Configuring SAML with Microsoft Entra ID

Supported Features
The Mursion and Microsoft Entra ID SAML 2.0 integration currently supports the following features:

SP-initiated SSO
JIT (Just In Time) Provisioning

Configuration Steps

Add Non-Gallery Application in Microsoft Entra ID

In the Microsoft Entra admin center, navigate to Identity > Applications > Enterprise applications.
Click New application.
Select Create your own application.
Enter Mursion as the name of the application and choose Integrate any other application you don’t find in the gallery (Non-gallery).
Click Create.
You will then be re-directed to the newly created application. You can (upload the Mursion logo as the application logo (right-click and save image as .png).
Once the integration is complete, you will need to add or assign users within Entra, or a group of users, to the app to give them access to the Mursion portal.

Configure Single Sign-On (SSO)

In the Manage section of the navigation bar, select Single sign-on.
Choose SAML as the single sign-on method.
Click Upload metadata file to upload Mursion's metadata file. You can generate this yourself following the steps in the 'Create SSO Configuration in Mursion Portal' section below or a Mursion integration specialist can generate it for you and share. Reach out to your Engagement Manager for assistance.
Under Attributes & Claims ensure you are providing email, first name, and last name claim values. You may also opt to share additional claim values for location, phone number, department, or Mursion team assignments if you would like.
Under step 3, download the Metadata XML for your newly created application.

Create SSO Configuration in Mursion Portal

Note: Mursion will assist with this process. Reach out to your Engagement Manager to get started and a Mursion integration specialist will be assigned to assist you.

Open a new browser tab and sign in to Mursion Portal.
Navigate to Settings > SSO.
Click Create SSO Configuration.
In the New SSO Configuration dialog, enter the following:
- Protocol: SAML 2.0
- Configuration Name: Enter a descriptive name of your choice.
- Single Sign-On Service Endpoint: Copy and paste the Login URL from the Microsoft Entra ID Mursion application setup.
- Logout Endpoint: Copy and paste the Logout URL from the Microsoft Entra ID Mursion application setup.
- Entity ID: Copy and paste the Microsoft Entra Identifier from the Microsoft Entra ID Mursion application setup.
- X.509 Certificate: Copy and paste the PEM-formatted text of the SAML Signing certificate downloaded from Microsoft Entra ID. Ensure you include the headers -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.
- Email Claim Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
- First Name Claim Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
- Last Name Claim Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
- Single Logout Enabled: (Optional) Check this option to allow Microsoft Entra ID to terminate a user’s session when they log out of Mursion Portal.
- Team Claim Name: (Optional) Enter the attribute name that specifies team assignment.
- Team Mapping: If using Team Claim Name, click Add to map attributes to Mursion Portal teams.
Click Create SSO Configuration.
Select the newly created SSO configuration and:
- Click Download SP Metadata and save the metadata XML file.
- Copy the SP Initiated SSO URL and save it for later steps.

Testing Mursion Portal SSO

Assign one or more test users to the Mursion application in Microsoft Entra ID.
As a test user, click on the Mursion application to initiate SSO.
If the configuration is correct, the user will be signed in to Mursion Portal and follow this flow:
- The Mursion & User Agreement will be displayed for acceptance.
- The User Profile page will appear to confirm profile and timezone.
- The Calendar page will be displayed, completing the login process.