Single Sign On (SSO) via SAML2
Becard enables integration with Microsoft Entra Single Sign-On via SAML2 to allow a passwordless login process.
Last updated
Becard enables integration with Microsoft Entra Single Sign-On via SAML2 to allow a passwordless login process.
Last updated
Before we proceed, it is important to ensure that the "Getting Started" preparations are completed.
In the Microsoft Enterprise Application creation process, we create an application under "Single sign-on" by selecting "SAML".
In the "Basic SAML Configuration" section, under the first point, fill in the fields with the URL endpoints found in Becard on the right side under "SSO/SAML2 via Microsoft AD".
The second section in Microsoft Entra should be left with the default values and must include these parameters:
Before proceeding with the third step in Microsoft Entra, we fill in the URL endpoints from Microsoft in section four in the left section in Becard.
In the final step of the setup, we need to download the BASE64 certificate from Microsoft and upload it to Becard in the left section under "SAML2-Certificate".
After saving, the XML metadata file can be additionally downloaded and uploaded to Microsoft under "Upload metadata file." To correctly map the users, it is also necessary to reference the domains contained in the users' email addresses.
For this step, a domain administrator is required.
Under "Associated Domains," list all the domains that should be included in this Active Directory for email addresses. Becard uses the domain in the email address to direct to the respective User Directory, thus enabling user authentication.
To verify the domain, it is necessary to create a TXT record in the respective domain with the value declared under "Add to DNS Records | TXT Value" After the entry, this process can take up to 48 hours. You can use the refresh button to perform a preliminary check.
For the initial setup, before the application is registered in your own Microsoft account, go to https://becard.me/login, then proceed with "Sign In" and "Log in with Azure," using your company email address to start the registration process in Microsoft.
After the first login, Becard can be accessed with a single click through your Microsoft account.
