Logical components
What user information are we using?
Elqano uses an Azure Active Directory SSO Enterprise Application to authenticate your users (via SAML). It has to be configured in your system as well as in Elqano web application.
The only information about users we are using are:
- The email
- The user UUID
- The first name
- The last name
- The profile picture
- The elqano assigned role
- The job
- The location
All these values are coming from your Azure Active Directory and will never be exposed outside of Elqano.
This values will be stored in the application database and encrypted at REST and Transit.
Elqano uses an App Registration to access required information needed to fully integrate to your work environment.
- How are logical components set up?
How are logical components set up?
Pre-requisite
- Setup of all technical components: Elqano infrastructure up and running
- Ability to create an “Enterprise Application” with Single sign-on in Azure Active Directory
- Ability to manage and grant API permissions in the App-registration section of Azure AD
- Ability to add resources in an Azure Subscription
Check list
- logical components:
- Create & register the SSO Application on Azure
- Assign elqano roles to users
- Assign app permissions thanks to the App Registration
- Integrate logical components via the admin portal
Validate
- Navigate to the Web Application URL
- Ensure it is served via https only
- Make sure you are able to connect and access the app with you company account
- If you have been granted the admin role, make sure you are able to access the admin section of the app
Table of contents
- SSO Entrerpise application
- Application registration
- Graph API Registration
- Logical components integration