1. SAML Single Sign-On
  2. Configuring the Identity Provider for the SAML Integration
  3. Configuring Microsoft Entra ID for the SAML Integration

Configuring Microsoft Entra ID for the SAML Integration

This section provides the steps to set up Microsoft Entra ID, formerly known as Microsoft Azure AD, to provide single sign-on (SSO) access to SuiteProjects Pro using the SuiteProjects Pro SAML SSO feature.

Important:

The following configuration steps are given for illustration purposes only. SuiteProjects Pro does not support specific identity provider products or product versions. The following steps do not reflect the latest identity provider product version and still refer to the product name at the time these steps were written and tested. The Refer to Microsoft product documentation for detailed and updated instructions about Microsoft Entra ID. For additional questions about setting up Microsoft Entra ID, please contact Microsoft Support.

Make sure your Microsoft Entra ID plan supports custom attributes as well as preconfigured attributes in the SAML assertion. The free version, for example, may not let you define the custom attribute user_nickname required by the SuiteProjects Pro service provider.

Note:

OpenAir is now SuiteProjects Pro. As of 5 a.m. Eastern Time (UTC–5) on January 25, 2025, for your sandbox account, and on February 15, 2025, for your production account, service URLs with the netsuitesuiteprojectspro.com domain name replace URLs with the openair.com domain name.

Note that existing SAML single sign-on implementations are not expected to require any updates. The service provider entity IDs and assertion consumer service (ACS) URLs have not changed for existing identity provider profiles.

For identity provider profiles added after February 15, 2025, service provider entity IDs continue to use the openair.com domain name and ACS URLs use the netsuitesuiteprojectspro.com domain name.

For more information about the change, see Introducing SuiteProjects Pro.

To configure Microsoft Entra ID for the SAML integration

  1. Sign in to the Microsoft Entra admin center using your Microsoft Entra ID administrator account.

  2. Go to Identity > Applications > Enterprise Applications.

  3. Click New application.

  4. Click Create your own application.

  5. Enter a Name for the application (“SuiteProjects Pro Sandbox” or “SuiteProjects Pro Production”, for example).

  6. Choose Integrate any other application you don't find in the gallery (Non-gallery).

  7. Click Create.

    The Application Overview page appears.

  8. Click Single sign-on under Manage, and select SAML.

    The SAML-based sign-on configuration page displays.

  9. Click the Edit icon in the Basic SAML Configuration section and enter the following information:

    • Identifier (Entity ID) — Click the Add identifier link and enter the Entity ID generated by SuiteProjects Pro on the identity provider profile you created for Microsoft Entra ID in your SuiteProjects Pro account.

      • https://auth.sandbox.openair.com/sso/metadata/<unique_ref_generated_by_SuiteProjects Pro> (Sandbox account)

      • https://auth.openair.com/sso/metadata/<unique_ref_generated_by_SuiteProjects Pro> (Production account)

    • Reply URL (Assertion Consumer Service URL) — Click the Add reply URL link and enter the Assertion Consumer Service URL generated by SuiteProjects Pro on the identity provider profile you created for Microsoft Entra ID in your SuiteProjects Pro account.

      • https://auth.sandbox.netsuitesuiteprojectspro.com/sso/acs/<unique_ref_generated_by_SuiteProjects Pro> (Sandbox account)

      • https://auth.netsuitesuiteprojectspro.com/sso/acs/<unique_ref_generated_by_SuiteProjects Pro> (Production account)

      Note:

      Examples in this help topic use sample Entity ID and Assertion Consumer Service URL generated for a sandbox account. To set up Microsoft Entra ID with your production or sandbox account, replace the URLs with the unique Entity ID and Assertion Consumer Service URL generated by SuiteProjects Pro on the identity provider profile you created for Microsoft Entra ID on your SuiteProjects Pro account. See SuiteProjects Pro SAML Metadata.

    • Leave the optional fields Sign on URL, Relay State and Logout Url blank.

  10. Click Save and close the Basic SAML Configuration pane.

  11. Click the Edit icon in the Attributes & Claims section.

  12. Add the User Attributes & Claims user_nickname. To do so:

    1. Click Add new claim.

      The Manage user claims page appears.

    2. Enter the Name user_nickname.

    3. Under Source, choose Attribute.

    4. Select the Source attribute where the claim is going to retrieve its value. This must be the source attribute containing the SuiteProjects Pro User ID.

    5. Click Save. The attribute user_nickname is now listed in the table.

    6. Delete all other attributes and claims that can be deleted.

  13. Review the SAML Signing Certificate and download the Metadata XML file. You will need to upload the Metadata XML file to identity provider profile you created for Microsoft Entra ID in your SuiteProjects Pro account.

  14. Click Users and groups on the left hand side pane and assign users and group to this SAML application. Microsoft Entra ID will not issue a token allowing a user to sign in to the application unless Microsoft Entra ID has granted access to the user. Users may be granted access directly, or through a group membership. To assign a user or group to your application, click the Assign Users button. Select the user or group you want to assign, and click the Assign button.

Related Topics: