Technical Guide for SSO with Azure

"What is Single Sign On?"

Single Sign-On (SSO) is an authentication process that allows a user to access multiple applications or services with a single set of login credentials (such as username/email address and password). The primary goal of SSO is to simplify the user experience by eliminating the need to remember and enter different credentials for each application.

Single Sign-On (SSO) can improve security in several ways, but the two key advantages include:

  1. Reduced Password Fatigue - users only need to remember one set of strong credentials, reducing the likelihood of users choosing weak passwords or reusing passwords across multiple applications

  2. Consistent Security Policies - organisations can enforce consistent security policies across multiple applications. This ensures that security measures, such as password complexity requirements or account lockout policies, are applied uniformly.

Before SSO can be enabled on the Portal, you will need to ensure Microsoft Entra has been set up correctly.

https://learn.microsoft.com/en-us/entra/identity/saas-apps/saml-toolkit-tutorial

Requirements

Stages

You will need to do the following to set up SSO with Azure.

  1. Obtain your Integration ID (See Configure Single Sign On (SSO) )

  2. Add Microsoft Entra SAML Toolkit

  3. Edit the SAML Configuration

  4. Configure Application Properties

  5. Provide your Metadata URL or Metadata XML (See Configure Single Sign On (SSO) )

Add Microsoft Entra SAML Toolkit

  1. Sign onto Microsoft Entra

  2. In the sidebar click Identity Applications > Enterprise applications

  3. Click Add Application

  4. Search for and click “Microsoft Entra SAML Toolkit”

  5. Click Create

  6. In the 2nd sidebar click Single Sign-On

  7. Select SAML

Edit the SAML Configuration

📌

You will need your Portal Integration ID.

You will then need to configure the Basic SAML Details.

To set up SSO you will need to provide an Entity ID, a Reply URL and a Sign On URL. Then either copy the Metadata URL or download the Metadata XML certificate to begin the configuration process on the portal.

  1. Click Edit in the Basic SAML Configuration section

Screenshot 2024-01-02 at 17.30.33.png

  1. Add the following details:

  • Identifier (Entity ID): https://portal.axscend.com/

    • Tick the default checkbox

  • Reply URL: https://portal.axscend.com/auth/callback

  • Sign On URL: https://portal.axscend.com/auth/signon/sso/<Integration ID>

  1. Click Save

  2. Either Copy the App Federation Metadata URL or Download the Federation Metadata XML

Screenshot 2024-01-02 at 17.30.01.png

Configure Application Properties

Now the application is set, you need to ensure users or groups are able to authenticate through this application.

https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/assign-user-or-group-access-portal?pivots=portal

  1. Ensure the Application is Enabled for users to sign in

  2. Check if Application Assignment should be required

    1. If this option is set to yes, then users and other apps or services must first be assigned this application before being able to access it via Users and Groups
      https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/assign-user-or-group-access-portal?pivots=portal

    2. If this option is set to no, then all users will be able to sign in.

Screenshot 2024-01-10 at 15.10.28.png

You can now use either of these to Configure Single Sign On (SSO) on the Portal.