Configuring single sign-on (SSO) with Azure
This article explains how to configure the SAML SSO integration of the new Azure AD portal and Quickpass. These instructions apply to the newer Azure portal interface.
Prerequisites
- Microsoft Azure account with Azure AD Premium activated.
- Primary or Super Role for Quickpass
- Global Admin or Co-admin account in Azure.
- All of your users under your account in Quickpass will need an account in Azure Active Directory with the same value as the UPN set in your Azure Tenant
Manual - https://support.getquickpass.com/hc/en-us/articles/360040722434-How-to-Setup-Quickpass-Dashboard-Logins
Bulk Import - https://support.getquickpass.com/hc/en-us/articles/4411037813783-How-to-Bulk-Import-Quickpass-Dashboard-Logins - Initial configuration steps as per https://support.getquickpass.com/hc/en-us/articles/4419178721559-Setting-up-Dashboard-Logins-for-SSO-SAML-
- Before turning this feature on, log in to your Quickpass account twice - once in a regular browser and once in an incognito/private window or another browser. This is to ensure that you are still logged in to your account if you get locked out in the other window.
Instructions
- Log in to the Azure portal (https://portal.azure.com/). In the left-hand menu, click Azure Active Directory > Enterprise applications.
- Click + New application at the top of the screen.
- Click the Create your Own Application button.
- Give the new application a name (we suggest Quickpass SSO) and then ensure the radio button is in the 'Integrate any other application.....(Non-Gallery).
- Click the Create button at the bottom of the screen,
- This will add a custom application to your Azure Active Directory.
Note: If you do not have Azure AD Premium activated, you will not be able to enter the name of the application and an invite message to upgrade to Premium will appear.
- Once the application loads, click Users and groups in the left-hand menu. Click + Add user/group to assign users or user groups to this application. Ensure that all accounts (Login Roles) that are used with Quickpass are added to this section.
- Click the Users and Groups "None Selected" link and add the Users and Groups that are used by Technicians signing into Quickpass. Once all users/groups have been added click Select and then Assign
- Next, click Single sign-on in the left-hand menu and then on the SAML button.
Configuring Azure
Basic SAML Configuration
- In the setup screen, click the pencil icon in the Basic SAML Configuration box.
- Enter the following URLs in the fields provided:
-
Identifier (Entity ID) - Enter your Quickpass Entity ID value from the Quickpass Dashboard
- QP Dashboard > Login Management > Authentication Options > Entity ID
-
Reply URL (Assertion Consumer Service URL) - Enter
NA or Oceania https://admin.getquickpass.com/api/auth/sso/login/callback EU https://eu-admin.getquickpass.com/api/auth/sso/login/callback
- Sign on URL (Optional) - Leave this BLANK/EMPTY
- Relay State - Enter your Quickpass Entity ID value from the Quickpass Dashboard
-
Logout URL - Enter
NA or Oceania https://admin.getquickpass.com EU https://eu-admin.getquickpass.com
-
Identifier (Entity ID) - Enter your Quickpass Entity ID value from the Quickpass Dashboard
- Click Save at the top of the form when finished.
- When configured the Basic SAML section should look like this
- When configured the Basic SAML section should look like this
User Attributes & Claims
- Return to the setup screen and click the pencil icon in the User Attributes & Claims box.
- Click Unique User Identifier (Name ID).
- Select user.userprincipalname in the Source attribute drop-down menu. Click Save at the top of the form. (this is the default)
-
When finished the Attributes and Claims section should look like this
Note: If the UPN Value for your Accounts are different than your Email Address, please ensure that the Quickpass Login account value matches the UPN value, rather than the Email for your team to login with. Most accounts will be setup with the same UPN as the Email but this may not be the case.
Note: If you are using Unlicensed Accounts in Azure for SSO login, you MUST use the User Principal Name (UPN). You will need to ensure that the Email account shown on the Quickpass Dashboard matches the UPN address. - Click the X in the top right corner of the Attributes & Claims screen when finished.
SAML Signing Certificate
- Return to the setup screen and click the pencil icon in the SAML Signing Certificate box.
- Enter a notification email for the certificate expiry reminders. Click Save at the top of the form.
- Back in the setup screen, click to download the Certificate (Base64) to save the certificate file on your computer and copy the Thumbprint.
- Paste the Thumbprint Value into the Quickpass SSO Setup page into the Fingerprint Box.
- Edit the Certificate file you downloaded with a Text Editor (Notepad for example).
- Paste the Certificate Text into the Quickpass SSO Setup Page into the Certificate Box.
NOTE: Ensure that there are no leading or trailing spaces with the Certificate. The value here must start and end with the "-" (hyphen) text.
- Paste the Certificate Text into the Quickpass SSO Setup Page into the Certificate Box.
Setup <Your Application Name>
- Return to the setup screen and click the View step-by-step instructions link in the Setup <Your Application Name> box.
- Review the KB Article https://support.getquickpass.com/hc/en-us/articles/4419178721559-Setting-up-Dashboard-Logins-for-SSO-SAML- that will guide you through filling out the:
- Login URL (a.k.a. SAML Single Sign-On Service URL)
- Azure AD Identifier (a.k.a. SAML Entity ID), and
- Logout URL (a.k.a. Sign-out URL) fields.
Test Single Sign-on with <Your Application Name>
- Return to the setup screen and click the Test button in the Test Single Sign-on with <Your Application Name> box to check if single sign-on is working.
SAMPLE CONFIGURATION
Leave the Azure portal open as you continue onto configuring Quickpass.
Comments
0 comments
Please sign in to leave a comment.