Introduction
Single Sign-On (SSO) is a feature within CiteOps that streamlines user authentication.
SSO offers the following advantages:
- Reduces password fatigue for users. Their organization login securely grants access to CiteOps.
- Centralized user management. AD administrators can quickly add and remove users from access groups, simplifying username and password management and reducing helpdesk workload.
- Enhanced security. SSO enforces password complexity, multi-factor authentication, and centralized security controls.
This guide provides the steps for setting up Azure AD-based SSO for CiteOps. While Active Directory/Entra Id is our primary focus, CiteOps also integrates with other user directories that support SAML2.
For any assistance, feel free to contact support at support@commit.works.
Setting up SSO using Azure AD
The following setup needs to be performed once for both Test and Production environments.
Step-by-Step Setup Guide
- Open Microsoft Azure.
-
Create a new Enterprise Application: Name the application according to your conventions, such as
CiteOps Test SSO
andCiteOps Prod SSO
.- Choose "Integrate any other application you don't find in the gallery".
- Select "Set up Single Sign-On".
There are 5 steps to configure SAML-based SSO.
Step 1: Basic SAML Configuration
Fill in the following details with the appropriate environment URL:
-
Identifier (Entity ID):
https://<sitename>.commit.works/Identity/SAML
-
Reply URL (Assertion Consumer Service URL):
https://<sitename>.commit.works/Identity/SAML2/ACS
-
Logout URL:
https://<sitename>.commit.works/Identity/SAML2/Logout
Replace <sitename>
with your site-specific domain name (e.g., citeopssite
for production and testciteopssite
for test).
Step 2: User Attributes & Claims
In this section, map user attributes as follows:
-
givenname:
user.givenname
-
surname:
user.surname
-
emailaddress:
user.mail
-
name:
user.userprincipalname
-
Unique User Identifier:
user.userprincipalname
Ensure all claims are filled out correctly to pass user information into CiteOps.
Step 3: SAML Signing Certificate
Azure will generate certificates and URLs for authentication. Perform the following actions:
- Download the generated SAML signing certificates.
- Send these certificates along with the Azure AD SAML Metadata URL to support@commit.works, so they can be integrated into the CiteOps environment.
Step 4: Configure CiteOps Settings
Once the application is configured, you’ll receive three critical URLs from Azure:
- Login URL
- Azure AD Identifier
- Logout URL
Send these URLs to support@commit.works for integration into CiteOps.
Step 5: Assigning User Groups
Once the setup is complete, create and assign user groups in Azure AD to manage access to CiteOps. This allows AD administrators to control user permissions efficiently.
Once users are added, they can login to CiteOps by clicking on "Single Sign On" using their organizations credentials.
Comments
0 comments
Article is closed for comments.