From 7cacebb99e7902b5aac460a198a5f7c1d0fc58d3 Mon Sep 17 00:00:00 2001 From: arrivant Date: Mon, 1 Sep 2025 14:14:34 +0200 Subject: [PATCH 1/5] Improve clarity of AlexisHR SSO Customers are complaining that they are getting lost in two steps, so this change aims to bring some clarity around temporary mocked values handling and SAML Signing certificate --- docs/identity/saas-apps/alexishr-tutorial.md | 106 +++++++++++-------- 1 file changed, 60 insertions(+), 46 deletions(-) diff --git a/docs/identity/saas-apps/alexishr-tutorial.md b/docs/identity/saas-apps/alexishr-tutorial.md index a30e2ae77a0..0ec5f90a667 100644 --- a/docs/identity/saas-apps/alexishr-tutorial.md +++ b/docs/identity/saas-apps/alexishr-tutorial.md @@ -7,7 +7,7 @@ ms.reviewer: CelesteDG ms.service: entra-id ms.subservice: saas-apps ms.topic: how-to -ms.date: 03/25/2025 +ms.date: 09/01/2025 ms.author: gideonkiratu ms.custom: sfi-image-nochange # Customer intent: As an IT administrator, I want to learn how to configure single sign-on between Microsoft Entra ID and AlexisHR so that I can control who has access to AlexisHR, enable automatic sign-in with Microsoft Entra accounts, and manage my accounts in one central location. @@ -15,7 +15,7 @@ ms.custom: sfi-image-nochange # Configure AlexisHR for Single sign-on with Microsoft Entra ID -In this article, you learn how to integrate AlexisHR with Microsoft Entra ID. When you integrate AlexisHR with Microsoft Entra ID, you can: +In this article, you learn how to integrate AlexisHR with Microsoft Entra ID. When you integrate AlexisHR with Microsoft Entra ID, you can: * Control in Microsoft Entra ID who has access to AlexisHR. * Enable your users to be automatically signed-in to AlexisHR with their Microsoft Entra accounts. @@ -30,20 +30,21 @@ The scenario outlined in this article assumes that you already have the followin ## Scenario description -In this article, you configure and test Microsoft Entra SSO in a test environment. +In this article, you configure and test SAML SSO between Microsoft Entra ID and AlexisHR in a test environment. -* AlexisHR supports **IDP** initiated SSO. +* AlexisHR supports **IdP-initiated** SSO. +* You will first create a **basic (mock) SAML configuration** in Microsoft Entra ID to obtain the Login URL and certificate, then configure SSO in AlexisHR, and finally return to Microsoft Entra ID to update the Identifier and Reply URL with the real values from AlexisHR. ## Add AlexisHR from the gallery To configure the integration of AlexisHR into Microsoft Entra ID, you need to add AlexisHR from the gallery to your list of managed SaaS apps. 1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](~/identity/role-based-access-control/permissions-reference.md#cloud-application-administrator). -1. Browse to **Entra ID** > **Enterprise apps** > **New application**. +1. Browse to **Microsoft Entra ID** > **Enterprise applications** > **New application**. 1. In the **Add from the gallery** section, type **AlexisHR** in the search box. -1. Select **AlexisHR** from results panel and then add the app. Wait a few seconds while the app is added to your tenant. +1. Select **AlexisHR** from the results panel and then add the app. Wait a few seconds while the app is added to your tenant. - [!INCLUDE [sso-wizard.md](~/identity/saas-apps/includes/sso-wizard.md)] +[!INCLUDE [sso-wizard.md](~/identity/saas-apps/includes/sso-wizard.md)] @@ -58,83 +59,96 @@ To configure and test Microsoft Entra SSO with AlexisHR, perform the following s 1. **Assign the Microsoft Entra test user** - to enable B.Simon to use Microsoft Entra single sign-on. 1. **[Configure AlexisHR SSO](#configure-alexishr-sso)** - to configure the single sign-on settings on application side. 1. **[Create AlexisHR test user](#create-alexishr-test-user)** - to have a counterpart of B.Simon in AlexisHR that's linked to the Microsoft Entra representation of user. +1. **[Update Microsoft Entra SSO with real values](#update-azure-ad-sso)** – to replace the mock Identifier and Reply URL with actual values from AlexisHR. 1. **[Test SSO](#test-sso)** - to verify whether the configuration works. -## Configure Microsoft Entra SSO +## Configure Microsoft Entra SSO (initial mock setup) -Follow these steps to enable Microsoft Entra SSO. +Follow these steps to enable Microsoft Entra SSO with temporary values. 1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](~/identity/role-based-access-control/permissions-reference.md#cloud-application-administrator). -1. Browse to **Entra ID** > **Enterprise apps** > **AlexisHR** > **Single sign-on**. +1. Browse to **Microsoft Entra ID** > **Enterprise applications** > **AlexisHR** > **Single sign-on**. 1. On the **Select a single sign-on method** page, select **SAML**. 1. On the **Set up single sign-on with SAML** page, select the pencil icon for **Basic SAML Configuration** to edit the settings. ![Edit Basic SAML Configuration](common/edit-urls.png) -1. On the **Basic SAML Configuration** section, perform the following steps: +1. In the **Basic SAML Configuration** section, enter **temporary mock values**. Use a unique placeholder for your connection name — for example, combine your company name and the date: - a. In the **Identifier** text box, type a value using the following pattern: - `urn:auth0:alexishr:` + Example: + - Company: `acme` + - Date: `20250901` + - Result: `acme-20250901` - b. In the **Reply URL** text box, type a URL using the following pattern: - `https://auth.alexishr.com/login/callback?connection=` + Then enter: + - **Identifier (Entity ID)**: `urn:auth0:alexishr:acme-20250901` + - **Reply URL (Assertion Consumer Service URL)**: `https://auth.alexishr.com/login/callback?connection=acme-20250901` - > [!NOTE] - > These values aren't real. Update these values with the actual Identifier and Reply URL. Contact [AlexisHR Client support team](mailto:support@alexishr.com) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section. + > [!NOTE] + > These values are only placeholders. After you configure AlexisHR SSO, you'll return to this page and replace them with the real **Audience URI** and **Assertion Consumer Service URL** values provided by AlexisHR. -1. AlexisHR application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes. +1. In **Attributes & Claims**, set **Name ID format** to **Email address** and ensure the **Name ID** value is the user’s email. + Add the required attribute: + | Name | Source Attribute | + |--------|-----------------| + | email | user.email | - ![image](common/default-attributes.png) +> [!TIP] +> If your organization uses a different primary email attribute, you can map `userprincipalname` to `user.mail`. Ensure the selected attribute contains the user’s sign-in email in AlexisHR. -1. In addition to above, AlexisHR application expects few more attributes to be passed back in SAML response which are shown below. These attributes are also pre-populated but you can review them as per your requirements. - - | Name | Source Attribute | - | ------------ | --------- | - | email | user.mail | +1. On the **SAML Signing Certificate** section, select **Certificate (Base64)** and **Download**. This file is PEM-encoded and will be needed in AlexisHR setup. -1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section, find **Certificate (Base64)** and select **Download** to download the certificate and save it on your computer. + > [!IMPORTANT] + > When configuring AlexisHR, paste the **entire PEM content**, including: + > ``` + > -----BEGIN CERTIFICATE----- + > (base64 lines) + > -----END CERTIFICATE----- + > ``` + > Keep line breaks exactly as in the file. - ![The Certificate download link](common/certificatebase64.png) - -1. On the **Set up AlexisHR** section, copy the appropriate URL(s) based on your requirement. - - ![Copy configuration URLs](common/copy-configuration-urls.png) +1. In the **Set up AlexisHR** section, copy the **Login URL** and **Logout URL**. These values will also be needed in AlexisHR setup. [!INCLUDE [create-assign-users-sso.md](~/identity/saas-apps/includes/create-assign-users-sso.md)] + + ## Configure AlexisHR SSO 1. Log in to your AlexisHR company site as an administrator. - 1. Go to **Settings** > **SAML Single sign-on** and select **New identity provider**. +1. In the **New identity provider** section: + - **Identity provider SSO URL**: paste the **Login URL** from Microsoft Entra ID. + - **Identity provider