Integration between Ongoing WMS and Microsoft Entra ID

Configuration

Ongoing WMS does not have a registered application in the Microsoft Entra Gallery. Therefore you must create a new app registration in your Entra tenant. This will also create a service principal (also known as Enterprise Application) that Ongoing WMS uses to authenticate against your tenant to retrieve the necessary information for SSO. The same application can be used to provide both Single Sign-On and User Provisioning.

1. Go to Microsoft Entra admin center ⇒ Entra ID ⇒ Enterprise applications.
2. Click New application.
3. Click Create your own application.
4. Name it "Ongoing WMS" or similar, and ensure Integrate any other application you don't find in the gallery is marked.
5. Click Create.

Single sign-on (SSO)

This section provides instructions on how to configure Microsoft Entra ID for SSO in Ongoing WMS. It assumes that an application has already been created in Entra, see above instructions. Note that Microsoft has similar documentation but with more details, see Microsoft Learn: Enable SAML single sign-on for an enterprise application to learn more.

1. Start by creating an IdP configuration in Ongoing WMS (if one has not been created already). In Ongoing WMS, go to Administration ⇒ Identity providers.
   • To create a new IdP configuration, Click Create new identity provider.
   • To edit an existing IdP configuration, click the pen-icon on the row.
2. Check Enable SSO
3. In Entra, navigate to Enterprise applications ⇒ Ongoing WMS ⇒ Single sign-on.
4. Choose single sign-on method SAML.
5. Edit Basic SAML Configuration:
   • From Ongoing WMS, copy Assertion consumer service URL to Reply URL in Entra.
   • From Ongoing WMS, copy Issuer to Identifier in Entra.

   • In Entra, click Save.

     
6. The remaining information is to be copied from Entra to Ongoing WMS and is found in SAML Certificates and Set up Ongoing WMS in Entra:
   • From Entra, copy Microsoft Entra Identifier to Allowed issuer in Ongoing WMS.
   • From Entra, copy Login URL to Destination URL.

   • From Entra download Certificate (Base64) and copy to Certificate in Ongoing WMS.

     
7. Click Create or Update in Ongoing WMS to save the information.

In Entra, navigate to Ongoing WMS Enterprise Application ⇒ Properties. If you have Assignment required set to Yes (default), then you must also scope which users and/or groups that will be able to use SSO. Refer to Microsoft Learn: Manage users and groups assignment to an application on how this is done.

Now you should be able to test SSO:

1. Ensure there exists a user in Ongoing WMS with a username that matches a user's User Principal Name (UPN) in Entra.
2. Log out from Ongoing WMS.
3. Press the new button that has appeared - Log in via single sign-on (SSO).
4. Complete the Entra login sequence.

User provisioning

This section provides instructions on how to configure user provisioning from Microsoft Entra ID to Ongoing WMS. It assumes that an application has already been created in Entra, see above instructions.

1. Start by creating an IdP configuration in Ongoing WMS (if one has not been created already). In Ongoing WMS, go to Administration ⇒ Identity providers.
   • To create a new IdP configuration, Click Create new identity provider.
   • To edit an IdP configuration, click the pen-icon on the existing row.
2. Check Enable user provisioning.
3. In Entra, navigate to Enterprise applications ⇒ Ongoing WMS ⇒ Provisioning.
4. Follow the instructions in Entra for setting up provisioning, or see the documentation Microsoft Learn: Managing user account provisioning for enterprise apps in the Microsoft Entra admin center.
5. The following information has to be transferred from Ongoing WMS to Entra ID:
   1. SCIM endpoint URL to Tenant URL.
   2. Bearer token to Secret Token.
   To generate a bearer token, click the button Create new bearer token in the IdP configuration in Ongoing WMS.