Set up single sign-on (SSO) with Microsoft Azure Active Directory

Single sign-on is an authentication scheme that allows a user to log in with a single ID and password to any of several related, yet independent, software systems.

This article presents how to configure single sign-on for AlisQI.

In this article

Introduction

AlisQI encourages the use of single sign-on for security and convenience. If you wish to enable this feature, please contact support@alisqi.com.

Terminology

AlisQI supports single sign-on based on SAML 2.

In SAML terms, your user directory (e.g., Azure Active Directory) will fulfill the role of Identity Provider (IdP), while AlisQI is the Service Provider (SP).

Changes to user management

Without SSO, AlisQI users are identified by a username and a password. Email addresses are optional.

With SSO enabled, users are identified by their email addresses. Since the username and password fields are obsolete, they will be deactivated when going live with SSO.

Before SSO can be enabled, all users must have a valid email address. Note that these must exactly match those in your user directory!

Setting up

In this article, you'll have all the steps for setting up Microsoft Azure Active Directory since most of our customers use this. Other directories should work just fine, as long as they support SAML 2.

Download AlisQI metadata

Before you start configuring SSO in Azure, you need to download the metadata of the AlisQI SP. You can find this by going to https://[your].alisqi.com/sso (e.g., https://demo.alisqi.com/sso). Note that AlisQI uses the open-source package SimpleSAMLphp as its middleware for SAML.

Open the Federation tab and click Show metadata (as shown in the screenshot below). Next, open the link to the metadata and save the file to disk. You will probably have to rename the file to add the .xml extension. Alternatively, you can also copy-paste the XML shown on the page into a new file.

Create a new application in Azure Active Directory

  1. Open your Azure AD portal
  2. Chose Manage / Enterprise applications from the menu
  3. Add a new application
  4. Click "Create your own application"

Configure single sign-on

  1. In the application overview, open single sign-on settings and then select SAML
  2. Upload the AlisQI metadata you downloaded earlier
  3. A popup "Basic SAML Configuration" will open. You don't need to make any changes, so just hit Save and close the popup.
  4. A second popup will ask whether you wish to test single sign-on. This won't work yet, so just close it.
  5. Edit the User Attributes & Claims, and set Unique User Identifier to user.mail like in the image below
  6. Copy the App Federation Metadata Url and send it to AlisQI support.

Users and groups

You must specifically allow users to access AlisQI by adding them to the Users and groups menu in the application overview.

Properties

Optionally, you can add the AlisQI logo in the properties screen to make the application more recognizable to your users.

Test and go live

AlisQI support will be able to test the SSO integration in the middleware before enabling it in the application. Once the integration is verified, we can together decide when to activate this within AlisQI.

.

Resources

Watch the following videos by Microsoft for details:

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.