Note for Azure Admins: For a complete walkthrough of adding applications to your company’s Azure account, please review this guide from Microsoft Support:
NexTravel Configuration Steps
As a NexTravel account administrator, you can manage single sign-on integrations on the Company Settings page.
- From the Microsoft Azure Dashboard, go to Azure Active Directory.
- On the rightmost panel, select Enterprise Application.
- Add Your Own App > Non-gallery Application
- Set the name of the application to NexTravel and click Add on the bottom of the panel.
- On the following page click Configure Single Sign-On
- From the Single Sign-on Mode dropdown select "SAML-based Sign-on"
- Open a separate browser window and navigate to www.nextravel.com/company/settings
- In the Single Sign-on section, click Add+. Keep this new window open until instructed otherwise.
- Copy NexTravel:SP - Entity field to Azure:Identifier (Entity ID)
- Copy NexTravel:SP - Assertion Consumer Service (ACS) to Azure:Reply URL
- Set Azure:User Identifier to "user.mail"
- Click "Configure NexTravel" at the bottom of the current Azure panel
- Copy Azure:SAML Single Sign-On Service URL to NexTravel:IDP - SSO URL
- Copy Azure:SAML Entity ID to NexTravel:IDP - Entity
- Copy Azure:Sign-out URL to NexTravel:IDP - SLO URL
- Download the SAML - Signing Certificate Raw and copy the text within into NexTravel:IDP - Certificate
- On the top-left of the Azure configuration panel, click Save
- On the bottom of the NexTravel SSO configuration panel, click Save
Even when SSO is setup, the user will have the option to login using the email address and password created to access NexTravel. If your preference is that users only log into the platform via SSO, then you can update the Company Profile settings to limit login to SSO only by switching “Allow Login on NexTravel” to "No".
Logging Into NexTravel
If the Company Settings do not allow login directly on NexTravel, users will see the following prompt when they attempt to access the website via the login page. The user will need to click on “Sign in With Microsoft Online” to be redirected to the company's SSO login.