This article is intended for network administrators who have experience setting up Azure AD applications with SAML 2.0 authentication. It outlines how to set up, test and establish a connection with Nearmap products.
For detailed information about each of the steps outlined below, see the instructions below.
Setting up Azure AD SAML2
Add a new application named "Nearmap" to your Azure AD organization.
- Configure SAML.
- Edit the Basic SAML Configuration.
- Set the Identifier (Entity ID) to
urn:auth0:nearmap:<your Connection ID>
- Set the Reply URL (Assertion Consumer Service URL) to
- Configure user attribute and claims.
- Create a claim with the Namespace set to http://schemas.xmlsoap.org/ws/2005/05/identity/claims and Name set to email.
- Set the User attribute to user.mail or user.userprincipalname depending on your Azure AD setup. This is the email address to be used for the Nearmap user profile.
- To support Just-In-Time provisioning create a claim each for the given name and last name.
- Given Name:
- Namespace http://schemas.xmlsoap.org/ws/2005/05/identity/claims
- Name given_name
- Source user.givenname
- Last Name:
- Name family_name http://schemas.xmlsoap.org/ws/2005/05/identity/claims
- Source user.surname
- If it's required use the Namespace to http://schemas.xmlsoap.org/ws/2005/05/identity/claims set up claims for:
- Phone: phone
- Mobile phone: mobile_phone
- Job title: job_title (preferred) or title
- Organisation: unit org_unit - this can be department, division, region, etc.
- Country: work_country
Assigning the Nearmap application to users
Depending on the options selected when you added the application, you may need to complete steps in the articles below: