New release coming soon. Check out the latest release notes to preview upcoming features:
Release Notes
Marketplace Platform
Sign InJoin
  • Home
  • Marketplace Platform
    • Platform Overview
    • Getting Started
      • Key Concepts
      • Platform Interface
        • Manage Notification Preferences
        • View Object Spotlight
        • Customize the Data Grid
        • View Information Cards
        • Switch Accounts
        • Manage Your Profile
        • Mark Favorite Pages
      • Marketplace for Clients
        • How to Buy Products in the Marketplace
        • How to Filter Your Orders
        • How to Manage Your Subscriptions
        • How to Change License Quantity
        • How to Add Items to Your Agreement
        • How to Manage Your Account Settings
        • How to Split Billing Across Buyers
        • How to Invite Users to Your Account
      • Marketplace for Partners
        • What is Partners Management?
        • How to Configure Licensees For Resale
        • How to Order Products for Resale
  • MODULES & FEATURES
    • Inventory
      • Invoices
      • License Agreements
      • Software Downloads
      • Orders
      • Quotes
        • Create and Manage Quotes
      • Software Assets
        • Enable or Disable Software Assets
        • View Software Assets
        • Export Software Assets
        • Import Software Assets
    • Marketplace
      • Agreements
        • Agreement States
        • Terminate Agreement
        • Rename Agreement
        • Update Additional Client ID
        • View and Download Attachments
      • Billing
        • Understand Your Billing Documents
        • Statements
          • Download Statements
        • Split Billing
          • Configure Buyers for Split Billing
          • Set Up Split Billing Allocation
          • Edit Split Billing
          • Split Billing for Change Orders
          • Review Split Billing Configuration
          • Specify PO Numbers for Split Billing
      • Certificates
        • Certificate States
        • Add Certificate
        • Request Certificate
        • Rename Certificate
      • Enrollments
        • Enrollment States
        • Manage Querying Enrollments
        • Renew Your Enrollment
      • Orders
        • Order States
        • Save Orders for Later
        • Delete Orders
        • Submit Your Saved Orders
        • Manage Order Notes
        • Change Your Order's Status to Processing
        • Send Order Reminder Email
      • Products
      • Programs
      • Requests
        • Request States
        • Create New Requests
        • Add Messages to Your Request
        • Add or Remove Attachments
        • Change Your Request's Status to Processing
      • Subscriptions
        • Subscription States
        • Buy Subscriptions
        • Edit Subscription Name
        • Edit Subscription Client ID
        • Terminate Subscriptions
        • Manage Automatic Renewals
    • Other Tools
      • Collaboration Site
      • Dashboards
      • Reports
        • Consumption Alerts
        • Cloud Journey Report
        • Customized Spend Reports
        • Microsoft Services Provider License Agreement (SPLA) Report
        • Office365 Spend Report
        • Spend Reports - Consumption Overview
        • ServiceNow Asset Report
        • USU License Agreement Report
        • Reservation Monitoring - Cloud Reserved Instances
    • Procurement
      • Buy Products and Services
      • Procurement Workbench
        • View and Manage Software Transactions
      • Enterprise Agreements
        • Enterprise Agreement TrueUp
      • Purchase Approval Setup
        • Create Approval Groups
        • Create Approval Workflows
        • Delete Workflow Rules
      • Special Quotes
      • Service Provider Dashboard
    • Settings
      • Account
        • Update Account Details
      • API Tokens
        • Token States
        • Create API Token
        • Edit API Token
        • Copy API Token
        • Delete API Token
        • Enable or Disable API Token
      • Audit Trail
      • Buyers
        • Edit Buyers
        • Enable or Disable Buyers
      • Groups
        • Group States
        • Create New Group
        • Edit Group
        • Delete Group
        • Restrict Groups to Certain Buyers
      • Licensees
        • Licensee States
        • Create Licensee
        • Edit Licensee
        • Enable or Disable Licensee
      • Notifications
        • Notification States
        • Configure Recipients
        • Enable or Disable Categories
        • View Notification Messages
      • Sellers
      • Users
        • User States
        • Respond to Invitations
        • Add New Users
        • Edit Users
        • Remove Users
        • Manage User Invitations
  • EXTENSIONS
    • Adobe VIP Marketplace
      • Migrate from Adobe VIP
      • Downsize and Termination Policies
      • Common Error Messages
      • Tutorials
        • Order Adobe Subscriptions
        • Order New Adobe Items
        • Rename Adobe Subscription
        • Downsize Adobe Subscription
        • Upsize Adobe Subscription
        • Terminate Adobe Subscription
        • Terminate All Adobe Subscriptions
      • Webinars and Videos
      • FAQs
        • How do I activate my VIP Marketplace agreement?
        • What happens if I terminate my Adobe subscription?
      • Release Notes
      • Terms and Conditions
    • Cloud Tools
      • 365Simple
      • AzureSimple
      • Budgets
        • Create Reporting Period
        • Create Custom Group Budgets
        • Create Per-Provider Budgets
        • View Budgets
        • Request to Create or Update Budgets
        • Edit Budget Utilization Alerts
      • Chargebacks
        • About Chargebacks
      • Cloud Cost Optimization
      • Cloud Tenant Setup
        • Azure Onboarding
          • Activate an Azure EA or MPSA Account
          • Add an Azure MCA Account
