Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            MS Entra ID (Azure AD)

            Created by Philip Andersen, Modified on Tue, Mar 24 at 11:58 AM by Tanya Stoyanova

            Setting up SSO and Provisioning with MS Entra ID

            Connect Contractbook with Microsoft Entra ID (formerly Azure AD) to centralize your company security. This integration allows for secure Single Sign-On (SSO) and automates the management of users and user groups through SCIM provisioning.


            Prerequisites

            • Administrator access to your company’s Microsoft Entra admin center.

            • A valid Contractbook API key. 

              • A working Entra ID setup with the users from the organization you wish to synchronize with Contractbook.
              • A secret Token for an admin user, provided to you by Contractbook.
              • Our Tenant URL: https://api.contractbook.com/scim

            Step 1: Create the Enterprise Application

            1. Log in to the Microsoft Entra admin center.

            2. Navigate to Identity > Applications > Enterprise applications.

            3. Click + New application and select Create your own application.

            4. Enter "Contractbook" as the name and ensure "Integrate any other application you don't find in the gallery (Non-gallery)" is selected.

            5. Click Create.

              1. Make sure the option "Integrate any other application you don’t find in the gallery" is selected.
              2. Once you are ready, click on the Create button to confirm.
              3. Shortly after, you will be redirected to your application. If the redirection does not occur, repeat the search for Enterprise Application in the search bar, and you should now be able to see your application among the list.

            Step 2: Configure Single Sign-On (SAML)

            1. In your new application, select Single sign-on from the left sidebar and choose SAML.

            2. In the Basic SAML Configuration section, enter the Identifier (Entity ID) and Reply URL found in your Contractbook company settings.

            3. Scroll to SAML Certificates and download the Federation Metadata XML.

            4. Upload this file to the SSO section of your Contractbook company settings to complete the handshake.


            Step 3: Enable SCIM User Provisioning

            • Select Provisioning from the sidebar and click Get started.



            • Set the Provisioning Mode to Automatic.

            • Under Admin Credentials, enter the following:

              • Tenant URL: https://api.contractbook.com/scim/v2

              • Secret Token: Your Contractbook API key.

            • Click Test Connection. Once successful, click Save.

            • Under Mappings, ensure both Provision Microsoft Entra ID Users and Provision Microsoft Entra ID Groups are enabled.

            • If everything succeeds, you can save this configuration.

            Step 4: Assign Users and User Groups

            • Navigate to Users and groups in the sidebar.

            • Click + Add user/group.

            • Select the specific users or user groups that require access to Contractbook.

            • Once assigned, Entra ID will automatically sync these accounts to Contractbook.

            Management Shift: Once this integration is active, you must manage all users and user groups exclusively through MS Entra ID. The ability to invite or edit users directly within Contractbook company settings will be disabled.

            Provisioning Users

            • Click the Users and groups under Manage and configure the users you want to sync with Contractbook.
            • Please note that at least one organization admin should be present in the users selected. This is required for certain Active Directory setups where the admin needs to accept Contractbook's permissions on behalf of the organization:
            • Click Provisioning under Manage, and click Start provisioning:


            Provisioning User Groups

            You can also provision Groups from Entra ID into Contractbook in the same way you provision individual users. Provisioning a group will create a User Group in Contractbook, which you can use to give access to contract and template spaces. 


            Note: User Groups are available as a premium add-on in Accelerate plans. Contact our Support Team to request this feature for your users.


            • Usually, the first provisioning update should take 5 to 15 minutes, depending on the size of your organization.
            • Provisioning occurs every 40 minutes, so any update to your users will be synchronized after that time.

            Accepting permissions on behalf of the organization

            • For specific Azure Active Directory setups, an admin must obtain the licenses on behalf of the organization so users can use Contractbook's Single Sign On (SSO).
            • You will know you have this setup when your users start reporting problems like the following:
            • To fix this, the admin needs to log into Contractbook's main platform and accept the permissions:

            Related Articles

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0