Configuring SSO with Microsoft Entra ID

Service Provider Configuration

To configure NLPatent as a service provider on Microsoft Entra ID, follow the steps below.

1. On your Azure Portal homepage, click the Microsoft Entra ID resource as shown in the image below

2. Then click on the “Enterprise applications” link on the left side of the Entra ID page

3. You’ll be taken to a page which lists all your existing Microsoft Entra ID applications. Click the “New application” link at the top of the page to create a new application. 

4. On the next page, you’ll see a list of pre-configured Microsoft Entra ID applications. For now, we don’t need any of these, we need a custom configured Microsoft Entra ID application, so we will click on the “Create your own application” link at the top of the page:

5. On the “Create your own application” popup, fill in the form to match the image below, and then click create at the bottom of the popup.

6. On clicking “Create”, you will be redirected to a new page to configure the application you just created. On that page, click the “Single sign-on” link on the left side of the page.

7. Then click on the SAML button on the Single sign-on page as shown in the image below:

8. You should now be redirected to the SSO configuration page. The first section on the page allows you set up the basic SAML connection parameters. Fill in these fields with the values below.

• Identifier (Entity ID): https://api.nlpatent.com/auth/sso/metadata
• Reply URL (Assertion Consumer Service URL): https://api.nlpatent.com/auth/sso/acs
• Sign on URL: We will provide you with this in an email with these instructions. 

9. For the “Attributed & Claims” section, we require three attributes named “email”, “first_name” and “last_name”. Edit these attributes to map them to the correct fields in your user directory. Once done it should look something like this:

10. Send us your SAML configuration. Microsoft Entra ID provides some configuration parameters that you need to send to us to complete  the process of configuring your identity provider to work with NLPatent as a service provider. Out of the parameters you’ll be provided, the following are required by NLPatent:

• Federation Metadata XML
• Login URL
• Microsoft Entra Identifier

These can be gotten from the following sections of the SAML Configuration page:

These values should be sent to NLPatent via email (support@nlpatent.com) to conclude the process of configuring your identity provider to work with NLPatent as a service provider.

Once these values have been configured on NLPatent, you'll be ready to test out the integration.

Testing The Integration

There are three ways to login using SSO. Below explains each of the three different methods and how to test it.

Microsoft Apps Login

If you go to https://myapplications.microsoft.com/ you should now see a new app called NLPatent. Clicking on this app should allow you to login to the NLPatent platform through your Microsoft account. If a user who does not have an NLPatent account uses this method to login, we will automatically create an account for them.

NLPatent UI Login

For users who already have an NLPatent account, they can go to https://search.nlpatent.com/login?sso=true and enter their email address to login to the NLPatent platform.

Enter your NLPatent email address and you should be redirected to Microsoft Entra ID to complete the authentication process.

Using your "Start URL"

In step 8, you added a "Sign on URL" to your Entra app. You can also use this URL to login to the NLPatent application. This is useful if you'd like to bookmark a link to the app.

Disabling NLPatent Password Login

Once you've confirmed that your SSO integration is working correctly, you will probably want to disable username/password authentication for your account so that the only way users can login to your account is through SSO.

In order to do that, just let us know by emailing support@nlpatent.com saying you "wish to disable username/password login for your account" and we will action this for you.

Disabling Automatic Account Provisioning

By default, new users will be automatically provisioned in the NLPatent platform when signing in via SSO (assuming you have available seats in your plan). If you do not want new users to be automatically provisioned, then please let us know and we will disable this feature.

If you have any questions or need support on your integration, feel free to email support@nlpatent.com.