Logical components

What user information are we using?

Elqano uses an Azure Active Directory SSO Enterprise Application to authenticate your users (via SAML). It has to be configured in your system as well as in Elqano web application.

The only information about users we are using are:

• The email
• The user UUID
• The first name
• The last name
• The profile picture
• The elqano assigned role
• The job
• The location

All these values are coming from your Azure Active Directory and will never be exposed outside of Elqano.

This values will be stored in the application database and encrypted at REST and Transit.

Elqano uses an App Registration to access required information needed to fully integrate to your work environment.

• How are logical components set up?
  • Entreprise application: Elqano Single Sign On application
  • Application Registration
  • Create an Elqano Graph API registration
  • Logical components’ integration

How are logical components set up?

Pre-requisite

• Setup of all technical components: Elqano infrastructure up and running
• Ability to create an “Enterprise Application” with Single sign-on in Azure Active Directory
• Ability to manage and grant API permissions in the App-registration section of Azure AD
• Ability to add resources in an Azure Subscription

Check list

• logical components:
  • Create & register the SSO Application on Azure
  • Assign elqano roles to users
  • Assign app permissions thanks to the App Registration
  • Integrate logical components via the admin portal

Validate

• Navigate to the Web Application URL
• Ensure it is served via https only
• Make sure you are able to connect and access the app with you company account
• If you have been granted the admin role, make sure you are able to access the admin section of the app

Table of contents

• SSO Entrerpise application
• Application registration
• Graph API Registration
• Logical components integration