EZOfficeInventory is now EZO. Discover the reasons behind the rebrand and what it entails here
Asset Intelligence and Management

Asset Intelligence, Reimagined

+1-888-623-8654 +44 808 175 5789
Free Trial
+1-888-623-8654 +44 808 175 5789
Free Trial
Talk To Us

EZOfficeInventory Blogs Azure Ad Sso

[How-to] Configure Azure AD Single Sign-on (SSO) Integration With EZO

  • 8 minutes
Share:

In this article, we’ll guide you on how to integrate EZO with Azure Active Directory (AD). When you integrate EZO with Azure AD, you can:

  • Control in Azure AD who has access to EZO.
  • Enable your users to be automatically signed-in to EZO with their Azure AD accounts.
  • Manage your accounts in one central location i.e. the Azure portal.

To learn more about Single Sign-on with Azure AD, click here.

1. Prerequisites

To get started, you will require the following items:

  • An Azure AD subscription. If you don’t have a subscription, you can get a free account.
  • EZO single sign-on (SSO) enabled subscription.

2. Scenario Description

In this support blog, you configure and test Azure AD SSO in a test environment.

  •  EZO supports Service Provider initiated SSO
  • EZO supports Just In Time user provisioning

Note: The identifier of this application is a fixed string value so only one instance can be configured in one tenant.

3. Adding EZO from Gallery

In order to configure the integration of EZO into Azure AD, you need to add EZO from the Azure Gallery to your list of managed SaaS apps.

  1. Sign in to the Azure portal by using either your work or school account, or a personal Microsoft account.

2. On the left navigation pane, go to the ‘Azure Active Directory’ service.

3. Next navigate to ‘Enterprise Applications’.

4. Here you have to select ‘All Applications’.

5. To add a new application, click on ‘New application’.

6. In the Browse Azure AD Gallery section, write ‘EZO’ in the search box.

7. Choose EZO from the results panel and then add the app by clicking on ‘Create’.

Wait a few seconds for the app to be added to your tenant.

4. Configure and Test Azure Single Sign-On for EZO

Configure and test Azure AD SSO with EZO using a test user, let’s call him, Rose Holt. For SSO to work correctly, you need to establish a link relationship between an Azure AD user and the related user in EZO.

To configure and test Azure AD SSO with EZO, complete the following building blocks:

  1. Configure Azure AD SSO to allow your users to use this feature.
    – Create an Azure AD test user — to test Azure AD single sign-on with Rose Holt.
    – Assign the Azure AD test user — to allow Rose Holt to use Azure AD single sign-on.
  2. Configure EZO SSO to configure the single sign-on settings on the EZO application side.
    Create an EZO test user to have a counterpart of Rose Holt in EZO that is linked to the Azure AD representation of a user.
  3. Test SSO to verify whether the configuration is working.

5. Configure Azure AD SSO

Follow these steps to enable Azure AD SSO in the Azure portal.

  1. In the Azure portal, on the EZO application integration page, go to the Manage section and select ‘Single sign-on’.

2. From the Select a single sign-on method page, select ‘SAML’.

3. On the Set up single sign-on with SAML page, click the ‘Edit’ button for Basic SAML Configuration to edit the settings.

4. In the Basic SAML Configuration section, users have two options:

4.1. Service Provider Initiated configuration:

Type the following in these data fields:

  • Identifier (Entity ID): ezofficeinventory.com
  • Reply URL (Assertion Consumer Service URL): https://<SUBDOMAIN>.ezofficeinventory.com/users/auth/saml/callback
  • Sign-on URL: https://<SUBDOMAIN>.ezofficeinventory.com/users/sign_in

Note: Replace the “subdomain” text with the subdomain in your company’s EZO account URL. You can also contact the EZO team at support@ezo.io for this value. Refer to the patterns displayed in the Basic SAML Configuration section in the Azure portal for additional fields. Save the consumer service URL for section 6.2.

4.2 IDP Initiated Configuration:

In order to sign in directly upon initiating from the Idp (Azure AD). We need to change the sign-on URL in Azure AD to “https://<SUBDOMAIN>.ezofficeinventory.com/users/auth/saml”.

5. EZO application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The screenshot below shows the list of default attributes. Click ‘Edit’.

Copy the claim name URLs for user.givenname, user.surname, and user.mail and paste them onto the Attributes fields required in Step 5 of Section 6.3.

6. In addition to the above, the EZO application expects a few more attributes to be passed back in the SAML response (shown below). These attributes are also pre-populated but you can review them according to your requirements.

7. On the Set up single sign-on with SAML page, in the SAML Signing Certificate section, click on the ‘Add Certificate’ button, go to Certificate (Base64), select ‘Download’ to download the certificate, and save it on your computer for Step 2 of Section 6.3.

8. On the ‘Set up EZO’ section, copy the Login URL for Step 1 of Section 6.3.

5.1 Create an Azure AD test user

In this section, you’ll create a test user called Rose Holt in the Azure portal.

  1. From the left pane in the Azure portal, go to Azure Active Directory, select Users, and then select All users.

2. Select ‘New user’ at the top left of the screen.

3. In the User properties, follow these steps:

  • In the Name field, enter ‘Rose Holt’.
  • In the User name field, enter the username@companydomain.extension. For example, ‘roseholt@ezo.io.
  • Check the Show password box, and then write down the value that’s displayed in the Password box.
  • Hit ‘Create’.

5.2 Assign the Azure AD test user

In this section, you’ll enable Rose Holt to use Azure single sign-on by granting access to EZO.

