This article is intended for network administrators who have experience setting up Microsoft Entra ID (formerly Azure AD) applications with SAML 2.0 authentication. It outlines how to set up, test and establish a connection with Nearmap products.
For detailed information about each of the steps outlined below, see the instructions below.
Setting up Entra SAML2
- Add a new application named "Nearmap" to your Entra ID organization.
- Configure SAML.
- Edit the Basic SAML Configuration.
- Set the Identifier (Entity ID) to
urn:auth0:nearmap:<your Connection ID> - Set the Reply URL (Assertion Consumer Service URL) to
https://auth.nearmap.com/login/callback?connection=<yourconnection ID>.
- Configure claims as given in the table below.
Name | Required? | Source |
|---|
email
| Yes | user.mail or user.userprincipalname
(whichever is user email address in your setup) |
given_name
| Yes | user.givenname
|
family_name
| Yes | user.surname
|
phone
| No | User phone attribute |
mobile_phone
| No | User mobile phone attribute |
job_title or title
| No | User job title attribute |
org_unit
| No | User department/region attribute |
work_country
| No | User country attribute |
Use Namespace http://schemas.xmlsoap.org/ws/2005/05/identity/claims for all claims.
Obtain the metadata URL
The
metadata URL to enter in Nearmap MyAccount can be found in the "SAML
Signing Certificate" section of the application properties:
Assigning the Nearmap application to users
Depending on the options selected when you added the application, you may need to complete steps in the articles below: