Login
    Contents x
    Azure AD SSO
    • 20 Aug 2024
    • 2 Minutes to read
    • Contributors
    • Print
    • PDF
    Contents

    Azure AD SSO

    • Updated on 20 Aug 2024
    • 2 Minutes to read
    • Contributors
    • Print
    • PDF
    Article summary

    This guide provides a comprehensive walkthrough for integrating Azure Active Directory with Knovvu VA, streamlining authentication for Azure AD users accessing the web interface via single sign-on (SSO).

    Important Note
    • In order to integrate with Azure AD, the host user must enable Azure AD SSO from host settings under Administration --> Account --> External Provider. However, "Authority", "Client ID" and "Client Secret" parameters must remain blank.

    image.png


    • Before setting up Azure AD, Redirect URI information must be obtained from SESTEK. This Redirect URI is where users are directed after successfully authorizing the application.
    Redirect URI: {{identityBaseUrl}}/signin-azuread-oidc?tenantId=<tenantId>

    Setting Up Azure AD

    To facilitate authentication and authorization between Knovvu VA and Azure AD, a new app should be registered in Azure, and permissions should be assigned accordingly.

    Step 1: New App Registration

    After logging into the Azure Portal, navigate to Azure AD and select "App registration" to proceed with creating a "New registration".

    1-Azure AD new registration


    Specify the application name and supported account types. Then, under Redirect URI, choose "Web" and paste the redirect URI provided by SESTEK, as seen in the screenshot shown below.

    2-Azure AD register an application

    Step 2: Authentication

    Once the application successfully registered, go to "Authentication" in the left menu and enable ID tokens.

    3-Azure AD authentication

    Step 3: Certificates & Secrets

    In the left menu, navigate to "Certificates & secrets" and generate a new client secret to be used in the authentication process.

    Expiration

    After expiration, a new client secret must be obtained and its value must be entered in the settings via the Knovvu VA user interface, otherwise Azure AD users will no longer be able to utilize Single Sign-On (SSO).

    4-5-Azure AD add client secret


    After successfully creating the client secret, ensure to copy the Client Secret Value.

    6-Azure AD client secret value

    Step 4: Application (client) ID

    Navigate to "Overview" section and copy the Application (client) ID.

    7-Azure AD application client id

    Step 5: Endpoint

    Important Note

    Click on "Endpoints" and copy OpenID Connect metadata document endpoint, excluding ".well-known/openid-configuration" part.

    8-Azure AD endpoint


    Configuring Tenant Settings

    After Azure AD setup is finished, the tenant admin must enter the Client Secret Value, Application (client) ID and OpenID Connect metadata document endpoint information within the Knovvu VA user interface. This can be done through Administration --> Account --> External Provider, as shown in the screenshot shown below.

    9-Azure AD Tenant Settings


    Azure AD SSO functionality is now enabled on the login screen.

    10-Azure AD SSO

    Important Note

    When users log in to the interface for the first-time using Azure AD SSO, a user profile is automatically created for them, and they are assigned the designer role by default. This grants users designer-level access within the application interface.

    Administrators can further customize role assignments or permissions within the application itself.

    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout