Articles in this section

Setting up Single Sign On (SSO) with Microsoft / Azure AD

  • Updated
Follow

Single Sign On allows your staff to have one password for all their applications, and avoid the need to log on separately to different systems. This guide steps through the process of setting up Single Sign On for Leave Dates using Microsoft Azure.

How to Configure Single Sign-On with Microsoft

Follow these steps to create the app registration:

  1. Sign in to the Azure portal.
  2. If you have access to multiple tenants, use the Directory + subscription filter  in the top menu to select the tenant in which you want to register an application.
  3. Search for and select Azure Active Directory.
  4. Under Manage, select App registrations, then New registration.
  5. Enter Leave Dates for the application name. 
  6. Specify who can use the application, sometimes referred to as the sign-in audience as Accounts in this organizational directory only (single tenant)
  7. Don't enter anything for Redirect URI (optional), you'll configure one in the next section.
  8. Select Register to complete the initial app registration.
  9. When registration completes, the Azure portal displays the app registration's Overview pane, which includes its Application (client) ID. Also referred to as just client ID, this value uniquely identifies your application in the Microsoft identity platform. Copy this value, it will be used later.
  10. Under Manage, select Branding
  11. Upload the attached file as a logo
  12. Ignore the Home Page URL, this will be filled in later.
  13. Enter https://www.leavedates.com/our-terms-of-use/ as the Terms of Service
  14. Enter https://www.leavedates.com/privacy-policy/ as the Privacy Statement
  15. Copy the Publisher domain, this will be used later.
  16. Press Save
  17. Under Manage, select Certificates & secrets
  18. Select + New client secret
  19. Add a description (optional) and choose the expiry period. Use Never unless you have a process for renewing these.
  20. Click Add
  21. Copy the Secret Value you just created. It will be shown in the table.
  22. Open a new tab in your browser and log into Leave Dates using your admin account. You will be using the Microsoft tab again later.
  23. Navigate to the Settings > Integrations page
  24. Click the Add Provider button within the Single Sign On section
  25. Provide a Subdomain for the login process (eg. https://companyname.leavedates.com). Choose something memorable and easy to type, such as companyname. It will be used later to automate the login process. You cannot change this later so choose wisely! If you are not asked for this, that is because you have previously entered a subdomain which will be used. 
  26. Press Continue and a new form will appear.
  27. Select Microsoft as the Provider
  28. Enter the Base URL as previously copied in stop 14 above (Publisher domain). This is should be something like companyname.onmicrosoft.com
  29. Paste in the Client ID copied in step 9 - Application (client) ID
  30. Paste in the Client secret value copied in step 21
  31. Press Create
  32. An entry will be added to the table, as shown below.

    mceclip0.png
  33. Copy the values for LOGIN URL and CALLBACK URL from the table and revert back to the Microsoft browser tab.
  34. In the Overview page, click on Add a Redirect URI
  35. Click + Add a platform
  36. Select Web and then paste in the CALLBACK URL copied in step 32.
  37. Under Manage, select Branding
  38. Paste the LOGIN URL as the Home Page URL
  39. Click Save
  40. The single sign on application configuration is now complete.

Further considerations

  • Users will need to be created in Leave Dates using the same email address as configured for Azure/Microsoft.
  • Users will need to be invited to use Leave Dates by an admin user, and create an account in Leave Dates using the non-SSO approach (which includes creating a password). This gives them the flexibility to use password login as well if they choose. Users can only log in using SSO once an account has been created in Leave Dates.
  • Users will need to be assigned to the Leave Dates application within the Microsoft / Azure Portal. Instructions on how to do this are here.
  • The Login URL link shown in the table in step 18 above can be used as a direct link for logging into Leave Dates using Single Sign On.
  • Alternatively, the user can also log in via Microsoft using by clicking Log In on the Leave Dates website, followed by clicking Sign in with SSO and entering the company subdomain (created in step 25 earlier).
  • Logging out from Microsoft / Azure will not log you out from Leave Dates.

 

Related articles