Azure AD (Active Directory)
Spendesk is not listed as a gallery application in Azure AD. Follow the instructions below to set up Azure AD with Spendesk.
- Open the Azure portal and sign in as an Azure admin or co-admin.
2. Navigate to Azure Active Directory > Enterprise Applications.
3. Click on "adding a non-gallery application" / "create your own application"
When creating an Enterprise Application, Azure automatically assigns an owner role to the person creating the application for their organisation. This role can be transferred within their organisation. Owner role is needed to be able to manage the application within Azure.
4. Give it a name like "Spendesk" and click on "Create"
5. Afterwards you'll be able to set it up by navigating to "Single sign-on" and selecting "SAML".
6. From that screen, you can download the config file we need under "SAML Signing Certificate" > "Federation Metadata XML".
7. As you can see on top of the same screen, Azure will need you to specify an "Identifier" and a "Reply URL". When you click on the pen icon to edit this part, you can upload the Spendesk config file provided by your account manager at Spendesk. This should fill out the fields automatically.
8. In addition, you will need to set the "Unique User Identifier" from the section "User Attributes and Claims" to "user.mail".
Validate and you're all set!