Configure Single Sign-On (SSO) to use Microsoft Azure as your Identity Provider

You can use Microsoft Azure as the identity provider (IdP) for your enterprise users to sign in to Aternity via SSO with their network username and password.

Single Sign-On (SSO) brings the most secure access to Aternity by bypassing Aternity's sign in screen, and authenticating with your enterprise's chosen identity provider (IdP) just once using passwords, two-factor authentication (2FA), or even biometrics. Every time you access Aternity as an SSO user, it automatically reroutes you securely to the IdP, and then after authentication, it routes you back to your Aternity home page as a signed in user. SSO uses the secure SAML 2.0 protocol to delegate the entire authentication process to the IdP.

Set up Microsoft Azure to enable sharing identity and authentication information securely with Aternity.

Procedure

  1. Step 1 Connect to the Azure Portal (https://portal.azure.com) and open Azure Active Directory by typing Azure Active Directory in the search box in the top bar.
  2. Step 2 Select Enterprise Applications from the Manage menu in the left pane.
  3. Step 3 Select the Overview page and then select New application.
    Add a new app to your Azure AD
  4. Step 4 In the Add an application page, select Non-gallery application.
  5. Step 5 When prompted, type a name for the enterprise application and then select Add.
    Add a name for the application
  6. Step 6 Select Single sign-on in the left pane and then select SAML to start configuring a secure authentication to your Enterprise application.
    Secure authentication to applications
  7. Step 7 First, select Edit in the Basic SAML Configuration area.
    1. a Open a browser and sign in to Aternity.
    2. b Select the Gear Icon > Integration Settings > Security SSO
    3. c Copy and write down somewhere the Domain URL, Entity ID, and Consumer URL of the Aternity instance.
    4. d Paste the copied strings of the instance you are integrating to the respective fields in the Azure Basic SAML Configuration area, and then select Save.
      Configure the Basic SAML data with the data of the instance you are integrating
  8. Step 8 Second, select Edit in the User Attributes and Claims area. (Optional configuration for SSO groups).
    Tip

    For individual user login attempts, it is not necessary to set up User Attributes and Claims; the out-of-the-box settings automatically apply for individual users.

    1. a Select Add a group claim.
    2. b Select the Groups assigned to the application radio-button.
    3. c In the Advanced options area, enable Customize the name of the group claim and select memberOf in the Name field.
      Configure SSO Groups
  9. Step 9 Third, download the Federation Metadata XML and paste it to the Aternity > Integration Settings > Security-SSO > IdP Metadata.
    Set SSO in Aternity console
  10. Step 10 Assign group(s) to the application you are integrating.
    1. a Select Users and groups.
  11. Step 11 Continue by enabling SSO in Aternity.

    Create an SSO user and/or group(s) in Aternity that matches your Azure AD user.

    In the Add SSO Group window, in the Group Value, enter the object ID of the Group from the Azure AD.