  1. In the Azure portal, go to Enterprise Applications, and then select All applications.
  2. In the list of applications, select EZO.
  3. In the app’s overview page, go to the Manage section, and select ‘Users and groups’.

4. Select ‘Add User’, then click on Users and Groups in the Add Assignment dialog.

5. In the Users and Groups dialog, choose Rose Holt from the Users list, then click the ‘Select’ button at the bottom of the screen.

6. If you want to display any role value in the SAML assertion, in the Select Role dialog, select the appropriate role for the user from the list and then click the Select button at the bottom of the screen.

7. In the Add Assignment dialog box, click the ‘Assign’ button.

6. Configure EZO SSO

Once you have set up the EZO app on your preferred SAML identity provider i.e. Azure AD in this example, configure the settings in EZO from Settings → Add Ons → SAML Integration.

6.1 Whitelisting the IPs on SAML

Some identity providers require IPs to be whitelisted. Ensure that the following two IPs are whitelisted in your SAML settings:

1. 54.221.243.145

2. 50.16.201.234

6.2 Add EZO consumer service URL to your SAML settings in Azure AD

You can obtain the EZO consumer service URL from Settings → Add Ons → SAML Integration:

https://<Your Company Subdomain>.ezofficeinventory.com/users/auth/saml/callback

Copy and paste the EZO consumer service URL in the Reply URL field from section 4.1.

6.3 Fill in the configuration settings

You need to configure the following information in your EZO’s account (see image below to identify the fields):

Fill in the configuration settings

1. Unique Identity Provider URL: Find and copy your Login URL from Step 8 of Section 5 (see the image below). You will be required to paste this link in the ‘Identity Provider URL’ field while configuring EZO for SAML Integration.

2. Identity Provider Certificate: This certificate is unique for every Account Owner and is provided by the identity provider. Copy the text from Certificate (Base64) that you downloaded and saved from Step 7 of Section 5.1. (see image below).

EZO will use the certificate to validate the response from your identity provider letting the user to login in using SAML.

Note: Be careful to follow the below format for the certificate when pasting it in the certificate field so EZO validates your identity provider’s certificate without any error. It’s as follows:

— –BEGIN CERTIFICATE — –

your certificate details here

— –END CERTIFICATE — –

3. Login Button Text: By default, it’s labeled as ‘Access through SAML SSO’. You can rename it to any other preferred text e.g. Access using Rose Holt Corp Login.

4. Clock Drift: A delay of a few seconds is possible when different time zones are involved to ensure that the response generated by a server remains valid.

5. Attributes required for SAML configuration: Last Name and Email attributes need to be present for EZO. These attributes/parameters have to be sent over to EZO from your identity provider. In Azure AD, you can copy these parameters from Step 5 and 6 of Section 5.1. Map these parameters in EZO. If your Last Name attribute in SAML is last_name, then fill in ‘last_name’ against the Last Name field. The same format has to be followed for the Email.

6. EZO Role by default: This option enables you to add users as either Administrators or Staff Users.

Scroll to the top of the Add Ons page in EZO settings, and click ‘Update’. You now have a SAML-enabled EZO account.

This is how your SAML configuration settings should look like at the end:

6.4 Create EZO test user

In this section, a user named Rose Holt is created in EZO. EZOfficeIventory supports just-in-time user provisioning, which is enabled by default. There will be no action item for you in this section. If a user doesn’t already exist in EZO, a new one is created after authentication.

7.Test SSO

In this section, you will be able to test your Azure AD single sign-on configuration using the Access Panel.

When you click the EZO tile in the Access Panel, you should be automatically signed in to the EZO for which you set up SSO. For more information about the Access Panel, see Introduction to the Access Panel.

Note: User provisioning via multiple sources is not supported at the moment.

Read more: How to Implement User Provisioning via SCIM with Azure AD in EZO

8. Troubleshooting

Trying to set up SSO with two EZO tenants. How to set it up and how would this work?

Users sometimes have two EZO subdomains that they want to integrate with SSO Azure AD. This is not possible as the Entity ID on Azure is unique on a single Azure tenant so they cant have ezofficeinventory.com as Entity ID twice. Here the solution is to add multiple reply URLS on the same app in Azure AD.

So both EZO tenants (subdomains) will work with the same Azure app. In the Azure app you can add all the users you want to sign in to both of the EZO tenants (subdomains). For access control you can check this checkbox ‘Only authenticate members that are already added to your EZO account’. This setting enables you to add users to both EZO tenants manually or via SCIM provisioning from different azure ad SCIM apps.


Was this helpful?

Thanks for your feedback!

Achieve Higher Asset Control with EZOfficeInventory

Cloud-based asset management software that helps minimize costs with efficient asset organization and tracking.
free 15 day trial
Request a Demo
G2 leader summer 2024

Connect with EZO

Sales and support

support@ezo.io

sales@ezo.io

Asset Intelligence and Management

Asset Intelligence, Reimagined

EZO offers innovative asset intelligence and management solutions, trusted by thousands of organizations worldwide.

Solutions

Company

Learn More

Copyright © 2025 EZO. All rights reserved.

Index
EZOfficeInventory by EZO
Free Trial
Sign In
Asset Intelligence and Management
Asset Intelligence and Management

Talk to Us

Need help getting started or have questions? Get in touch with one of our product specialists!

Asset Intelligence and Management
Asset Intelligence and Management
Contact Us
Free Trial