This guide is intended to be used by the customer IT departments. The steps in this guide should not be done without the knowledge of your IT department.
Use Microsoft Single Sign-on to enable your users to access InfoTiles. They will access the InfoTiles platform using their Microsoft Entra Accounts.
This process will take 10 minutes and only needs to be completed once. It should be done before standard users are provided access to InfoTiles.
InfoTiles does not charge per-user licence fees. Consequently, there is no licencing impact from enabling InfoTiles access to all your users.
Prerequisites
- Azure Global Administrator
- You will need to have an active subscription to InfoTiles.
- You will need to know your service URL
- A service URL typically looks like:
https://<organisation>.pipefusion.ai
- A service URL typically looks like:
- Please submit a ticket to advise us you wish to configure SSO. We will provide your service URL, and support you in the process. You will also use the ticket to communicate the Entra
Application ID
back to InfoTiles.
Required Permissions
You will use administrator privileges to provide Organisational Consent for the InfoTiles application to:
- User.Read (Delegated): Sign your users in and read profile's access rights (InfoTiles uses this to determine authenticate users)
Optional Permissions
- Group.Read.All (Delegated): Read All Groups a user is a member of. If required, this allows InfoTiles to use Entra Group membership to for authorisation to view different datasets.
These permissions allow infotiles to authenticate your users and provide access to specific data sources tied to the groups in your Entra Tenant. InfoTiles does not and will not access individual files, emails, calendars, or other personal information, in accordance GDPR and our privacy policy.
For example, InfoTiles does not request User.Read, Files.Read, Sites.Read.All which would enable reading files belonging to users.
InfoTiles requests Delegated permissions, and you can read more about these in the Microsoft Graph permissions reference.
Instructions
- Configure the Azure Identity Provider:
- Log in to the Azure Portal and navigate to Entra (formerly Azure Active Directory).
- Click Enterprise applications and then New application to register a new application.
- Click Create your own application, provide a suitable name (Eg InfoTiles), and select the Integrate any other application you don’t find in the gallery option.
- Navigate to the new application, click Users and groups, and add all necessary users and groups. Only the users and groups that you add here will have SSO access to the InfoTiles. If you do not add users or groups, it will be available to all users in your Entra Tenant.
- Navigate to Single sign-on and edit the basic SAML configuration, adding the following information:
-
Identifier (Entity ID)
- a string that uniquely identifies a SAML service provider. We recommend using your InfoTiles Service URL, but you can use any identifier.
For example,https://<organisation>.pipefusion.ai
-
Reply URL
- This is the InfoTiles Service URL with/api/security/saml/callback
appended.
For example,https://<organisation>.pipefusion.ai/api/security/saml/callback
-
Logout URL
- This is the InfoTiles Service URL with/logout
appended.
For example,https://<organisation>.pipefusion.ai/logout
-
- Navigate to Single sign-on, open the Attributes & Claims configuration, and update the fields to suit your needs. These settings control what information from Entra will be made available to InfoTiles during SSO. This information can be used to identify a user in InfoTiles and/or to assign different roles to users in InfoTiles. We suggest leaving the Unique User Identifier (Name ID) claim that identifies the user as default (
user.userprincipalname
).
You can optionally add a group claim if you wish to use Entra groups to coordinate authorisation to different data sets. For example allowing a ‘Wastewater’ Entra Group to access wastewater data. - Navigate to Overview and copy the
Name
&Application ID
. - Communicate the
Name
&Application ID
to InfoTiles via the support ticket.
- Add InfoTiles Guest Users for support (Reccomended)
- If you wish to track when InfoTiles support staff access the data and dashboards associated with your subscription, you must add them as guests in your Entra Tenant. Then when InfoTIles staff access the your data within InfoTiles to provide support, they will be listed in the access logs for the application.
- You will be provided with a list of individual staff members you have been assigned to support your project in the support ticket.
- Invite the infotiles staff as Guests to your Entra tenant
- Assign them to the newly created Application via Users and Groups.
Comments
0 comments
Please sign in to leave a comment.