Skip to content
  • There are no suggestions because the search field is empty.

Set up single sign-on (SSO) with Microsoft Azure Active Directory

Single sign-on is an authentication scheme that allows a user to log in with a single ID and password to any of several related, yet independent, software systems.

As we highly value security in all of our operations, we decided to make SSO available for all AlisQI customers free of charge!

This article presents how to configure single sign-on for AlisQI with MS Azure AD. Other directories should work just fine, as long as they support SAML 2.


 

Introduction

AlisQI encourages the use of single sign-on for security and convenience. If you wish to enable this feature, please contact support@alisqi.com.

Terminology

AlisQI supports single sign-on based on SAML 2.

In SAML terms, your user directory (e.g., Azure Active Directory) will fulfill the role of Identity Provider (IdP), while AlisQI is the Service Provider (SP).

Changes to user management

Without SSO, AlisQI users are identified by a username and a password. Email addresses are optional.

With SSO enabled, users are identified by their email addresses. Since the username and password fields are obsolete, they will be deactivated when going live with SSO.

Before SSO can be enabled, all users must have a valid email address. Note that these must exactly match those in your user directory!

Setting up

In this article, you'll have all the steps for setting up Microsoft Azure Active Directory since most of our customers use this. Other directories should work just fine, as long as they support SAML 2.

Download AlisQI metadata

Before you start configuring SSO in Azure, you need to download the metadata of the AlisQI SP. You can find the link in the application settings screen. Clicking it will automatically download the XML file.

 

Create a new application in Azure Active Directory

  1. Open your Azure AD portal
  2. Chose Manage / Enterprise applications from the menu
  3. Add a new application
  4. Click "Create your own application"

Configure single sign-on

  1. In the application overview, open single sign-on settings and then select SAML

  2. Upload the AlisQI metadata you downloaded earlier



  3. A popup "Basic SAML Configuration" will open. You don't need to make any changes, so just hit Save and close the popup.
  4. A second popup will ask whether you wish to test single sign-on. This won't work yet, so just close it.
  5. Edit the User Attributes & Claims, and set Unique User Identifier to user.mail like in the image below

  6. Copy the App Federation Metadata Url and send it to AlisQI support.

Users and groups

You must specifically allow users to access AlisQI by adding them to the Users and groups menu in the application overview.

Properties

Optionally, you can add the AlisQI logo in the properties screen to make the application more recognizable to your users.

Resources

Watch the following videos by Microsoft for details: