Home  >   Articles   >  Vtiger SAML application in Microsoft Entra ID

Vtiger SAML application in Microsoft Entra ID

Learn to integrate the Vtiger SAML application in Microsoft Entra ID.
11 Dec, 2023 - Updated 5 months ago
Table of Contents

Installation of Vtiger SAML in Microsoft Entra ID

 Follow these steps to install the Vtiger SAML application in Microsoft Entra ID:

  1. Open your Microsoft Entra ID portal.
  1. Click View on Manage Microsoft Entra ID.
  1. Click Enterprise Applications under the Manage tab.
  1. Click the +New Application button.
  1. Search for Vtiger in the Search Applications bar.
  2. Click on the Vtiger CRM (SAML) app. The Vtiger CRM (SAML) window opens.
  1. Click Create. An Application Vtiger CRM SAML added successfully message will be displayed. 

Now, go to Vtiger SAML app.

  1.  Click on the Single sign-on option under the Manage tab.
  1. Select SAML. 

Next, set up Single Sign-On with SAML.

  1. Go to All Applications.
  2. Select Vtiger CRM (SAML).
  1. Click on Get Started on the Set up single sign on tab.
  1. Click SAML tab.
  1. Go to Step-3 -  SAML Certificates.
  2. Click Edit. A SAML Signing Certificate window opens. A default certificate will be available on installing the Vtiger SAML app which will be in Active status. The user can add a new certificate if needed.
  1. Click the three dots on the Active certificate.
  2. Click Base64 certificate download from the drop-down to download and save it on your computer. 
  1. Go to Downloads. A 'Do you want to open this file?' window opens.
  2. Click Open. A Certificate window opens.
  1. Click Install Certificate.
  1. Click Next.
  1. Click Next.
  1. Click Finish. An Import was successful message will be displayed. Open the downloaded certificate using Notepad or a text editor.
  1. Log in to the CRM.
  2. Click Settings.
  1. Click Authentication under User Management. The Authentication settings page opens.
  1. Click the Edit icon in the Login Method section.
  1. Enable the SAML checkbox. The SAML details will appear.
  1. Go to Step 4 - Set up Vtiger CRM (SAML).
  2. Copy the following from Entra ID and paste them in Vtiger:​​​​​​
    1. Log in URL into IDP SSO URL
    2. Microsoft Entra ID identifier into IDP Entity ID
    3. Log out URL into IDP SLO URL - You can also give your instance URL.
    4. Copy the certificate contents and paste it into X.509 Certificate field in Vtiger. (From step 7).
  1. Click Save in Vtiger.
You can also refer to this article on Microsoft on how to enable SAML with Vtiger.

You will get the SP Entity ID and SP ACS URL.
Follow the below steps to configure in the Microsoft Entra ID Portal.
  1. Log in to the CRM.
  2. Click the User Profile.
  3. Click Settings.
  4. Click Authentication under User Management.
  1. Copy the following and paste it into the Microsoft Entra ID:
  1. Copy the SP Entity ID from Vtiger CRM.
  2. Copy the SP ACS URL from Vtiger CRM.
  3. Copy the Logout URL.
  1. Go to Step 1 in the Microsoft Entra ID portal.
  2. Click the Edit icon.
  1. Paste the above-copied ID in the following Microsoft Entra ID fields:
    1. Paste the SP Entity ID from Vtiger CRM.
    2. Paste the SP ACS URL from Vtiger CRM.
    3. Paste the same SP ACS URL in the Sign-on URL.
    4. Paste the Logout URL.
  2. Click Save.
The Sign-on URL will be auto-filled, the same as the acs URL.
Now, the configuration is successful. You can now sign in to Vtiger SAML using Microsoft Entra ID SAML log-in.

  • SP Entity ID - Service Provider Entity ID(Identifier) is the application endpoint needing to do SSO with IDP. In our case, it will be your CRM URL. For example: https://company.od1.vtiger.com
  • SP ACS URL - Service Provider Assertion Consumer Service URL is the application's endpoint performing the SSO. Example: https://company.od1.vtiger.com/sso/saml?acs
  • We have given an option to download the metadata and upload them into your IDP for the above configurations. 
  • IDP Entity ID - The Identity provider application endpoint provides the user's identity. For example, OneLogin, Azure, Active Directory, etc.
  • IDP SSO URL - This will be the sign-in endpoint of the Identify Provider(IDP).
  • IDP SLO URL - This is the signout endpoint of the Identify Provider.
  • Certificate x.509 - The IDP will provide this certificate. 
  • Logout URL - Once the application(CRM) logs out, it will be redirected to this URL.
  • AD User Employee Sync - is used to sync AD/Azure users to Vtiger Employees. 

Note: The Usernames of the Vtiger account and Active Directory accounts must match for single sign-on service.

Was this article helpful?
0  out of  0  found this helpful.
Comments 0
Be the first to comment
© Copyright 2023 Vtiger. All rights reserved.