Azure AD for Salesforce SSO

Delivering Quality Housing Maintenance and Upgrades Across New Zealand

A leading housing maintenance organization ensures safe, warm, and comfortable living environments for families across New Zealand. As a key maintenance partner under a significant national contract, the organization serves over 7,500 households annually in regions including Christchurch, Nelson/Marlborough, West Coast, Manawatu, Gisborne, and Hawke's Bay. The team coordinates planned and responsive property maintenance, upgrades, and specialized works through a dedicated network of skilled tradespeople, all focused on delivering quality service with care and efficiency.
Case Study

Challenges

An integration was required between Azure Active Directory (Azure AD) and Salesforce to implement Single Sign-On (SSO). The key objectives were:

  • Streamline user authentication across systems.
  • Enhance security with centralized identity management.
  • Simplify user onboarding and role assignments.
  • Ensure a seamless login experience for employees accessing Salesforce.
Case Study

Solution

Tranzevo successfully delivered an end-to-end integration between Azure AD and Salesforce for Single Sign-On (SSO), leveraging Azure’s enterprise identity services and Salesforce’s SAML-based authentication. The implementation focused on seamless user authentication, enhanced security, and role-based access control.

  • Generated and shared the SAML metadata file for integration with Salesforce.
  • Designed custom roles in Azure AD for job function mapping and established group-based access policies to manage Salesforce access effectively.

  • Enabled SAML Single Sign-On (SSO) within Salesforce and integrated it with Azure AD’s SAML metadata.
  • Mapped Azure AD user attributes (e.g., NameID, FirstName, LastName, and Email) to corresponding Salesforce fields.
  • Configured user profiles in Salesforce to rely on Federated Authentication, ensuring only Azure AD-verified users could access the platform.

  • Conducted extensive testing of login and logout flows to verify seamless redirection and user experience.
  • Validated role-based permissions and access for various user profiles, ensuring compliance with organizational policies.
  • Implemented fallback login functionality to allow admin users to access Salesforce via username-password credentials during Azure AD service downtime.

  • Introduced location- and device-based conditional access policies to secure login activities.
  • Enforced Multi-Factor Authentication (MFA) for high-privilege users to bolster security measures.

This solution design enabled a robust and secure authentication system, optimizing user access control while providing administrators with flexible fallback mechanisms.

 

 

Case Study

Results

The implemented solution leveraged Azure Active Directory (Azure AD) for centralized identity and access management. Key components included:

  • Single Sign-On (SSO): Configured to enable seamless, one-click access to multiple enterprise applications.
  • Automated Role Assignments: Utilized Azure AD group policies to automate user provisioning and deprovisioning processes.
  • Security Enhancements: Incorporated multi-factor authentication (MFA) and conditional access policies for added security.
  • Scalable Architecture: Designed with flexibility to support future integrations and application expansions.
Case Study

Technology Stack