Active Directory
Omni supports SP-initiated SAML authentication with Microsoft Active Directory and other SAML 2.0-compatible identity providers. To setup Active Directory, follow these instructions:
- In the Microsoft Entra admin panel, navigate to Applications > Enterprise Applications.
- Create a new application and then click Create your own application.
- Name the app
Omni
, select the radio button for "Integrate any other application you don't find in the gallery (Non-gallery)", and pressCreate
. - After the app is created, navigate to the Single sign-on configuration section.
- Select the SAML sign-on method.
- Edit the Basic SAML Configuration:
- Set the Identifier (Entity ID) to the full hostname of your Omni instance - e.g.
myorg.omniapp.co
- Set the Reply URL (Assertion Consumer Service URL) to the value of the Single sign-on URL from the Omni Authentication settings page
- Set the Identifier (Entity ID) to the full hostname of your Omni instance - e.g.
- Edit the Attributes & Claims:
- Edit the Unique User Identifier (Name ID) claim:
- Name identifier format: Email address
- Source: Attribute
- Source attribute:
user.mail
- Note: if you use a different attribute for user email address, use that instead.
- You should have two Additional claims (remove others that are populated by default):
- Name:
first_name
, Namespace: (blank), Source: Attribute, Source attribute:user.givenname
- Name:
last_name
, Namespace: (blank), Source: Attribute, Source attribute:user.surname
- Name:
- Edit the Unique User Identifier (Name ID) claim:
- Download the
Certificate (Base64)
from Step 3 and make note of theLogin URL
andMicrosoft Entra ID Identifier
values from Step 4 - Note: the Test button in Microsoft Entra will not work, even the SAML integration is properly configured.
- In the Omni authentication settings form:
- Copy the
Login URL
value from the step above into the SSO (Sign on) URL form input
- Copy the