PrevailHQ Knowledge Base

Azure

Updated March 10, 2024

Azure

The setup of Azure AD is relatively straightforward. The overall process is as follows:

  1. Create your company account at PrevailHQ. The user that does this will be the administrator of the account and can perform the actions needed here.
  2. Ensure PrevailHQ staff has configured your account to enable SAML. Open a ticket at support@prevailhq.com if this has not been discussed and completed.
  3. Follow the setup instructions in this document
  4. Your users should now be able to enter PrevailHQ from your portal.

---

1. Azure Setup

  

Create a new "Non Gallery" Enterprise App.

2. Azure App Configuration

Once the app is created, click on "Single sign-on" to start configuring it.

3. Basic SAML Configuration

From within PrevailHQ, Copy values from the section "SAML SP Information" and paste them into the Basic SAML Configuration in Azure:

  • Identifier
  • Reply URL
  • Sign on URL
  • Logout URL

Paste into Azure:

****

Claims

To have complete profiles in PrevailHQ, claims need to be configured in Azure. The following describes what is needed. Note, for the role claim, it's recommended to set up a Group Claim based on your security groups, and under Advanced options, check "Customize the name of the group claim" and then check "Emit groups as role claims".

This will setup the claim to match the name and namespace described in the following table.

4. PrevailHQ  Setup

From Azure, copy the following info from section 3, "SAML Signing Certificate" and paste it into the "SAML IdP Information" section in PrevailHQ:

  • Thumbprint
  • From Azure, copy the following info from section 4, "Set up [APP NAME]" and paste it into the "SAML IdP Information" section in PrevailHQ:
  • Login URL
  • Logout URL
  • From the Azure AD Identifier field, copy the Tenant ID out of the URL and paste that into the Tenant ID.

Paste into PrevailHQ:

5. PrevailHQ Role Mapping

To assign users to the proper security level, Security Groups are mapped to Roles in PrevailHQ. This is done by setting the Azure Object ID on the Role in PrevailHQ. Do this by opening the drop-down under your name in the upper right corner. Choose Roles.

Find the Role you wish to map and click Edit. Paste the Object ID into the "Mapped To" field:

It is recommended you test with at least one user from each role type to ensure the role they are assigned in PrevailHQ is what is expected.