Make sure the staff configured within HelpSpot have a username setup matching their Office365 email addresses in their HelpSpot staff profiles.
- Go to https://aad.portal.azure.com and click on enterprise applications.
- We'll create a "non-gallery" application.
- Select "New Application"
- Select "Create your own application"
- Give the application a name, and keep the default option "Integrate any other application you don't find in the gallery"
- After the app is created:
- Select single sign on and then choose SAML for the sign on type.
- Edit step 1 "Basic SAML Configuration" and enter an Identifier (Entity ID) found in
HelpSpot Admin > Settings > Authentication > SAML2.0.
- Enter the Reply URL (Assertion Consumer Service URL) (also know as ASC URL) that is found in
HelpSpot Admin > Settings > Authentication > SAML2.0
- Save your settings
- Still within the application settings, head to Users and group and choose
Add User to add users or role who may authenticate into HelpSpot
- After completing the above, and saving the settings, step 3 on the SAML setup page should update with more information.
- Download the Federation Metadata XML file. In this file, you will find the
<X509Certificate> tag. Copy the value that is between the
</X509Certificate> tags. Paste this value into Certificate field in HelpSpot Admin > Settings > Authentication > SAML2.0.
- Move down to step 4 is the azure SAML setup page and copy the Login URL to the
Login URL (SSO) in the HelpSpot SAML setup page.
- Copy the Logout URL to the
Logout URL (SLO) in the HelpSpot SAML setup page.
- Copy the Azure AD Identifier to the
Entity ID in the HelpSpot SAML setup page
- Save your settings in HelpSpot and then head back to the Azure SAML setup page and validate your single sign-on with SAML