sign out URL**: paste the **Logout URL** from Microsoft Entra ID. + - **Public x509 certificate**: open the downloaded **Certificate (Base64)** file and paste the entire PEM content (including `BEGIN` and `END` lines with proper line breaks). + - Select **Create identity provider**. -1. In the **New identity provider** section, perform the following steps: - - ![Screenshot shows the Account Settings.](./media/alexishr-tutorial/account.png "Settings") - - 1. In the **Identity provider SSO URL** textbox, paste the **Login URL** value which you copied previously. - - 1. In the **Identity provider sign out URL** textbox, paste the **Logout URL** value which you copied previously. - - 1. Open the downloaded **Certificate (Base64)** into Notepad and paste the content into the **Public x509 certificate** textbox. +1. After creating the identity provider, AlexisHR provides: + - **Audience URI** + - **Assertion Consumer Service URL** - 1. Select **Create identity provider**. + These will be used to update Microsoft Entra ID with the real values. -1. After creating identity provider, you receive the following information. + - ![Screenshot shows the SSO Settings.](./media/alexishr-tutorial/certificate.png "SSO configuration") +## Update Microsoft Entra SSO with real values - 1. Copy **Audience URI** value, paste this value into the **Identifier** text box in the **Basic SAML Configuration** section. +1. Return to **Microsoft Entra admin center** > **Enterprise applications** > **AlexisHR** > **Single sign-on**. +1. Edit the **Basic SAML Configuration** section. +1. Replace the temporary mock values with: + - **Identifier (Entity ID)**: paste **Audience URI** from AlexisHR. + - **Reply URL (Assertion Consumer Service URL)**: paste **Assertion Consumer Service URL** from AlexisHR. +1. Save the changes. - 1. Copy **Assertion Consumer Service URL** value, paste this value into the **Reply URL** text box in the **Basic SAML Configuration** section. + ### Create AlexisHR test user -In this section, you create a user called Britta Simon in AlexisHR. Work with [AlexisHR support team](mailto:support@alexishr.com) to add the users in the AlexisHR platform. Users must be created and activated before you use single sign-on. +In this section, you create a user called Britta Simon in AlexisHR. Work with [AlexisHR support team](mailto:support@alexishr.com) to add the users in the AlexisHR platform. Users must be created and activated before you use single sign-on. ## Test SSO From 2e32f20660c1efe636780f95e4b415f36a9e7a61 Mon Sep 17 00:00:00 2001 From: arrivant Date: Mon, 1 Sep 2025 15:10:27 +0200 Subject: [PATCH 2/5] Modify email attribute source in AlexisHR tutorial Updated the required attribute for Name ID format in the tutorial. --- docs/identity/saas-apps/alexishr-tutorial.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/docs/identity/saas-apps/alexishr-tutorial.md b/docs/identity/saas-apps/alexishr-tutorial.md index 0ec5f90a667..ebb569eee12 100644 --- a/docs/identity/saas-apps/alexishr-tutorial.md +++ b/docs/identity/saas-apps/alexishr-tutorial.md @@ -89,11 +89,13 @@ Follow these steps to enable Microsoft Entra SSO with temporary values. > [!NOTE] > These values are only placeholders. After you configure AlexisHR SSO, you'll return to this page and replace them with the real **Audience URI** and **Assertion Consumer Service URL** values provided by AlexisHR. -1. In **Attributes & Claims**, set **Name ID format** to **Email address** and ensure the **Name ID** value is the user’s email. - Add the required attribute: - | Name | Source Attribute | - |--------|-----------------| - | email | user.email | +In **Attributes & Claims**, set **Name ID format** to **Email address** and ensure the **Name ID** value is the user’s email. + +Add the required attribute: + +| Name | Source Attribute | +|--------|-----------------------| +| email | user.userprincipalname | > [!TIP] > If your organization uses a different primary email attribute, you can map `userprincipalname` to `user.mail`. Ensure the selected attribute contains the user’s sign-in email in AlexisHR. From a564f91923cdb8f3a54d214d47b379f51d8a44ce Mon Sep 17 00:00:00 2001 From: arrivant Date: Mon, 1 Sep 2025 15:13:02 +0200 Subject: [PATCH 3/5] Update alexishr-tutorial.md --- docs/identity/saas-apps/alexishr-tutorial.