All Collections
Users
Single sign-on & User provisioning with Microsoft Azure
Single sign-on & User provisioning with Microsoft Azure

Set up single sign-on and user provisioning with Microsoft Azure Active Directory.

Ty Howden avatar
Written by Ty Howden
Updated over a week ago

embed signage offers Single Sign-On (SSO) and User Provisioning integration with Microsoft Azure Active Directory. This guide will show you how to set it up:

User provisioning SCIM Supported features

  • Create users
    ​Users created and assigned to embed signage in Azure will be automatically created in embed signage.

  • Update user attributes
    ​Updates made to an assigned user in Azure will be pushed to embed signage.

  • Deactivate users
    ​Removing or disabling a user's access to embed signage in Azure will delete the user in embed signage which will disable login to embed signage.

  • Groups
    ​Groups assigned and pushed to embed signage in Azure will create a User group in embed signage with users already assigned via Azure.

Requirements

You must be an admin user to set up single sign-on and user provisioning.

Set up the application in azure

  • Sign in to your azure portal and go to Azure Active directory.

  • Go to Enterprise applications, click "New application" and search for "embed signage"

  • Click on the embed signage tile and click "Create"

Setting up user provisioning

  • To enable user provisioning in embed signage, you must be an admin user.

  • Go to embed signage > Account settings > Security > User provisioning

  • Create a token and copy this and your base URL somewhere safe as you'll need to enter it in the next steps.

  • You can select a role to apply to users that are provisioned, if you do not select a role, a new role will be created. You will need to update the rule to add permissions to provisioned users.

  • Back in Microsoft Azure, Go to the Provisioning section in the app you set up for embed signage and click "Get started"

  • Choose the automatic provisioning mode

  • Enter your base URL (Tenant URL) and Secret token and click test connection.

Setting up single sign-on

  • Go to the Single sign on section and click SAML based sign on.

  • Edit the basic configuration and in identifier, enter your Entity ID, you can find this in embed signage > Account settings > Security > Single sign on.

  • In the Reply url, enter your embed signage sign in URL, you can find this in embed signage > Account settings > Security > Single sign on.

  • In the Logout url, enter your embed signage logout URL, you can find this in embed signage > Account settings > Security > Single sign on.

  • Click save and then download the Federation Metadata XML in title 3.

  • Head over to embed signage > Account settings > Security > Single sign on.

  • Enable single sign on and upload the Federation Metadata XML file you downloaded earlier.

  • Click save changes, your account is now ready to use single sign on. Logout and test it.

Troubleshooting and Tips

  • Users managed via user provisioning, cannot be edited in embed signage.

  • Once SSO is setup, users will not be able to log in via embed signage, users will have to login from Azure.

If you have any questions or require any assistance, please contact [email protected].

Did this answer your question?