Suggested Reading: Single Sign-On (SSO)
This guide lists the actions you need to complete to configure SSO with Microsoft Azure Active Directory (AD). You can follow these steps if you are using Azure AD as your identity provider:
1. Go to Settings > Inone Settings > Security on your Inone panel.
2. Click the "Enable SSO" checkbox to enable Single Sign-on. The workplace ID given will be the ID you use to enter the panel when first signing in with SSO. This ID is the same as the panel name.
3. If you want to enforce all users to enter the panel via SSO, you can check the “Use SSO as default login method” checkbox. Once you check this box, your current users will not be able to use their Insider-specific usernames and passwords.
4. Log in to your Azure AD app and go to Applications > Enterprise Applications to click the + New application button.
5. Click the + Create your own application button.
6. Name your app and choose the option shown below on the pop-up.
If you have multiple panels and want to assign different user roles to each, you need to create separate applications for each panel. You can name them accordingly.
7. Go to the 2. Set up single sign on option.
8. Select SAML as your single sign-on method.
9. On the following page, click the Edit button next to the Basic SAML Configuration.
10. Copy the Insider SSO URL from the Insider panel and paste it to the Reply URL (Assertion Consumer Service URL) on Azure. Copy the Service Provider Entity ID from the Insider panel and paste it to Identifier (Entity ID).
11. You should leave the Sign on URL (Optional) and Relay State (Optional) options empty.
12. To enable Single Logout, check the "Enable SLO" box. Then copy the given Insider Single Logout URL and paste it to the Logout URL section on Azure on the same page above.
13. Click the Save button on Azure to complete this step.
14. On the following page, click the Edit button next to Attributes & Claims.
15. Go to Unique User Identifier (Name ID).
16. Choose email address for the Name identifier format, and user.mail for the Source attribute.
17. Go to Manage > Single sign-on on the left menu to download the Federation Metadata XML. You’ll see an XML file downloaded on your computer.
18. Go to Settings > Inone Settings > Security on your Inone panel and upload the downloaded XML file. The IDP Issuer, IDP SSO Login URL, and x.509 Public Certificate fields will be populated automatically.
You can also enter the values manually if you prefer.
19. If you have enabled the Single Logout for Insider, copy the Logout URL listed in the 4th step in the image below and paste it to the IDP Logout URL field on Insider.
20. To test the connection on Azure, you need to assign your user to the newly created app. Click the Users and Groups tab on the left menu. Click the + Add user/group button.
21. On the following pop-up, select your user and click the Assign button.
22. Now test the SSO connection on Insider. Once you click the Test SSO Connection button, the connection will be tested. You will see the error code next to the button if there is an error.
23. Click the Save button to save the settings. You should successfully pass the SSO connection test to be able to save the settings.
Congrats! You have successfully set up SSO for your panel users with Azure AD.