SSO Upgrade for Trintech/Adra

Setup Using Entra ID with Adra

Article description

Overview

Integrating Adra by Trintech with Entra ID allows administrators to:
- Use Entra ID to manage user access to Adra by Trintech.
- Enable users to be automatically signed in to Adra by Trintech with their Entra ID accounts.
- Manage accounts in one central location - the Entra ID portal.
Adra by Trintech supports SP and IDP initiated SSO.

Summary

The steps below summarize the process for integrating Adra by Trintech with Entra ID and can be used as a reference.

Prerequisites

The following items are required to integrate Adra by Trintech with Entra ID:
- An Entra ID subscription. If you do not have a subscription, click here to get a free account.
- Adra by Trintech single sign-on (SSO) enabled subscription.
- Rights as a Cloud Application Administrator or Application Administrator in order to add or manage applications in Entra ID. For more information, see Entra ID built-in roles.
Configuration at Entra ID Instance
1. Log in to the Entra ID Portal.
2. Navigate to the Entra Active Directory blade.
3. Click Enterprise applications.
1. Click New application.
1. Click Create your own application.
1. Enter the desired application name. In the example below the name 'Adra Tritech' was chosen.
WARNING: Currently, "Adra by Trintech" from the Microsoft Gallery Application is under Certification and it does not support SCIM Provisioning. If you intend to use SCIM, please create a new App as shown in the screenshot. Otherwise use the "Adra by Trintech" app.

From the newly created applications integration page:
1. Click Single sign-on in the left-side menu.
2. Under Select a single sign-on method, click SAML.
On the Set up Single Sign-On with SAML page:
1. Click Edit for Basic SAML configuration.
Configuring in IDP initiated mode requires the Federation Metadata XML file for Adra. Navigate to Adra Setup>>Engagement>>Security and click The XML metadata file with the settings to configure your system can be downloaded here.
1. Download this metadata XML file and save it in an accessible location.
2. On the Entra Portal, in the Single sign-on section for the Adra Enterprise Application, click Upload metadata file.
3. In the new blade, select the FederationMetadata.xml file downloaded earlier, and click Add.
After uploading the Federation metadata file, the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) fields will automatically populate in the Basic SAML Configuration section.
1. Sign on URL: Enter https://login.adra.com.
2. Relay State: Enter https://setup.adra.com.
3. Logout URL: Enter https://login.adra.com/Saml/SLOServiceSP.
4. Click Save and close the Basic SAML Configuration section.
On the Set up Single Sign-On with SAML page:
1. In the SAML Signing Certificate section, click copy to copy the App Federation Metadata Url and save it to your computer.
WARNING: Copy the App Federation Metadata URL for later use. This URL is used when configuring a Federated Identity Provider in the Adra Setup Portal.

Configuration at Adra Setup Portal

The remaining configuration is done in the Adra Setup Portal.
To continue with the rest of the configuration:
1. Login to Setup Portal as System Administrator.
2. Open the Engagement.
3. Navigate to the Security tab.
4. Under Security policy, select Use a federated identity provider.
5. Click Add new federated identity provider.
Creating a new Federated Identity Provider requires the Federation Metadata URL for the Entra ID Enterprise Application created earlier. If necessary:
1. Open the Adra Enterprise Application created earlier on the Entra Portal.
2. In the SAML Signing Certificate section, copy the App Federation Metadata URL.
1. Return to Adra Setup.
On the Provider details pop-up:
1. Enter a Name for the configuration.
2. Enter a Description.
3. Under Federation metadata, select Use metadata URL.
4. Under Metadata URL, paste the App Federation Metadata URL that was copied earlier.
5. Click Test URL.
The federation metadata file is read by the application and the default configuration will automatically be updated in the Provider details pop-up.
1. Click Save to save the Federated Identity Provider Policy.
1. On the Security tab, select the newly created Identity Provider Policy.
2. Click Save changes.
Add New User to the Engagement (Optional)

If the user is not in the engagement:
1. Navigate to Setup>>Users.
2. Click Create user.
3. Enter the details for the new user.
4. Click Save.
Test Entra ID SSO Configuration

Test the Entra ID single sign-on configuration with the following options:

SP Initiated:
- Click Test this application in the Entra portal. This will redirect to Adra by Trintech Sign-on URL to initiate the login flow.
- Go to Adra by Trintech Sign-on directly and initiate the login flow from there.
IDP Initiated:
- Click Test this application in the Entra portal to be automatically signed in to Adra by Trintech.
Microsoft My Apps can be used to test the application in either mode. Click the Adra by Trintech tile in My Apps.
- SP Mode - Redirects to the application sign-on page for initiating the login flow.
- IDP Mode - Automatically signs in to Adra by Trintech.