Enterprise Feature
TimeTap uses SAML 2.0 for Single Sign. This help doc covers how to set this up on Azure/Office 365.
High Level Process
- Customer provides their IDP metadata file to TimeTap.
- TimeTap configures the customer integration and provides a metadata file which includes the certificate and non-production consume endpoints (one for Client Scheduler and one for Back Office).
- For Client Scheduler SSO we also need to provide the login endpoint
- Customer sets up and tests the integration using the certificate and endpoints provided.
- Once testing is good, TimeTap updates the configuration to point to production instead of non-production, and provides the production endpoints.
- Customer updates their production environment with the production endpoints. Once updated, SSO authentication will be live.
Setup
You will need Azure Admin permissions to perform the following tasks.
In Azure Admin Portal click on the “Create your own application” button.
Give it a name and select the Non Gallery option.
It will create a shell application. Download the Federation Metadata XML file and send it to TimeTap support. TimeTap will set up this configuration on our side, and then provide back endpoints to plug into this configuration.
Once TimeTap has provided the proper endpoints, Edit the basic configuration with that info.
Add appropriate user(s)/ groups Now you will be able to test.
If a user testing is not in the group that has permission to this application the following error may show up.