Step-by-Step Federation

How to Enable SSO for your Mavim Portal using Entra ID

Federate your Mavim Portal to your own tenant with ENTRA ID using an App registration

Comprehensive guide to establish Single Sign-on to the Mavim Portal for your entire organization. 

Project & Portfolio Management

Manual steps to enable authentication (SSO) on the Mavim Portal


Manual steps to enable authentication (SSO) on the Mavim Portal
This guide applies to the second option from the top > Federate with my existing tenant/Entra ID

1-2

In addition to the automated federation option, the Mavim Connect Center offers the capability to manually integrate with your existing Entra ID (Microsoft 365 / Azure AD tenant).
This ensures a clear and straightforward step-by-step process for customers. The Mavim Portal is an application that needs to be registered within your Entra ID.

The following values need to be gathered:

• Client ID

• Client Secret (not required in this scenario)

• Tenant ID

• Tenant Domain Name

and must be set up in the application settings of the Mavim Portal.
This configuration is completed via the Connect Page in the Mavim Connect Center.

 

Additionally, you'll need the account credentials for the new Mavim Portal administrator*, who serves as the functional or application manager for Mavim within your organization.

  • First Admin username (e.g., john.smith@customerdomain.com)

* This account will take over from the original first admin provided with the staging tenant by Mavim, which becomes unnecessary once the federation process is complete.

 

 2-1


Please note: In this scenario, a client secret is not generated. However, the MCC form requires an entry in this field.
To avoid any errors, simply input a random sequence of numbers (e.g., 1234567890).

 

What do you need to do on your end first?

Step 1 - Create an app registration

Go to https://portal.azure.com 
(being a Global admin or have the required RBAC permissions assigned to make changes in Entra ID)

Register (create) the Mavim Portal app in your Entra ID (Azure Active Directory)

Fill in the following values

Name:                Mavim Portal - <Customername

Redirect URI:    https://<portalname>.mavimcloud.com
(please replace <portalname> with the actual prefix your organization uses!)




Now Click Register to create

Step 2 - Configure the additional URI & ID token settings

Now on the Authentication tab (sidebar menu)
Add one additional redirect URI to the app registration created in the previous step

The URI should be formatted as follows: https://<portalname>.mavimcloud.com/.auth/login/aad/callback
(please replace <portalname> with the actual prefix your organization uses!)

NOTE: the other URI was already added in the previous step: https://<portalname>.mavimcloud.com
(please replace <portalname> with the actual prefix your organization uses!)

IMPORTANT: Check the ID tokens checkbox





Now Click Save

 

Step 3 - Now we check the API permissions for this app

You may Grant Admin Consent for your organization

Click Yes and grant Admin Consent for your organization.
So, your users are not presented with a any consent message when they visit the Mavim Portal



The green check mark appears



And now you're done here

 

 

Step 4 - Gather the needed values 

- (Application) Client ID
- (Directory) Tenant ID
- (Domain) Tenant Name
- New First Admin Username (this user will be assigned the Portal administrator role after the new federation has finished)




- (Application) Client ID
- (Directory) Tenant ID

 



- (Domain) Tenant Name

 

- New First Admin Username (this user will be assigned the Portal administrator role after the new federation has finished)
   in the following format:     e.g.  john.smith@fabrikam.com

 



Now that you have gathered all 4 values there are two options:

First option: Do it yourself!

Fill in the values in the appropriate fields



Now Click Save 
You’ll receive confirmation that the federation is successful (may take 10-30 seconds!)

When finished, inform the new First Admin User to log in to the Mavim Portal.
This user has the Portal Admin Role now.

All other tenant users may visit the Portal too and are assigned the Subscriber Role by default



Second option:   Provide Mavim with the values you created and gathered.
We can assist you with the configuration and fill out the form in the Mavim Connect Center.

Only difference when you choose this options is that a Mavim engineer has to enter these values in 
the application settings on the Mavim Portal app.  It may take longer to process.

Contact Mavim via delivery@mavim.com or create ticket on https://my.mavim.com explaining the need for assistance with federating your new Mavim Portal to your tenant.

We are happy to help!

 

Step 5 - Limiting access to the Portal through Entra ID Permissions
(this step is optional)

If, for some reason, you want to limit access to the Mavim Portal for a particular group within your organization (tenant)
this can be done in Entra ID (Azure Active Directory) too.

Navigate to Enterprise applications
 

 

Look for the app that has been created (Mavim Portal - <Customername>)
Under properties menu tab switch the Assignment Required slider to yes

 

Now go to Users and Groups to define who has access and may authenticate

 

 


Add the desired group 

 

In this example, access is limited to the group MavimEmployees




Note: the group needs to be created and populated by you first! This is just an example!


Happy to help!

If you need assistance connecting your Mavim Portal to your organization's tenant, we can help you!

Please create a Service Desk ticket on My Mavim with Assistance Portal Federation in the subject

 

 

logo_mavim 360x133