How to setup Azure SSO

Follow these instructions to configure your  Azure AD account to connect to WhosOff for single sign on purposes.

PRE-REQUISITES:

• A Microsoft Entra user account. If you don't already have one, you can create an account for free
• One of the following roles: Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal
• Completion of the steps in Quickstart: Create and assign a user account
• You will need to have an existing account on WhosOff
• You will need to be a registered super user on your WhosOff account

1. FROM WITHIN YOUR AZURE ACCOUNT

• Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator
• Navigate to Identity > Applications > Enterprise applications > All applications
• Click '+ New Application'
• Enter the name of the existing application in the search box  (Azure AD SAML Toolkit), and then select the application from the search results - you can rename this later if you wish, e.g. WhosOff SAML
• In the Manage section of the left menu, select Single sign-on to open the Single sign-on pane for editing
• Select SAML to open the SSO configuration page. After the application is configured, users can sign in to it by using their credentials from the Microsoft Entra tenant

The process of configuring an application to use Microsoft Entra ID for SAML-based SSO varies depending on the application. For any of the enterprise applications in the gallery, use the configuration guide link to find information about the steps needed to configure the application. The steps for the Azure AD SAML Toolkit 1 are listed in this article.

• In the 'Set up Azure AD SAML Toolkit 1' section, record the values of the Login URL, Microsoft Entra Identifier, and Logout URL properties to be used later.

2. CONFIGURE SINGLE SIGN-ON IN THE TENANT

To configure SSO in Azure AD, you will add sign-in and reply URL values, and download a certificate to begin the configuration of SSO in WhosOff.

• In the Entra admin center, select Edit in the Basic SAML Configuration section on the 'Set up single sign-on' pane
• For Identifier (Entity ID), enter WhosOff as the default (tick the default check box) and a secondary of https://app.whosoff.com
• For Reply URL (Assertion Consumer Service URL), enter https://app.whosoff.com/int/sso/azure/
• For Sign on URL, enter https://app.whosoff.com/int/<IntegrationGUID>/sso/azure/
• Select Save
• In the SAML Certificates section, select Download for Federation Metadata XML to download the SAML signing certificate and save it to be used later

NOTE: <IntegrationGUID> is unique to each company so must be replaced with your unique value. This can be found through WhosOff in the steps below. 
 
3. CONFIGURE SINGLE SIGN-ON IN THE APPLICATION

• Login to your WhosOff account
• Click Administration on the Left Hand Menu
• Click Admin dashboard
• On the right of the resulting page, click Company settings

• Click on the Single Sign On tab (left hand side)
• From the SSO provider drop down, select Azure and click on Activate SSO
• Once activated, copy the Integration GUID and save it on your computer (this can be used to configure the tenant, following the steps above).

 You can test the single sign-on configuration from the 'Set up single sign-on' pane. To test SSO: