Skip to main content

Configure SSO with Entra ID

  • Updated

SmartDraw let's you provision your users using SSO through Microsoft Entra ID, formerly known as Azure Active Directory.

When you integrate SmartDraw with Entra ID, you can:

  • Control who has access to SmartDraw using Entra ID
  • Automatically provision users
  • Enable your users to sign-in to SmartDraw with their Entra ID account
  • Bulk invite users
  • Manage your accounts in the Azure portal as a central location
  • Use refresh to update user access and deprovision users

Add SmartDraw from the Microsoft Entra App Gallery

To configure the integration of SmartDraw into Entra ID, you need to add SmartDraw from the Entra gallery to your list of managed SaaS apps.

In Azure Portal, select the Entra ID service and navigate to the Microsoft Entra Gallery.

Search for SmartDraw.

image (96).png
Select SmartDraw from results panel and you should see a pop-in from the right with details. Click Create.

mceclip1.png

Set Up Single Sign-On with SAML

In the Entra portal, on the SmartDraw application integration page, find the Manage section and select Single Sign-on.

Next, choose SAML.

Azure_SSO_SAML_Selection.jpg

On the Set up single sign-on with SAML page, click the edit/pen icon for Basic SAML Configuration to edit the settings.


azure-saml-url.png

You need to make 3 configuration settings.

  1. Identifier ID = https://www.smartdraw.com

  2. Reply URL (Assertion Consumer Service URL) = https://app.smartdraw.com/sso/saml/login/acme.com NOTE: Replace acme.com with your domain.

  3. Relay State = https://app.smartdraw.com

Click Save. Your configuration should now look similar to this.

Screenshot 2023-12-07 at 9.30.03 AM.jpg

 

Configure SAML Attributes

SmartDraw application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration.

azure-default-attributes.png

In addition to above, SmartDraw application expects few more attributes to be passed back in SAML response which are shown below. These attributes are also pre-populated but you can review them as per your requirements.

Azure_SSO_Attributes_Claims.jpg

Before continuing, the groups claim needs to be modified. Click the Edit link in Attributes & Claims, then click Add Group Claim. We recommend the default of All Groups in most cases as this allows you to use any group type in Entra ID with SmartDraw.

Azure_All_Groups_Claim.jpg

If you have additional security requirements, or know the specific group you want to use with SmartDraw you can configure that now. Once your groups claim is configured, click Save and then the browser back button.

On the Set up single sign-on with SAML page, in the SAML Signing Certificate section, find Federation Metadata XML and select Download to download the certificate and save it on your computer. You will need to add this XML to your SmartDraw account.

azure-metadataxml.png

 

On the Set up SmartDraw section, copy the appropriate URL(s) based on your requirement.

azure-copy-configuration-urls.png

 

Login to your SmartDraw account and click on the SSO tab in the left navigation.

 

Click on the Import SAML Metadata button.

On the next screen, select XML file and browse to the XML file you saved from Entra ID on your computer.

mceclip10.png

SmartDraw will automatically process the imported file. You can double-check the SAML issues and URL and click Save Configuration to enable Entra ID SSO.

mceclip11.png

When you're ready to fully enable SSO for every user, make sure you check "Allow all users of the above domains to login using this Saml config" and save your settings.

This toggle lets you check your SSO set up before users see it. You can turn it on an off as you need to test things, but it needs to be checked for your users to be able to use SSO with SmartDraw.

 

mceclip1.png

Automatic User Provisioning

After setting up SmartDraw with Entra ID SSO, there are two ways your users can gain access.

  • Automatic Access:
    Any user from your domain who tries to open SmartDraw will be prompted to sign in with their Entra ID. Once they do, they’ll be automatically added to your license.

  • Bulk Invitation:
    You can also add users in bulk by importing your Entra ID groups from the My Account -> SSO Settings page in SmartDraw. When you send a group invite, new users will receive a welcome email with instructions for getting started. Users who already have a SmartDraw account won’t be added again or receive duplicate emails.

Refreshing User Access and Deprovisioning

Using the admin tools for your license, you can easily update your groups and deprovision any deleted users automatically.

On the My Account -> SSO Settings page, you’ll find a Sync Group Members button below your groups list.


Use this to synchronize SmartDraw users with your current Entra ID group memberships and SSO configuration.

When you click Sync Group Members:

  • Add new users. New Entra ID group members are automatically added to your SmartDraw license. You can choose whether to send them a welcome email via the checkbox provided.

  • Deleting users. Users no longer in any assigned Entra ID group are automatically removed from your license and their accounts are deleted.

    • Transfer documents from deprovisioned users. Documents owned by removed users are automatically transferred to the administrator account.

    • Force logout for deprovisioned users. If a removed user is currently logged in, they are automatically logged out and redirected to the login page.

    • Removed users will not be able to log in again until an admin re-adds them to the license through SSO.