Support
Contact support
  1. Home
  2. Mapiq Admin
  3. Authentication

Configuring SSO

Written by Daan Edelkoort
Last updated on 01 February 2023
On average the realization of your Mapiq environment takes 10 working days from the moment of submitting your information on the Authentication onboarding portal
Please go to this page when configuring SSO with Azure AD

Mapiq offers Single Sign On using the SAML2.0 and OpenID Connect protocol.

SAML2.0

Step 1. Create the test and production applications in your IdP with the following information

URLs test environment

Metadatahttps://mapiqssovalidation.b2clogin.com/mapiqssovalidation.onmicrosoft.com/B2C_1A_SsoTest/samlp/metadata?idptp=samlmetadata
Entity Idhttps://mapiqssovalidation.b2clogin.com/mapiqssovalidation.onmicrosoft.com/B2C_1A_TrustFrameworkBase_SsoTest
ACShttps://mapiqssovalidation.b2clogin.com/mapiqssovalidation.onmicrosoft.com/B2C_1A_TrustFrameworkBase_SsoTest/samlp/sso/assertionconsumer
Sign-on urlhttps://ssovalidation.mapiq.com

URLs production environment

Metadatahttps://mapiqprod.b2clogin.com/mapiqprod.onmicrosoft.com/B2C_1A_signup_signin/samlp/metadata?idptp=Federated-Generic-SAML
Entity Idhttps://mapiqprod.b2clogin.com/mapiqprod.onmicrosoft.com/B2C_1A_TrustFrameworkBase
ACShttps://mapiqprod.b2clogin.com/mapiqprod.onmicrosoft.com/B2C_1A_TrustFrameworkBase/samlp/sso/assertionconsumer
Sign-on urlhttps://app.mapiq.com

Signing

Ensure that the SAML response and SAML assertion are signed using SHA-256 

Required claims

Configure the following required claims

- Do not use a namespace


- All claims should be configured


- User is identified based on NameId in the SAML subject 
givennameThe user's first name (e.g. 'Jane')
surnameThe user's last name (e.g. 'Doe')
displaynameThe user's full name (e.g. 'Jane Doe')
emailaddressThe user's email address

Optional claims

Configure the following optional claims to enable features like automatic profile assignment 

- Do not use a namespace


- At least one claim should be configured
businessunitThe business unit the user is part of (e.g. 'company logistics')
countryThe country in which the user is based (e.g. 'NL', or 'The Netherlands')
departmentThe department the user is part of (e.g. 'finance', or 'IT support')
officeThe office where the user works (e.g. 'Amsterdam', or 'London')
jobtitleThe user's job title (e.g. 'senior manager', or 'trainee')

Step 2. Go to https://authentication.mapiq.com, complete all required fields and submit the form using the "Security Code" provided by your Mapiq contact.

Step 3. Your Mapiq contact will inform you when the configuration of the Test environment is completed on https://ssovalidation.mapiq.com. Please validate the configuration with the instructions provided during the Test process. 

Step 4. After validating the Test configuration your Mapiq contact will inform you as soon as the Production configuration is completed. You will now be able to use Mapiq via https://app.mapiq.com!

OpenID Connect

Step 1. Create the test and production applications in your IdP with the following information: 

Return URL test environment

https://mapiqssovalidation.b2clogin.com/mapiqssovalidation.onmicrosoft.com/oauth2/authresp

Return URL production environment

https://mapiqprod.b2clogin.com/mapiqprod.onmicrosoft.com/oauth2/authresp

Scopes
Please include the following scopes: 

  • openid
  • email
  • profile

Required claims

Configure the following required claims

- All claims should be configured
subA claim value unique to the user (e.g.email address, employee id, or the object id from the AD)openid
given_nameThe user's first name (e.g. 'Jane')profile
family_nameThe user's last name (e.g. 'Doe')profile
nameThe user's full name (e.g. 'Jane Doe')profile
emailThe user's email addressemail

Optional claims

Configure the following optional claims to enable features like automatic profile assignment 

- At least one claim should be configured
business_unitThe business unit the user is part of (e.g. 'company logistics')openid, email, or profile *
countryThe country in which the user is based (e.g. 'NL', or 'The Netherlands')openid, email, or profile *
departmentThe department the user is part of (e.g. 'finance', or 'IT support')openid, email, or profile *
officeThe office where the user works (e.g. 'Amsterdam', or 'London')openid, email, or profile *
job_titleThe user's job title (e.g. 'senior manager', or 'trainee')openid, email, or profile *
* Optional claims should be added to either the openid, email, or profile scopes, and should not be nested.

For help on configuring these scopes and claim, please refer to the documentation of your Identity Provider and, if required, reach out to their support
  • Okta: https://developer.okta.com/docs/guides/customize-tokens-returned-from-okta/add-custom-claim/
  • Auth0: https://auth0.com/docs/configure/apis/scopes/sample-use-cases-scopes-and-claims#add-custom-claims-to-a-token

Step 2. Go to https://authentication.mapiq.com, complete all required fields and submit the form using the "Security Code" provided by your Mapiq contact.

Step 3. Your Mapiq contact will inform you when the configuration of the Test environment is completed on https://ssovalidation.mapiq.com. Please validate the configuration with the instructions provided during the Test process. 

Step 4. After validating the Test configuration your Mapiq contact will inform you as soon as the Production configuration is completed. You will now be able to use Mapiq via https://app.mapiq.com!

Go to top of page

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.