Please be aware, this feature is only available on v15.5.1 and above. You can find information about upgrading/patching here.
Complete the following steps to set up Single Sign On using Azure AD
Configure Azure AD
- Login to https://portal.azure.com and click Manage Azure Active Directory
- On left side menu click Enterprise Applications
- Click New Application
- Click Create your own application
- Set a Name for application and select the Integrate any other application …
- Click Single Sign-on then Select SAML
- Set Intranet Home Page address for Identifier and Login Page Address for Replay URL and click Save
- Click Users and Groups
- Click Add User/Group
- Click None Selected
- Search and Select User / Group you want to have access to application
For easier user management, we recommend creating an "intranet users" group in Azure AD, into which appropriate users can be added. Often organizations have non-users in AD (e.g. printers) which end up having accounts on their intranet if this is not done.
11a. Head back to the Azure AD Home screen and select Groups from the Manage menu
11.b Click New Group
- Click Assign
- Click Single Sign-on
- Check the configuration
- Note: Test Sign in will not work before completing all steps
Configure Intranet Application
- Login with a Superadmin account and select Admin Menu
- In Security Tab Click on Authentication Mode
- Check Single Sign-On (SSO) option and Save
- Back to Security Tab and Click on Single Sign On
- In Azure Portal select the application and copy App Federation Metadata Url
- Paste in Metadata XML Url and click Import
- In Azure Portal from Properties copy User access URL
- Paste in Login Url and click Save
- For Mapping Unknown SSO User to new user or existing one Click on Single Sign-On Mapping
- In Azure Portal select the application and copy App Federation Metadata Url (Repeat step 20)
- Paste in Metadata XML Url and click Import
- Fill Name ID Field if you need to map Existing User (Azure AD default value is selected in screenshot)
- Fill Create New User, Person and Employee fields if you need to create New User (Azure AD default values are selected in screenshot)
- Click Save
- New users can add missing personal information by editing their profiles. Which fields users can edit is controlled in Manage Fields from Directory Tab