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/identity/saas-apps/alexishr-tutorial.md b/docs/identity/saas-apps/alexishr-tutorial.md index ebb569eee12..3138af7f939 100644 --- a/docs/identity/saas-apps/alexishr-tutorial.md +++ b/docs/identity/saas-apps/alexishr-tutorial.md @@ -95,7 +95,7 @@ Add the required attribute: | Name | Source Attribute | |--------|-----------------------| -| email | user.userprincipalname | +| email | user.email | > [!TIP] > If your organization uses a different primary email attribute, you can map `userprincipalname` to `user.mail`. Ensure the selected attribute contains the user’s sign-in email in AlexisHR. From e5967ff32c799b0d746556f2fcb5a381e91a6404 Mon Sep 17 00:00:00 2001 From: arrivant Date: Mon, 1 Sep 2025 16:33:46 +0200 Subject: [PATCH 4/5] Revise SSO configuration steps for AlexisHR Updated the steps for configuring Microsoft Entra SSO with AlexisHR, including changes to the numbering and clarifications on placeholder values. --- docs/identity/saas-apps/alexishr-tutorial.md | 100 ++++++++----------- 1 file changed, 41 insertions(+), 59 deletions(-) diff --git a/docs/identity/saas-apps/alexishr-tutorial.md b/docs/identity/saas-apps/alexishr-tutorial.md index 3138af7f939..55e46e9ac65 100644 --- a/docs/identity/saas-apps/alexishr-tutorial.md +++ b/docs/identity/saas-apps/alexishr-tutorial.md @@ -40,9 +40,9 @@ In this article, you configure and test SAML SSO between Microsoft Entra ID and To configure the integration of AlexisHR into Microsoft Entra ID, you need to add AlexisHR from the gallery to your list of managed SaaS apps. 1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](~/identity/role-based-access-control/permissions-reference.md#cloud-application-administrator). -1. Browse to **Microsoft Entra ID** > **Enterprise applications** > **New application**. -1. In the **Add from the gallery** section, type **AlexisHR** in the search box. -1. Select **AlexisHR** from the results panel and then add the app. Wait a few seconds while the app is added to your tenant. +2. Browse to **Microsoft Entra ID** > **Enterprise applications** > **New application**. +3. In the **Add from the gallery** section, type **AlexisHR** in the search box. +4. Select **AlexisHR** from the results panel and then add the app. Wait a few seconds while the app is added to your tenant. [!INCLUDE [sso-wizard.md](~/identity/saas-apps/includes/sso-wizard.md)] @@ -54,13 +54,11 @@ Configure and test Microsoft Entra SSO with AlexisHR using a test user called ** To configure and test Microsoft Entra SSO with AlexisHR, perform the following steps: -1. **[Configure Microsoft Entra SSO](#configure-azure-ad-sso)** - to enable your users to use this feature. - 1. **Create a Microsoft Entra test user** - to test Microsoft Entra single sign-on with B.Simon. - 1. **Assign the Microsoft Entra test user** - to enable B.Simon to use Microsoft Entra single sign-on. -1. **[Configure AlexisHR SSO](#configure-alexishr-sso)** - to configure the single sign-on settings on application side. - 1. **[Create AlexisHR test user](#create-alexishr-test-user)** - to have a counterpart of B.Simon in AlexisHR that's linked to the Microsoft Entra representation of user. -1. **[Update Microsoft Entra SSO with real values](#update-azure-ad-sso)** – to replace the mock Identifier and Reply URL with actual values from AlexisHR. -1. **[Test SSO](#test-sso)** - to verify whether the configuration works. +1. **[Configure Microsoft Entra SSO](#configure-azure-ad-sso)** – to enable your users to use this feature. +2. **[Create and assign a Microsoft Entra test user](#create-an-azure-ad-test-user)** – to validate single sign-on. +3. **[Configure AlexisHR SSO](#configure-alexishr-sso)** – to configure single sign-on in AlexisHR. +4. **[Update Microsoft Entra SSO with real values](#update-azure-ad-sso)** – to replace the placeholder values with real ones. +5. **[Test SSO](#test-sso)** – to verify whether the configuration works. @@ -69,52 +67,38 @@ To configure and test Microsoft Entra SSO with AlexisHR, perform the following s Follow these steps to enable Microsoft Entra SSO with temporary values. 