Configure SSO with Azure Active Directory

Before you configure user authentication by using Azure Active Directory, make sure you complete the following prerequisites:

Prerequisites

Before you select this option, make sure you complete the following prerequisites:

  • Azure Active Directory is configured

    Azure AD must be set up and linked to your organization’s cloud environment. This involves creating a directory in the Azure AD portal and integrating it with your organization's identity management processes.

  • Application is registered in the Azure AD portal

    You need to register Calibo Accelerate as an application in Azure AD. This process generates a unique application identity, which allows Calibo Accelerate to interact securely with Azure AD for authentication purposes. During registration, you need to define settings like redirect URIs, permissions, and user assignments.

  • Fetch Tenant ID, Client ID, and Client Secret of the registered application from Azure AD portal

    • Tenant ID: A unique identifier for your Azure AD directory (tenant). This value is needed to establish a connection between Calibo Accelerate and your Azure AD instance.

    • Client ID: Also known as the application ID, this is generated when you register your application in Azure AD. It uniquely identifies the registered application.

    • Client Secret: This is a secret key generated in Azure AD that acts like a password for the application. It’s required to authenticate Calibo Accelerate during the SSO process.

  • Add mandatory API permissions to the application in Azure AD:

    • User.Read (Default): This permission allows Calibo Accelerate to read the basic profile information of the signed-in user (such as name and email).

    • User.Read.All (Type – Application): This permission is required for Calibo Accelerate to read the profiles of all users within the Azure AD directory. It is essential for managing user access and importing users into the Calibo Accelerate platform.

To configure user authentication by using Azure Active Directory, do the following:

1. Configure Azure Active Directory details

  1. On the Configure Azure Active Directory screen, enter the values for the following fields that you fetched in the Prerequisites section:

    • Tenant ID

    • Client ID

    • Client Secret
      Configuring Azure Active Directory connection details

  2. Click Test Connection to validate the connection details that you have configured.

  3. After a successful test connection, click Next.

2. Import/Add users

You can either import users from Azure Active Directory or manually add users to the platform. On the Import/Add users screen, do one of the following:

  1. Click Import Users
    On the Import/Add Users screen, click Azure Active Directory, and then click Proceed.

    Importing users from Azure Active Directory

  2. Select Users to Add to the Platform
    A list of users imported from Azure Active Directory is displayed. Select the appropriate boxes for the users you want to add to the Calibo Accelerate platform. In the search box, you can search for a user by their name or email address. Additionally, you can apply a country filter to narrow down the results.

    Select users to add to the Calibo Accelerate platform

    After you select all the intended users, click Proceed. It's time to choose platform administrators.

To add users manually, do the following:

  1. On the Import/Add Users screen, click Add Users Manually.

    Add Azure Active Directory users manually

  2. On the Specify Your Domain screen, enter the domain name for which you have configured SSO.
    If you enter any other domain here, SSO for the Calibo Accelerate platform will fail.

  3. Click Proceed.

    Specify domain to add users to Calibo Accelerate

  4. On the Add Users to the Platform screen, click Add Users.

  5. In the side drawer, enter the user details, including their first name, last name, a valid email address, and select the country. Then, click Add.
    Enter user details to add them manually

  6. After you add all the intended users, click Proceed. It's time to choose platform administrators.

3. Select administrators

On the Select Administrators screen, in the search box, you see all the users that you added in the previous step. Start typing the name of the user you want to designate as an administrator. After you select all the intended administrators, click Next.
Select platform administrators from the list of chosen users

4. Review Platform Users

The Platform Users screen displays the list of all the administrators and users you chose to add to the Calibo Accelerate platform in the previous steps. The details such as each user's name, email address, and country are displayed. The Status column indicates whether the user was successfully added or if there was an issue. In case of failure, review the error messages and take the necessary action.

You can go back to the previous screen to make any changes or click Next to finish adding users to the Calibo Accelerate platform.

List of Caliibo Accelerate administrators and users

5. Add redirect URI to Azure Active Directory

After you click Configure in the previous step, the SSO configuration in the Calibo Accelerate platform interface is complete and a redirect URI is available. Copy this URI and add it to the registered application (mentioned in the prerequisites) in the Azure Active Directory portal. It is the Calibo Accelerate platform URL where Azure Active Directory must send authentication responses after successfully verifying a user’s identity. After you add the redirect URI to Azure AD, the SSO setup is complete.

6. Validate Single Sign-on

  1. After you add the redirect URI to your registered app in Azure AD, come back to the Calibo Accelerate F24H Wizard screen from where you copied the redirect URI, and in the Validate Single Sign-on section, click Validate.

    Click Validate to initiate SSO validation

  2. This takes you to the Calibo Accelerate platform sign-in screen. Use SSO credentials for user authentication. After a successful authentication redirection and SSO validation, the following success message is displayed.

    SSO validation successful for Calibo Accelerate

  3. Return to the SSO configuration screen and click the Refresh icon to complete your SSO configuration.

    Click Refresh to complete SSO configuration

  4. After you see the message confirming that your SSO validation is successful, click Finish to complete the configuration in the F24H wizard.

    Click Finish to complete the configuration in the F24H wizard

    5. Note:

    After you click Finish and exit the F24H wizard, the credentials using which you signed in to the F24H wizard will not work anymore. The administrator that you selected in the earlier step can sign in to the Calibo Accelerate platform by using SSO credentials, add more users to the platform, and perform other administrative tasks.