete SAML Configuration in Azure AD
1. Basic SAML Configuration:
Go to Basic SAML Configuration and input the following values:
Identifier (Entity ID): As specified in vPlan.
Reply URL (Assertion Consumer Service URL): As specified in vPlan.
Save the settings.
2. SAML Signing Certificate:
Download the Certificate (Base64) under SAML Signing Certificate. vPlan requires this to complete the SAML configuration.
3. Configure User Attributes and Claims:
Edit User Attributes and Claims and set up the following:
email: user.userprincipalname
name: user.displayname
role: user.assignedroles
Adjust these claims if needed. Ensure mappings in vPlan reflect any changes.
4. Define Application Roles:
Go to the Application Roles tab.
Define roles like admin, manager, organiser, member, and guest.
Step 4: Manage User Access
1. Assign Users:
Go back to the vPlan app in Azure AD.
Select Users and Groups and assign users or groups who need access via SSO.
Step 5: Update SSO Connection in vPlan
1. Update the SSO Connection:
Replace the temporary certificate with the newly downloaded Azure certificate.
Adjust the claim mappings if any changes were made in Azure.
2. Optional: Configure validated domains for login from vPlan. Only addresses with these domains will be automatically redirected; others will require login initiation from the IDP.
Step 6: Activate SSO in vPlan
Enable SSO by toggling the slider in vPlan. Only one SSO connection can be active.
Step 7: Test the SSO Connection from Azure
Test the connection to verify the SSO setup.
