This guide will walk you through the steps to configure SSO between your Identity Service Provider, Azure Active Directory (AD) and ALTR. It is written for someone with Super Administrator privileges to follow.
The following prerequisites must be met to configure SSO for Azure Active Directory (AD):
Your organization must be on our Enterprise Plus tier plan
You must have Super Administrator privileges
You must have Administrator access to your IdP account
Follow the steps below to configure SSO between Azure AD and ALTR.
From your Azure portal, choose Azure Active Directory (Figure 1) and then choose Enterprise Applications from the navigation bar on the left (Figure 2).
Create a new Azure Active Directory Enterprise Application to connect with ALTR by clicking the New Application button shown in figure 3.
Click Create your own application (Figure 4). In the panel that appears, name it appropriately and choose the "Non-gallery" application option (Figure 5).
Once the Enterprise Application is created, navigate to its Overview page if you are not already there. From there, choose Set up Single Sign-On or click "Single Sign-On" from the navigation bar on the left (Figure 6).
Choose SAML from your list of Single Sign-On options shown in figure 7.
From the ALTR UI SSO Configuration Page, click the Download button underneath the ALTR SP Metadata File URL. See figure 11.
Once the file is downloaded, go back to Azure and click Upload metadata file (Figure 9). Choose the file you just downloaded and click Add (Figure 10). This automatically imports all the required information from the ALTR SP Metadata File to Azure. No changes are necessary and you can click Save.
(Optional but recommended) Assign your users and groups as desired to this new application so they can access the ALTR UI.
From your Azure Enterprise Application Single Sign-On Settings page, scroll down to the SAML Certificates section. Click the Copy icon on the App Federation Metadata URL field to copy your IDP Metadata URL (Figure 12). Paste this into the ALTR UI SSO Configuration Page field and choose the Azure radio option.
Click Enable on the ALTR SSO Configuration Page.
Frequently Asked Questions
Question: Now that I've enabled SSO why can't my users log in?
Answer: We will do matching on the username field and there's a requirement that users have an identity with a matching username on both sides (ALTR and their Identity Provider).
Thank you! We appreciate your feedback.
Oops! Something went wrong while submitting the form.