          • Integrate Your Microsoft Tenant Manually
          • Complete Your Microsoft 365 or Microsoft Azure Activation
          • Assign Reader and Tag Contributor Roles (single subscription)
          • Assign Reader and Tag Contributor Roles (multiple subscriptions)
          • Migrate to Azure Cost Management APIs
          • Assign Azure Subscription Owner Rights
      • Custom Groups
        • Create Custom Groups
      • Pricelist Center
        • View and Add Prices
      • Recommendations
        • View Recommendations
        • Manage Recommendations
        • Azure Recommendations
        • AWS Recommendations
        • Office 365 Recommendations
      • Simple for AWS
      • Tags and Resources
      • Utilization
      • Release Notes
    • FinOps for Cloud
    • ITAM Tools
      • Renewal Manager
    • Microsoft CSP
      • Azure Lighthouse
        • Assign Subscription Owner Role
        • Complete Azure Lighthouse Onboarding
      • Granular Delegated Admin Privileges
        • Role Assignment and GDAP Configuration
        • Accept a GDAP Relationship Request
        • GDAP and Partner Relationship Request Considerations
      • Microsoft NCE
        • About Subscription Coterminosity
        • Coterming Subscriptions
        • Subscription End Date Errors
      • Microsoft GCC
      • Perpetual Software
        • About Perpetual Software Orders
        • Manage Perpetual Software Orders
      • Software Subscriptions
        • Manage Software Subscriptions
      • Renewal Management
      • Tutorials and Videos
        • Microsoft 365
          • Order Microsoft 365 Subscription For New Tenant
          • Order Microsoft 365 Subscription For Existing Tenant
          • Buy More Licenses for Microsoft 365 Subscription
          • Add New Products to Your CSP Agreement
          • Terminate All Subscriptions in Your Agreement
          • Terminate a Single Subscription
        • Microsoft Azure
          • Order Azure Subscription For New Tenant
          • Order Azure Subscription For Existing Tenant
          • Order Additional Microsoft Azure Subscriptions
        • Perpetual Software
          • Buy Perpetual Software Licenses
          • Order Additional Perpetual Software Licenses
      • FAQs
        • My order contains Azure reservations and savings plan items
        • What is offer attestation?
        • How do I establish a partner relationship with SoftwareOne?
        • How can I reduce my subscription quantities?
        • How do I troubleshoot Lighthouse activation errors?
        • What happens if I cancel my Microsoft subscription?
      • Release Notes
  • Developer Resources
    • REST API
      • Resource Query Language
      • Errors Handling
      • OpenAPI Specification
      • Accounts API
        • Account
          • List Accounts
          • Create Account
          • Enable Account
          • Disable Account
          • Activate Account
          • Get Account
          • Update Account
          • Validate Account
          • Get Account Icon
        • Buyer
          • List Buyers
          • Create Buyer
          • Enable Buyer
          • Disable Buyer
          • Get Buyer
          • Update Buyer
          • Delete Buyer
          • Validate Buyer
        • Seller
          • List Sellers
          • Get Seller
          • Create Seller
          • Update Seller
          • Activate Seller
          • Deactivate Seller
          • Disable Seller
          • Delete Seller
        • Licensee
          • List Licensees
          • Get Licensee
          • Create Licensee
          • Update Licensee
          • Delete Licensee
          • Enable Licensee
          • Disable Licensee
        • Module
          • List Modules
        • Users
          • List Users
          • Get User
          • Set User Password
          • Update User
          • Unblock User
          • Block User
        • User Groups
          • List User Groups
          • Get User Group
          • Create User Group
          • Update User Group
          • Delete User Group
        • Account User
          • List Account Users
          • Get Account User
          • Create Account User
          • Assign User to a Group
          • Update User to Group Assignment
          • Remove User
          • Accept User Invitation
          • Resend User Invitation
          • Send New Invitation
          • Delete Account User
        • API Tokens
          • List Tokens
          • Create Token
          • Get Token
          • Update Token
          • Delete Token
          • Enable Token
          • Disable Token
      • Billing API
        • Journal
          • List Journals
          • Create Journal
          • Get Journal
          • Delete Journal
          • Upload Journal Charges
          • Submit Journal
          • Regenerate Journal
          • Inquire Journal
          • Accept Journal
          • Get Sellers for a Journal
        • Journal Attachment
          • List Journal Attachements
          • Create Journal Attachment
          • Get Journal Attachment
          • Delete Journal Attachment
        • Ledger
          • List Ledgers
          • Update Ledger
          • Get Ledger
          • Recalculate Ledger
          • Accept Ledger
        • Statement
          • List Statements
          • Get Statement
          • Retry Failed Statement
          • Recalculate Statement
          • Cancel Statement
        • Invoice
          • List Invoices
          • Get Invoice
          • Update Invoice
        • Custom Ledger Object
          • List Custom Ledgers
          • Get Custom Ledger
          • Create Custom Ledger
          • Update Custom Ledger
          • Delete Custom Ledger
          • Upload Charges for Custom Ledger
          • Accept Custom Ledger
      • Audit API
        • Audit Record
          • List Audit Records
          • Create Audit Record
          • Get Audit Records
        • Audit Event Type
          • List Audit Event Types
      • Commerce API
        • Agreements
          • List Agreements
          • Get Agreement
          • Create Agreement
          • Update Agreement
          • Render Agreement Template
        • Agreements Attachments
          • List Agreement Attachments
          • Get Agreement Attachment
          • Create Agreement Attachment
          • Delete Agreement Attachment
        • Requests
          • List Requests
          • Create Request
          • Get Request
          • Update Request
          • Validate Request
          • Process Request
          • Query Request
          • Complete Request
        • Requests Messages
          • List Request Messages
          • Get Request Message
          • Create Request Message
        • Requests Attachments
          • List Request Attachments
          • Get Request Attachment
          • Create Request Attachment
          • Delete Request Attachment
        • Subscriptions
          • List Subscriptions
          • Get Subscription
        • Orders
          • List Orders
          • Get Order
          • Update Order
          • Create New Order
          • Validate Order
          • Process Order
          • Query Order
          • Complete Order
          • Fail Order
          • Delete Order
          • Render Order Template
        • Order Subscription
          • List Subscriptions
          • Get Order Subscription
          • Create Order Subscription
          • Update Order Subscription
          • Remove Order Subscription
      • Catalog API
        • Product
          • Product States
          • Create Product
          • Get Product
          • List Products
          • Update Product
          • Delete Product
          • Mark Product for Review
          • Publish Product
          • Unpublish Product
          • Update Product Settings
        • Parameter
          • Parameter States
          • Create Product Parameter
          • List Product Parameters
          • Update Product Parameter
          • Get Product Parameter
          • Delete Product Parameter
        • Parameter Group
          • Parameter Group States
          • Create Parameter Group
          • List Parameter Groups
          • Get Parameter Group
          • Update Parameter Group
          • Delete Parameter Group
        • Items
          • Item States
          • Create Item
          • List Items
          • Update Item
          • Get Item
          • Delete Item
          • Mark Item For Review
          • Publish Item
          • Unpublish Item
        • Documentation
          • Documentation States
          • Create Document
          • Get Document
          • List Documents
          • Update Document
          • Delete Document
          • Publish Document
          • Mark Document For Review
          • Unpublish Document
        • Media
          • Media States
          • Create Product Media
          • Get Product Media
          • List Product Media
          • Update Media
          • Publish Media
          • Unpublish Media
          • Mark Media For Review
          • Delete Media
        • Terms & Conditions
          • Terms & Conditions States
          • Create Terms
          • List Terms
          • Get Terms
          • Update Terms
          • Mark Terms For Review
          • Publish Terms
          • Unpublish Terms
        • Variants
          • Create Variant
          • List Variants
          • Delete Variant
          • Get Variant for Terms
          • Mark Variant for Review
          • Publish Variant
          • Unpublish Variant
        • Templates
          • Templates States
          • Create Template
          • List Templates
          • Update Template
          • Get Template
          • Delete Template
        • Pricelists
          • Pricelist States
          • Pricelist Item States
          • Create Pricelist
          • List Pricelists
          • Get Pricelist
          • Update Pricelist
          • List Pricelist Items
          • Get Pricelist Item
          • Update Pricelist Item
      • Spotlight Objects API
        • Spotlight Object
          • Spotlight TopItem
          • List Spotlighted Objects
          • Invalidate Cache
          • Invalidate All Cache
        • Spotlight Query
          • List Spotlight Queries
          • Get Spotlight Query
          • Update Spotlight Query
    • Open Source
      • GitHub Projects
      • Code of Conduct
      • Contributor License Agreement
  • Design System
  • Help and Support
    • Contact Support
    • Status Page
    • YouTube Channel
    • Release Notes
      • Release Notes v4
      • Release Notes v3
      • Release Notes v2
      • Release Notes v1
    • Planned Maintenance
    • Platform FAQs
      • I have questions about billing
      • How do you handle purchase order numbers in subscription-based models?
      • What happens to an agreement when subscriptions expire or are terminated?
      • How do I change the language in my account?
      • How do I update my password?
      • Which browsers do you support?
      • I'm unable to view the Reserved Instance data
      • How do I set up SSO?
      • How do I configure conditional access policies?
      • How do I resolve AWS recommendation errors?
      • How does the platform connect to my Azure tenant?
      • I have questions about access tokens and consent
      • Why isn't my Azure billing data up to date?
      • How does the platform access my Microsoft tenant under CSP?
      • How do I connect the Microsoft tenant for data collection?
      • My 365 Analytics report is empty
      • How to create service accounts for 365 Analytics reporting
      • What data do you collect for 365 Analytics?
      • What is 365 Analytics delegation and policy control?
    • Terms of Use
Powered by GitBook
LogoLogo

Company

  • About SoftwareOne
  • Careers
  • Media Releases

Policies

  • Codes of Conduct
  • Privacy Statement
  • Terms & Conditions

Resources

  • Status
  • Partner Program

© 2025 SoftwareOne. All rights reserved.

On this page
  • Setting up SSO with SAML
  • Setup process
  • Setup information required by the Client Portal
  • Technical specification
  • Setting up SSO with Azure AD
  • Setup Process
  • Technical specification
  • Setting up SSO with ADFS
  • Setup process
  • Setup information required by the Client Portal
  • Technical specification
  • Setting up SSO with PingFederate
  • Setup process
  • Setup information required by the Client Portal
  • Technical specification
  • Handling unknown or new users (Ad Hoc Provisioning)

Was this helpful?

Export as PDF
  1. Help and Support
  2. Platform FAQs

How do I set up SSO?

Our platform has an SSO Authentication framework that integrates with existing Identity provider tools (such as Azure AD and ADFS) and SAML-based tools (such as Okta and Ping).

Setting up SSO with SAML

Setup process

  1. The customer provides SoftwareOne with basic metadata about their IdP. If your SSO tool requires the Assertion Consumer Service URL and Entity ID, please contact SoftwareOne.

  2. SoftwareOne proceeds with a basic setup on the Client Portal IdP and provides the customer with {connection_name} that'll be used for further configuration.

  3. The customer proceeds and finalizes the setup from their side.

  4. All logins to the Client Portal for any of the specified IdP domains will be federated out to the customer's SAML-based IdP.

Setup information required by the Client Portal

  1. IdP Domains: List of email domains, for example @user.org, for which authentication should be federated out to the customer's IdP.

