Installation of Vtiger SAML in Microsoft Entra ID

 Follow these steps to install the Vtiger SAML application in Microsoft Entra ID:

1. Open your Microsoft Entra ID portal.

2. Click View on Manage Microsoft Entra ID.

3. Click Enterprise Applications under the Manage tab.

4. Click the +New Application button.

5. Search for Vtiger in the Search Applications bar.
6. Click on the Vtiger CRM (SAML) app. The Vtiger CRM (SAML) window opens.

7. Click Create. An Application Vtiger CRM SAML added successfully message will be displayed. 

Now, go to Vtiger SAML app.

1.  Click on the Single sign-on option under the Manage tab.

2. Select SAML. 

Next, set up Single Sign-On with SAML.

1. Go to All Applications.
2. Select Vtiger CRM (SAML).

3. Click on Get Started on the Set up single sign on tab.

4. Click SAML tab.

5. Go to Step-3 -  SAML Certificates.
6. Click Edit. A SAML Signing Certificate window opens. A default certificate will be available on installing the Vtiger SAML app which will be in Active status. The user can add a new certificate if needed.

7. Click the three dots on the Active certificate.
8. Click Base64 certificate download from the drop-down to download and save it on your computer. 

9. Go to Downloads. A 'Do you want to open this file?' window opens.
10. Click Open. A Certificate window opens.

11. Click Install Certificate.

12. Click Next.

13. Click Next.

14. Click Finish. An Import was successful message will be displayed. Open the downloaded certificate using Notepad or a text editor.

15. Log in to the CRM.
16. Click Settings.

17. Click Authentication under User Management. The Authentication settings page opens.

18. Click the Edit icon in the Login Method section.

19. Enable the SAML checkbox. The SAML details will appear.

 

20. Go to Step 4 - Set up Vtiger CRM (SAML).
21. Copy the following from Entra ID and paste them in Vtiger:​​​​​​
    1. Log in URL into IDP SSO URL
    2. Microsoft Entra ID identifier into IDP Entity ID
    3. Log out URL into IDP SLO URL - You can also give your instance URL.
    4. Copy the certificate contents and paste it into X.509 Certificate field in Vtiger. (From step 7).

22. Click Save in Vtiger.

1. Log in to the CRM.
2. Click the User Profile.
3. Click Settings.
4. Click Authentication under User Management.

5. Copy the following and paste it into the Microsoft Entra ID:

6. Go to Step 1 in the Microsoft Entra ID portal.
7. Click the Edit icon.

8. Paste the above-copied ID in the following Microsoft Entra ID fields:
   1. Paste the SP Entity ID from Vtiger CRM.
   2. Paste the SP ACS URL from Vtiger CRM.
   3. Paste the same SP ACS URL in the Sign-on URL.
   4. Paste the Logout URL.
9. Click Save.

• SP Entity ID - Service Provider Entity ID(Identifier) is the application endpoint needing to do SSO with IDP. In our case, it will be your CRM URL. For example: https://company.od1.vtiger.com
• SP ACS URL - Service Provider Assertion Consumer Service URL is the application's endpoint performing the SSO. Example: https://company.od1.vtiger.com/sso/saml?acs
• We have given an option to download the metadata and upload them into your IDP for the above configurations. 
• IDP Entity ID - The Identity provider application endpoint provides the user's identity. For example, OneLogin, Azure, Active Directory, etc.
• IDP SSO URL - This will be the sign-in endpoint of the Identify Provider(IDP).
• IDP SLO URL - This is the signout endpoint of the Identify Provider.
• Certificate x.509 - The IDP will provide this certificate. 
• Logout URL - Once the application(CRM) logs out, it will be redirected to this URL.
• AD User Employee Sync - is used to sync AD/Azure users to Vtiger Employees.