PipekitPricingBlogPipekit StatusRelease Notes

Entra

After logging in to your Pipekit account, you can enable SSO for your Organization. This will allow members of your Organization to authenticate with Microsoft Entra and will prevent them from using alternative authentication methods.

Warning: Enabling Microsoft Entra SSO will prevent users in your Organization from being able to log in using alternative methods (for example username/password or a social login).

Setting up Microsoft Entra with Pipekit

  • Firstly setup an "Enterprise Application in Entra"

    • Navigate to "Enterprise apps"

    • Click "New application"

    • Click "Create your own application".

    • Name it whatever you'd like, although something recognizable is recommended and select "Integrate any other application you don't find in the gallery (Non-gallery)".

    • Click "Create"

  • Secondly setup SAML auth in your application

    • Navigate to your application

    • Select "Single sign-on"

    • Click on "SAML"

    • We now move on to Pipekit to continue the process, but keep this tab open.

  • Navigate to your Org and click on "Identity Providers".

    • Select "Add Microsoft Entra Provider"

    • Enter the domain you use to authenticate with and click "Add Provider".

    • Navigate back to Entra in order to paste these two URLS under the "Basic SAML Configuration" box.

    • While in the Entra tab, copy the URL from under "SAML Certificates", labelled "App Federation Metadata URL".

    • After navigating to Pipekit, click next and paste in this URL and hit submit.

  • Finally, we can navigate back to Microsoft Entra to setup the Attributes & Claims.

    • In "Single sign-on", after SAML has been configured you should see an "Attributes & Claims" block, click the edit button on this block.

    • Required claim

      Claim name
      Type
      Value

      Unique User Identifier (Name ID)

      SAML

      user.mail [nameid-format: EmailAddress]

    • Additional claims

      Claim name
      Type
      Value

      email

      SAML

      user.mail

      firstName

      SAML

      user.givenname

      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

      SAML

      user.mail

      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

      SAML

      user.givenname

      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

      SAML

      user.userprincipalname

      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

      SAML

      user.surname

      lastName

      SAML

      user.surname

Microsoft Entra Group Sync (SCIM)

Warning: All groups are given Admin permission in Pipekit by default. This is to ensure that you still have the required permissions to manage your organization. If you want to change the permission level, you can do so after the group has been created in Pipekit.

Warning: SCIM support for Entra is minimal, it supports the basic reference spec but doesn't support any extensions. Please contact us through your Slack support channel or email [email protected] if you require any additional functionality.

  • Navigate to the Groups tab under your Organization in Pipekit.

  • Click "Configure SCIM".

  • Copy the "SCIM Endpoint URL" for later.

  • Click "Generate SCIM token"

  • Navigate to your Enterprise App in Microsoft Entra

    • Click "Provisioning"

    • Under "Create Configuration", click "Connect your application"

    • Paste in the URL you copied earlier.

    • Navigate back to Pipekit to copy in the token.

    • Click "Test Connection"

    • When the tests pass, you should be able to click "Create"

Last updated