  2. Sign In URL: HTTP-POST or HTTP-Redirect binding.

  3. Sign Out URL

  4. X509 Signing Certificate: In the .pem or .cer format.

Technical specification

Capabilities

We support the items listed in the following table:

Item
Details

Supported Protocol Bindings

HTTP-POST & HTTP-Redirect

SAML Authentication Requests signed

Yes (by default)

Sign Request Algorithm

RSA-SHA256 (default) or RSA-SHA1

Sign Request Algorithm Digest

SHA256 (default) or SHA1

Signing Certificate Strength

2048 Bit RSA

IdP-Initiated SSO

Supported, but strongly discouraged

Settings

{connection_name} is a verbatim string that SoftwareOne will provide after receiving the initial configuration settings from you.

Setting
Value

Entity ID

urn:auth0:pyc:{connection_name}.

Example: If your connection_name is demo_company, the Entity ID on Production will be

urn:auth0:pyc:demo_company

Assertion Consumer Service URL

https://{idp_base_url}/login/callback?connection={connection_name}

Example: If your connection_name is demo_company, the Assertion Consumer Service URL on Production will be: https://login.pyracloud.com/login/callback?connection=demo_company

Metadata URL

https://login.pyracloud.com/samlp/metadata?connection={connection_name}

Single Logout URL

https://login.pyracloud.com/logout

Single Login URL

Attribute Mappings

The Client Portal requires the following attributes via the specified mappings:

Attribute
Mapping

user_id

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier

Fallback URL 1: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn

Fallback URL 2: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

name

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

email

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

given_name

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

Fallback URL: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

family_name

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

The attributes must satisfy at least one mapping for all properties above. If your IdP provides values for the required attributes in different claims/namespaces, please provide a list of claims to be used for all attributes above.

Please make sure to provide the attribute values as they are without any modifications. URLs are sometimes changed by security software, for example, Proofpoint’s Targeted Attack Protection adds urldefense.com at the beginning of links.


Setting up SSO with Azure AD

To set up SSO with the Client Portal via Azure AD, you must complete the following steps. After you've completed these steps, SoftwareOne will enable SSO with your Azure AD.

Setup Process

Step 1: Register the Client Portal with Azure AD

Follow these steps to register the Client Portal as an application inside your Azure subscription:

  1. Search for and select Azure Active Directory.

  2. Under Manage, select App registrations.

  3. Select New Registration.

  4. In Register an application, enter a meaningful application name to display to the users, for example, Client Portal.

  5. In Supported account types, select Accounts in any organizational directory (Any Microsoft Entra directory - Multitenant).

  6. Click Register.

Step 2: Create a client secret

SoftwareOne will use the client secret to interact with your Azure subscription on behalf of the created application.

Follow these steps to create a secret:

  1. From the Overview page of the app, select Certificates & secrets > Client secrets > New client secret.

  2. Add a description for your client secret.

  3. Set the expiration date for the secret.

  4. Select Add.

  5. Make a note of the client secret value. Note that the value will not be accessible again after you leave this page.

We recommend that you create a reminder to renew your client secret, at least two weeks before it expires. Once you've created a new secret, provide the value to SoftwareOne so that it can be updated in the system. If your client secret has expired or is no longer valid, you will be unable to sign in to the Client Portal using SSO.

Step 3: Add API permissions

Follow these steps to add permissions that allow read access to users and the user directory:

  1. From the app Overview page, select API permissions.

  2. Under Configured permissions, select Add a permission.

  3. Configure permissions for the Microsoft Graph API.

  4. Once you've selected the API, you'll see the Request API Permissions page.

  5. Enable the following permissions:

    • Users > User.Read

    • Directory > Directory.Read.All

  6. Select Add permissions to complete the process.

Enabling the Directory > Directory.Read.All permission is optional. If you want to benefit from future user auto-provisioning, then turn it on. However, for SSO to work, this permission is not required.

Step 4: Collect and forward the information to SoftwareOne

Provide the following information to SoftwareOne. Once received, SoftwareOne can complete the setup and the Client Portal will automatically start forwarding all users of the specified IdP domains to your Azure AD for federated authentication.

Inputs Required
Notes

Application Client ID

Application Client Secret

Microsoft Azure AD Domain

Your Azure AD domain name. You can find this on your Azure AD directory's overview page in the Microsoft Azure portal.

