embed signage offers Single Sign-On (SSO) and User Provisioning integration with Microsoft Azure Active Directory. This guide will show you how to set it up:
User provisioning SCIM Supported features
Users created and assigned to embed signage in Azure will be automatically created in embed signage.
Update user attributes
Updates made to an assigned user in Azure will be pushed to embed signage.
Removing or disabling a user's access to embed signage in Azure will delete the user in embed signage which will disable login to embed signage.
Groups assigned and pushed to embed signage in Azure will create a User group in embed signage with users already assigned via Azure.
You must be an admin user to set up single sign-on and user provisioning.
Set up the application in azure
Sign in to your azure portal and go to Azure Active directory.
Go to Enterprise applications, click "New application" and search for "embed signage"
Click on the embed signage tile and click "Create"
Setting up user provisioning
To enable user provisioning in embed signage, you must be an admin user.
Go to embed signage > Account settings > Security > User provisioning
Create a token and copy this and your base URL somewhere safe as you'll need to enter it in the next steps.
You can select a role to apply to users that are provisioned, if you do not select a role, a new role will be created. You will need to update the rule to add permissions to provisioned users.
Back in Microsoft Azure, Go to the Provisioning section in the app you set up for embed signage and click "Get started"
Choose the automatic provisioning mode
Enter your base URL (Tenant URL) and Secret token and click test connection.
Setting up single sign-on
Go to the Single sign on section and click SAML based sign on.
Edit the basic configuration and in identifier, enter your Entity ID, you can find this in embed signage > Account settings > Security > Single sign on.
In the Reply url, enter your embed signage sign in URL, you can find this in embed signage > Account settings > Security > Single sign on.
In the Logout url, enter your embed signage logout URL, you can find this in embed signage > Account settings > Security > Single sign on.
Click save and then download the Federation Metadata XML in title 3.
Head over to embed signage > Account settings > Security > Single sign on.
Enable single sign on and upload the Federation Metadata XML file you downloaded earlier.
Click save changes, your account is now ready to use single sign on. Logout and test it.
Troubleshooting and Tips
Users managed via user provisioning, cannot be edited in embed signage.
Once SSO is setup, users will not be able to log in via embed signage, users will have to login from Azure.
If you have any questions or require any assistance, please contact [email protected].