Single Sign-On With Azure AD

Last modified on August 24, 2020

Azure Active Directory (Azure AD) is a directory and identity management service for Microsoft cloud services, such as Azure and Office 365.

Azure AD can be used to authenticate users in AlertSite. Integrating AlertSite with Azure AD includes the following steps:

  • Adding AlertSite as an application in Azure AD.

  • Assigning the AlertSite application to Azure AD users, groups and roles.

  • Specifying Azure AD details in the AlertSite configuration.

Prerequisites

To configure Azure AD integration, you must be an administrator in Azure and have the Admin account (not Co-Admin) in AlertSite.

Configure Azure AD

First, get AlertSite SAML information that you will need to specify in Azure AD:

  • If you use AlertSite UXM, navigate to  > Settings > Single Sign-On .

    If you use AlertSite 1.0, navigate to Account > Manage Account and click Single Sign-On.

  • Copy the values displayed in the AlertSite SAML Settings section:

    • Entity ID
    • Assertion Consumer Service URL
    • Application URL

Then, in Azure AD:

  1. Log in to your Azure portal as an administrator.

  2. In the left navigation pane, click Azure Active Directory.

    Azure Active Directory

    Click the image to enlarge it.

  3. Select Enterprise applications and click New application.

    Adding a new application

    Click the image to enlarge it.

  4. Click Non-gallery application.

    Add a non-gallery application

    Click the image to enlarge it.

  5. Enter AlertSite in the Name field, and click Add.

    Specifying the application name
  6. Select Single sign-on and change the mode to SAML-based Sign-on.

    Single sign-on mode

    Click the image to enlarge it.

  7. Specify the following settings:

    Configuring SSO settings

    Click the image to enlarge it.

    • Identifier – Paste the Entity ID value from AlertSite.

    • Reply URL – Paste the Assertion Customer Service URL value from AlertSite.

    • Sign on URL – Paste the Application URL value from AlertSite.

    • User Identifier – Select the attribute that contains the user email address. This is typically user.mail or user.userprinciplename.

    • Click View and edit all other user attributes and add the following SAML token attributes:

      Name Value
      givenname user.givenname
      surname user.surname
      emailaddress user.mail
      name user.userprincipalname
  8. Leave everything else by default and click Save at the top.

  9. Under SAML Signing Certificate, click the Metadata XML link to download the metadata file.

    Downloading the metadata file

    Click the image to enlarge it.

Configure AlertSite

AlertSite UXM

  1. Navigate to  > Settings > Single Sign-On.

  2. Select the Single Sign-On check box.

  3. Under Identity Provider SAML Settings, upload the metadata file you previously downloaded from Azure AD. Other settings will be populated automatically.

    Uploading the metadata file to AlertSite

    Click the image to enlarge it.

  4. Click Save.

AlertSite 1.0

  1. Navigate to Account > Manage Account and click Single Sign-On.

  2. Select the Single Sign-On check box.

  3. Under Identity Provider SAML Settings, upload the metadata file you previously downloaded from Azure AD. Other settings will be populated automatically.

    Uploading the metadata file to AlertSite

    Click the image to enlarge it.

  4. Click Submit in the top right corner.

Assign the AlertSite Application to Azure AD Users

Next, configure which Azure AD authenticated users will have access to AlertSite:

  • In the AlertSite application settings, switch to the Users and groups tab and click Add user.

    Assigning AlertSite to users

    Click the image to enlarge it.

  • Select the users, groups or roles that will have access to AlertSite.

    Selecting users

    Click the image to enlarge it.

  • Add other users, groups or roles if necessary.

  • Click Assign.

    Applying assignments

Test Single Sign-On

To test single sign-on initiated from Azure AD:

  1. Log out from AlertSite.

  2. Open your Azure Apps gallery at https://account.activedirectory.windowsazure.com/r#/applications.

  3. Click AlertSite in the list.

    AlertSite in Azure Apps list

    Click the image to enlarge it.

You will be redirected to AlertSite and will be logged in automatically.

To test single sign-on initiated from AlertSite:

  1. Copy the Application URL value from the Single Sign-On settings in AlertSite. This will be the AlertSite login page for your company while SSO is enabled. It looks like this:

    https://www.alertsite.com/sso/saml/<ID>

  2. Log out from AlertSite and from Azure AD.

  3. (Recommended.) Open a new browser tab in incognito mode.

  4. Navigate to the URL you got on step 1.

  5. You will be redirected to the Azure AD sign-in page.

  6. Log in using your Azure account credentials.

You will be redirected to AlertSite and will be logged in.

See Also

Single Sign-On
Configure Single Sign-On in AlertSite

Highlight search results