IdP Domains

A list of all email domains that must be authenticated through the federated Azure AD, for example, @customer.com. Usually 1 domain but can also be multiple.

Technical specification

Capabilities

We support the items listed in the following table:

Item
Detail

Identity API

Azure Active Directory (v1) (default) & Microsoft Identity Platform (v2).

Protocol used for federated Sign-In

OpenID Connect (default) or WS Federation.

Settings

Setting
Value

Application type

Multitenant / Web

Redirect URI

https://{idp_base_url}/login/callback*

The redirect URI on Production will be:

https://login.pyracloud.com/login/callback

Attribute Mappings

The Client Portal queries the following basic profile attributes from Azure AD:

  • upn

  • azure_id

  • given_name

  • family_name

  • nickname

  • tenantid

  • oid

  • email

  • name


Setting up SSO with ADFS

Setup process

  1. The customer configures their ADFS server according to technical requirements.

  2. The customer provides ADFS Metadata/IdP domains to SoftwareOne.

  3. SoftwareOne will complete the ADFS setup.

Setup information required by the Client Portal

Input
Notes

ADFS Metadata Source

Either the URL or the Federation Metadata file. The URL usually ends in /FederationMetadata/2007-06/FederationMetadata.xml.

IdP Domains

List of all email domains that should be authenticated through the federated ADFS server, for example, @customer.com.

Usually 1 domain, but can also be multiple.

Technical specification

Capabilities

We support the items listed in the following table:

Item
Detail

Federation Metadata Discovery (Automated Certificate Rollover)

Yes – if ADFS Metadata Source is provided as URL.

Settings

Setting
Value

Realm Identifier

urn:auth0:{environment_name}

For example, urn:auth0:pyc on Production.

Endpoint

https://{idp_base_url}/login/callback*

The endpoint URL on Production will be: https://login.pyracloud.com/login/callback

Attribute Mappings

By default, the Client Portal expects the following attributes from ADFS via the specified mappings:

LDAP Attribute
Outgoing Claim Type
Namespace

E-Mail-Addresses

E-Mail Address

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

Display-Name

Name

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

User-Principal-Name

Name ID

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier

Given-Name

Given Name

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

Surname

Surname

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname


Setting up SSO with PingFederate

Setup process

  1. The customer provides Signing Certificates/IdP domains to SoftwareOne.

  2. SoftwareOne will complete the SSO setup.

Setup information required by the Client Portal

  1. PingFederate Server URL.

  2. X509 Signing Certificate in the .pem or .cer format.

  3. IdP Domains: List of all email domains that should be authenticated through the federated ADFS server (for example, @customer.com). Usually just one, but can also be multiple.

Technical specification

Attribute Mappings

By default, the Client Portal requires the following attributes via the specified mappings:

Attribute
Mappings

user_id

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier

Fallback URL 1: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn

Fallback URL 2: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

name

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

email

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

given_name

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

Fallback URL:

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

family_name

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

The provided attributes must satisfy at least one mapping for all properties above. If your IdP provides values for the required attributes in different claims/namespaces, please provide a list of claims to be used for all attributes above.


Handling unknown or new users (Ad Hoc Provisioning)

If an email domain is federated out to the user's identity provider, it's possible that the Client Portal will receive sign-in attempts from users who are not set up as Client Portal users.

In such cases, if authenticated users from a federated connection are not Client Portal users, their login to Client Portal will fail with an error message stating that their account is not set up and they don't have access.

PreviousI'm unable to view the Reserved Instance dataNextHow do I configure conditional access policies?

Was this helpful?

We strongly discourage using IdP-Initiated SSO flows because they are vulnerable to . If possible, let the Client Portal initiate the sign-in (and federate out) when required.

Sign in to the . If you have access to more than one tenant, select your account from the upper right corner. Set your portal session to the Azure AD tenant that you want.

In Redirect URI, select the Redirect URI type as Web, and enter your callback URL: .

You can find the Application (client) ID on the overview page of the application created in .

Your client secret as created in .

Microsoft Azure Portal
https://login.pyracloud.com/login/callback
Register the Client Portal with Azure AD
Create a client secret
Add API permissions
Collect and forward the information to SoftwareOne
Login CSRF attacks
Step 1: Register the Client Portal with Azure AD
Step 2: Create a client secret