Setup Instructions for Adding Doximity on Microsoft Azure/Entra ID

  1. Go to https://portal.azure.com and log in with a Global Administrator (or with a user able to register non-gallery enterprise applications)

  2. Open "Azure AD" (usually under "More services")


  3. Go to "Enterprise applications" under the sidebar


  4. Click to create a "New Application":


  5. Click on "Create your own application":


  6. Type "Doximity" as the name, and select the "Non-gallery" option ("Integrate any other application you don't find in the gallery"), and click next.


  7. Click to "Set up single sign on"


  8. Select the "SAML" single sign-on method:


  9. On the "1. Basic SAML configuration", click the "Edit" button:


  10. On the Basic SAML configuration interface, fill out the following fields:
Identifier (Entity ID) https://sso-connect.doximity.com 
Reply URL (Assertion Consumer Services URLS)

https://sso-connect.doximity.com/auth/saml/organization_identifier *


* organization_identifier to be provided by Doximity

Sign on URL Leave blank
Relay State (Optional)

For Amion application:
{"redirect_to":"https://www.amion.com/organizations"}

For Dialer application:
{"redirect_to":"https://www.doximity.com/dialer/home"}

Logout URL (Optional) Leave blank
  • Finally, click Save on the top left. Once saved, click to close that sidebar interface on the top right X button.


  1. Back to the Single Sign-On with SAML interface, under "2. Attributes & Claims" click the Edit button


  2. Set-up the attributes to match the table below. For more information on attributes, please see this Microsoft support page.

Name Namespace Source Source attribute
emailaddress http://schemas.xmlsoap.org/ws/2005/05/identity/claims Attribute user.mail
givenname http://schemas.xmlsoap.org/ws/2005/05/identity/claims Attribute user.givenname
name http://schemas.xmlsoap.org/ws/2005/05/identity/claims Attribute user.userprincipalname
surname http://schemas.xmlsoap.org/ws/2005/05/identity/claims Attribute user.surname
jobtitle http://schemas.xmlsoap.org/ws/2005/05/identity/claims Attribute user.jobtitle
address http://schemas.xmlsoap.org/ws/2005/05/identity/claims Attribute user.streetaddress
city http://schemas.xmlsoap.org/ws/2005/05/identity/claims Attribute user.city
state http://schemas.xmlsoap.org/ws/2005/05/identity/claims Attribute user.state
postalcode http://schemas.xmlsoap.org/ws/2005/05/identity/claims Attribute user.postalcode
mobile http://schemas.xmlsoap.org/ws/2005/05/identity/claims Attribute user.mobile
dateofbirth http://schemas.xmlsoap.org/ws/2005/05/identity/claims Attribute user.dateofbirth

 

  1. Back to the Single Sign-On with SAML interface, under "3. SAML Certificates", look for the "App Federation Metadata Url". Click to copy it, and send that URL to Doximity by replying to our email. This will enable us to continue the process on our side.



  2. Before you finish, please enable one or more users to this application. That can be done by going to "Users and groups" under this Enterprise application.

 

  1. Please gather federation metadata URL, email domains and internal namespaces owned by tenant and submit this information on this form: https://forms.gle/wh58dpMkxMQQBDpy9 
    • Domains Owned by Tenant: For instance, if your users use jdoe@example.org and jdoe@acme.org, we need to map both "example.org" and "acme.org" to trigger your AzureAD SSO whenever we see those domains.

Setup Instructions for User Provisioning on Azure AD

  1. Before starting these steps, please send a confidential/encrypted email to your Doximity resource to receive the Provisioning API token needed for Step 8-b. 
  2. Go to https://portal.azure.com and log in with a Global Administrator (or with a user able to manage non-gallery enterprise applications)
  3. Open "Azure AD" (usually under "More services")


  4. Go to "Enterprise applications" under the sidebar
  5. Find the Doximity application and click to manage it

  1. Go to “Provisioning” under the sidebar

  1. Click on Get Started to start the setup

  1. Select “Automatic” under the Provisioning Mode and then fill up the “Admin Credentials” section:
    1. Under “Tenant URL” type:
      1. Production: https://sso-connect.doximity.com/scim_v2/?aadOptscim062020
      2. Sandbox (optional): https://sso-connect.partners.doximity-staging.services/scim_v2/?aadOptscim062020 
    2. Under “Secret Token” paste the API Token provided by Doximity
    3. Click on “Test Connection” to make sure everything is working properly
    4. Then click Save on the top of the page

 

  1. Go back to the “Mappings” section and edit the “Provision Azure Active Directory Users” mapping
  2. In the “Attribute Mappings” section, edit the “userName” mapping and change the “Matching precedence” to “2”, then hit “Save” 

  1. Also in the “Attribute Mappings” section, edit the “externalId” mapping:
    1. Change the “Source attribute” to “objectId”
    2. Set the “Match objects using this attribute” to “Yes”
    3. Set the “Matching precedence” to “1”
    4. Then hit “Save”

  1. Check that the final mapping should have the following attribute mappings and click on “Save” at the top of the page

  1. Go back to the “Provisioning” page, set the “Provisioning Status” to “On” and hit “Save”

Miscellaneous Notes

  1. Groups and roles: Doximity, and it’s products Dialer and Amion, are enterprise-wide products used across your organization by both clinical (e.g. MD, DO, RN), support clinical staff (e.g. social worker, care coordinator, scheduling) and non-clinical staff (e.g. IT). Please include all groups that will cover all relevant users above. To simplify group maintenance, Doximity recommends using dynamic membership rules to manage your groups. For more information, please see this Microsoft Entra support page
  2. Encrypted SAML Assertions: Please let Doximity know if your IDP requires encrypted SAML Assertions so we can complete additional set-up on vendor-side.

Have more questions? Submit a request

Don't see what you're looking for?