How to use a custom SSO Provider (Microsoft Azure Active Directory)

How to use a custom SSO Provider (Microsoft Azure Active Directory)

As an Addon to the Applanga Enterprise tier you have the option to connect with custom SSO (Single Sign On) providers. Please get in touch for pricing details.

The following is an example if you want to use Azure Active Directory.


Applanga Azure AD SSO Integration

  1. Sign in to the Azure portal. If your account is present in more than one Azure AD tenant:
    • Select your profile from the menu on the top right corner of the page, and then Switch directory.
    • Change your session to the Azure AD tenant where you want to create your application.

step1.png

 

  1. Navigate to Azure Active Directory > App registrations to register your app. Select New registration.

step2.png

 

  1. When the Register an application page appears, enter your app's registration information:
    • The Name section, can be filled out with any meaningful value eg Applanga Web
    • In the Supported account types section, select Accounts in this organizational directory only (Default_Directory only - Single tenant) so only accounts in the current tenant can log in. You can of course choose a different option if it is needed in your case.
    • Select Register to create the app.

step3.png

 

  1. On the app's Overview page, find the Application (client) ID and Directory (tenant) ID value and record them for later. You'll need to include these values in an email to applanga. More on that later.

step4.png

 

  1. Select Authentication under Manage by the left
    • Click the Add a platform button, and then select Web in the options provided to the right

step5.png

 

  1. Redirect URIs and token type
    • In the Redirect URIs and Front-channel logout URL sections enter the following redirect URI: https://dashboard.applanga.com/auth/microsoft/callback
    • In the Implicit grant and hybrid flows section, check ID tokens
    • Select Configure.

step6.png

 

  1. Next click the Certificates & secrets option by the left, in the Client secrets section, choose New client secret.

    • Enter a key description (for instance App secret).
    • Select a prefered duration e.g 12 months, 24 months, or Custom.
    • When you click the Add button, the key value will be displayed. Copy the key value and save it in a safe location.

    You'll need this key later to configure the application. This key value will not be displayed again, nor retrievable by any other means, so record it as soon as it is visible from the Azure portal.

step7.png

 

  1. The newly generated secret should show up in the list of client secret. Copy and store the secret value some where for the next step.

step8.png

 

  1. Next you have to grant Admin consent for the permissions required for the app to access a user's profile successfully. To do this click on API permissions on the left. In the page that opens find and click the button Grant admin consent for Default_Directory. Note that Default_Directory is the directory name of your current Azure AD tenant and may be different. Click Yes when prompted to confirm if you want to grant the requested consent.

step8.png

  1. Send an email to info@applanga.com with the topic "Custom SSO Configuration - YourCompanyName" which contains your Application (client) ID, Client secret, Directory (tenant) ID, a list of domains that should be enabled for your Azure AD configuration and optionally a Session timeout which if specified will determine how long a login session should stay before users are required to login again. Alternatively and additionally you can provide a list of mail adresses if you want additional accounts to be added that do not belong to a domain. Optionally, you can also provide list of teams and user roles. Every SSO user newly signing up in Applanga will be automatycally added to these teams with preset role. The user role and team assignment can be later modified.
    Applanga will then need to redeploy your configuration wich may take up to 2 weeks and will let you know once its available. If that change is urgent please let us know so we can expedite your request.
    All signups that have been done prior to the configuration deployment will be automatically converted upon their next login.

 

  1. To login with Azure AD on the Applanga Dashboard click on the SSO Login link on the bottom of the login page. You will be redirected to the SSO login page. There, enter your domain or email adress. This will redirect to the Microsoft account login page. If you are logged in with your account, you will be redirected back to the Applanga dashboard.

step6.png

 

If you encounter any issues please let us know.

Thank You!