Setting up single sign-on properly takes a bit of work but the added security is worth the trouble! Below we’ll outline the steps to enable single sign-on with Microsoft Entra ID (formally known as Azure Active Directory) for Mopinion.
Getting the data from Mopinion
To set up Mopinion in your Azure Active Directory first you’ll need to get the Uuid of your organisation. Find it in the Mopinion app by navigating to your “Organisation” page through the top right menu.
Then copy the identifier at the “Uuid” field.
Setting up your Azure application for Mopinion
Next up we’ll create the application that will be linked to Mopinion.
Then we’ll create the application, select Enterprise Applications → New Application → Create your own application. Fill in a name (“Mopinion” for example) and select integrate any other application you don't find in the gallery (Non-gallery).
Now click “Create”. This will take a while, after the setup is complete you’ll be redirected to the application overview.
Now we’ll configure the application to be able to interact with Mopinion.
In the menu on the left, select “Single sign-on”, choose SAML as the single sign-on method, click “Edit”on the “Basic SAML Configuration”.
Now add the following:
The identifier (Entity ID), this must be the following format: https://<YOUR-CUSTOM-DOMAIN>.mopinion.com/<ORGANISATION-UUID>
The reply URL (Assertion Consumer Service URL), this must be the following format: https://<YOUR-CUSTOM-DOMAIN>.mopinion.com/simplesaml/module.php/saml/sp/saml2-acs.php/azure-sp-<ORGANISATION-UUID>
And save the changes!
If you would like to add the department of your users to Mopinion automatically when adding new users in Azure you may edit Attributes & Claims and a new claim following with the following details: Name: department Namespace: http://schemas.xmlsoap.org/ws/2005/05/identity/claims Source attribute: user.department
Linking your Azure application to your Mopinion account
You can easily check if single sign-on is enabled for you organisation in Mopinion by navigating to the “User management” section. An indicator will show next to the page title if single sign-on is enabled.