1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](~/identity/role-based-access-control/permissions-reference.md#cloud-application-administrator). -1. Browse to **Microsoft Entra ID** > **Enterprise applications** > **AlexisHR** > **Single sign-on**. -1. On the **Select a single sign-on method** page, select **SAML**. -1. On the **Set up single sign-on with SAML** page, select the pencil icon for **Basic SAML Configuration** to edit the settings. +2. Browse to **Microsoft Entra ID** > **Enterprise applications** > **AlexisHR** > **Single sign-on**. +3. On the **Select a single sign-on method** page, select **SAML**. +4. On the **Set up single sign-on with SAML** page, select the pencil icon for **Basic SAML Configuration** to edit the settings. ![Edit Basic SAML Configuration](common/edit-urls.png) -1. In the **Basic SAML Configuration** section, enter **temporary mock values**. Use a unique placeholder for your connection name — for example, combine your company name and the date: +5. In the **Basic SAML Configuration** section, enter **placeholder values** for the first setup: + - **Identifier (Entity ID)**: `urn:auth0:alexishr:` + - **Reply URL (Assertion Consumer Service URL)**: `https://auth.alexishr.com/login/callback?connection=` Example: - Company: `acme` - Date: `20250901` - - Result: `acme-20250901` - - Then enter: - - **Identifier (Entity ID)**: `urn:auth0:alexishr:acme-20250901` - - **Reply URL (Assertion Consumer Service URL)**: `https://auth.alexishr.com/login/callback?connection=acme-20250901` + - Identifier: `urn:auth0:alexishr:acme-20250901` + - Reply URL: `https://auth.alexishr.com/login/callback?connection=acme-20250901` > [!NOTE] - > These values are only placeholders. After you configure AlexisHR SSO, you'll return to this page and replace them with the real **Audience URI** and **Assertion Consumer Service URL** values provided by AlexisHR. - -In **Attributes & Claims**, set **Name ID format** to **Email address** and ensure the **Name ID** value is the user’s email. - -Add the required attribute: - -| Name | Source Attribute | -|--------|-----------------------| -| email | user.email | + > These values are placeholders only. After you configure AlexisHR SSO, you'll return to this page and replace them with the real **Audience URI** and **Assertion Consumer Service URL** values provided by AlexisHR. -> [!TIP] -> If your organization uses a different primary email attribute, you can map `userprincipalname` to `user.mail`. Ensure the selected attribute contains the user’s sign-in email in AlexisHR. +6. In the **Attributes & Claims** section, set **Name ID format** to **Email address** and ensure the **Name ID** value is **user.email**. -1. On the **SAML Signing Certificate** section, select **Certificate (Base64)** and **Download**. This file is PEM-encoded and will be needed in AlexisHR setup. +7. In the **SAML Signing Certificate** section, select **Certificate (Base64)** and **Download**. This file has *.cer extension and is PEM-encoded and will be needed later during the AlexisHR setup. - > [!IMPORTANT] - > When configuring AlexisHR, paste the **entire PEM content**, including: - > ``` - > -----BEGIN CERTIFICATE----- - > (base64 lines) - > -----END CERTIFICATE----- - > ``` - > Keep line breaks exactly as in the file. +8. In the **Set up AlexisHR** section, copy the **Login URL** and **Logout URL** values. These values will also be needed in the AlexisHR setup. -1. In the **Set up AlexisHR** section, copy the **Login URL** and **Logout URL**. These values will also be needed in AlexisHR setup. +> [!IMPORTANT] +> Testing will only work **after** you complete the AlexisHR setup and update the Identifier and Reply URL in Microsoft Entra ID with the real values. +## Create and assign a Microsoft Entra test user + [!INCLUDE [create-assign-users-sso.md](~/identity/saas-apps/includes/create-assign-users-sso.md)] @@ -122,43 +106,41 @@ Add the required attribute: ## Configure AlexisHR SSO 1. Log in to your AlexisHR company site as an administrator. -1. Go to **Settings** > **SAML Single sign-on** and select **New identity provider**. -1. In the **New identity provider** section: +2. Go to **Settings** > **SAML Single sign-on** and select **New identity provider**. +3. In the **New identity provider** section: - **Identity provider SSO URL**: paste the **Login URL** from Microsoft Entra ID. - **Identity provider sign out URL**: paste the **Logout URL** from Microsoft Entra ID. - - **Public x509 certificate**: open the downloaded **Certificate (Base64)** file and paste the entire PEM content (including `BEGIN` and `END` lines with proper line breaks). - - Select **Create identity provider**. - -1. After creating the identity provider, AlexisHR provides: + - **Public x509 certificate**: open the downloaded **Certificate (Base64)** file in a text editor and paste the **entire PEM content** (including the `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----` lines) without modifying any line breaks. +4. Select **Create identity provider**. +5. After creating the identity provider, AlexisHR provides: - **Audience URI** - - **Assertion Consumer Service URL** - - These will be used to update Microsoft Entra ID with the real values. + - **Assertion Consumer Service URL** + These values will be used to update Microsoft Entra ID. ## Update Microsoft Entra SSO with real values 1. Return to **Microsoft Entra admin center** > **Enterprise applications** > **AlexisHR** > **Single sign-on**. -1. Edit the **Basic SAML Configuration** section. -1. Replace the temporary mock values with: +2. Edit the **Basic SAML Configuration** section. +3. Replace the temporary placeholder values with: - **Identifier (Entity ID)**: paste **Audience URI** from AlexisHR. - **Reply URL (Assertion Consumer Service URL)**: paste **Assertion Consumer Service URL** from AlexisHR. -1. Save the changes. +4. Save the changes. -### Create AlexisHR test user - -In this section, you create a user called Britta Simon in AlexisHR. Work with [AlexisHR support team](mailto:support@alexishr.com) to add the users in the AlexisHR platform. Users must be created and activated before you use single sign-on. +## Create AlexisHR test user -## Test SSO +1. Work with [AlexisHR support team](mailto:support@alexishr.com) to add a test user (for example, Britta Simon) in the AlexisHR platform. +2. Ensure the user is created and activated before testing single sign-on. -In this section, you test your Microsoft Entra single sign-on configuration with following options. + -* Select **Test this application**, and you should be automatically signed in to the AlexisHR for which you set up the SSO. +## Test SSO -* You can use Microsoft My Apps. When you select the AlexisHR tile in the My Apps, you should be automatically signed in to the AlexisHR for which you set up the SSO. For more information, see [Microsoft Entra My Apps](/azure/active-directory/manage-apps/end-user-experiences#azure-ad-my-apps). +1. In the **Microsoft Entra admin center**, go to the **AlexisHR** app and select **Test this application**. You should be automatically signed in to AlexisHR. +2. Alternatively, open [My Apps](https://myapps.microsoft.com), select the **AlexisHR** tile, and confirm that you are automatically signed in. For more information, see [Microsoft Entra My Apps](/azure/active-directory/manage-apps/end-user-experiences#azure-ad-my-apps). ## Related content From 23c25e3a3c0a064979de77038f636dd1e090b882 Mon Sep 17 00:00:00 2001 From: arrivant Date: Fri, 5 Sep 2025 10:03:52 +0200 Subject: [PATCH 5/5] Adjust the naming of Configure AlexisHR SSO step --- docs/identity/saas-apps/alexishr-tutorial.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/identity/saas-apps/alexishr-tutorial.md b/docs/identity/saas-apps/alexishr-tutorial.md index 55e46e9ac65..afc9fda2dd6 100644 --- a/docs/identity/saas-apps/alexishr-tutorial.md +++ b/docs/identity/saas-apps/alexishr-tutorial.md @@ -105,7 +105,7 @@ Follow these steps to enable Microsoft Entra SSO with temporary values. ## Configure AlexisHR SSO -1. Log in to your AlexisHR company site as an administrator. +1. Log in to your AlexisHR company site as an Owner. 2. Go to **Settings** > **SAML Single sign-on** and select **New identity provider**. 3. In the **New identity provider** section: - **Identity provider SSO URL**: paste the **Login URL** from Microsoft Entra ID.