Add SSO apps with Microsoft Entra ID, HelloID or SecureLogin

Table of contents

 

Introduction

It's possible to configure SSO apps with identity providers Microsoft Entra ID (previously called Azure AD), HelloID or SecureLogin. In this article, we explain how.

 

Microsoft Entra ID

Step 1. Create an enterprise application in Microsoft Entra ID

In this example, we will add a WordPress app with a password-based Single sign-on via Microsoft Entra ID.

  1. Sign into portal.azure.com.
  2. Go to Enterprise applications.
  3. Select the application from the list, or if needed, click Add application
  4. From the dashboard of that application, click Single sign-on.
  5. Here, you can choose a type of sign-on ability. The one we are adding only supports Password-based sign-on.

    password_based.png

  6. Click Save on the top left. We have now added the application to your database in Azure.
  7. Go to App registrations.
  8. Select the application you just added.
  9. Click View all quick start guides at the bottom of the page.

    quickstartguide.png
  10. Choose an option for Microsoft Graph API to identify users with. For our implementation we use ASP.NET (web application).
  11. Click Make this change for me and then Make updates.

    make_this_change_for_me.png

  12. Grant permission as an admin for this application to make the connection. Click on API permissions
  13. Select Grant admin consent and confirm by clicking Yes. A green checkmark will indicate that admin consent has been granted successfully. 

    grant_adminconsent.png

  14. From the menu on the left, go to Overview.
  15. Copy the Application (client) ID serial code.
  16. Add the URL https://account.activedirectory.windowsazure.com/applications/signin/application/Application (client) ID to the Web Redirect URL (Authentication) (the "Application (client) ID" is the client ID of the current SSO app registration)

We are done in Azure. Now we must add the application to Workspace 365.

 

Step 2. Create an Azure app in Workspace 365

  1. In Workspace, navigate to the App store.
  2. From there, make sure Manage apps is selected.
  3. Click Add new app.
  4. Select the Azure app
  5. Click Add. This will open a new window, where you need to provide information about the application you want to add.
  6. Provide the app with a Name.
  7. The first part of the SSO URL is already provided. At the last part, first type application/ and after the forward-slash, provide the Application (client) ID you copied from Azure (end of step 1).
  8. Click Save.

new_azure_app__1_.png

 

Step 3. Add the app to Workspace 365

  1. From the App store, search for and select the Azure app you just created.
  2. Add it to your Workspace, either to a new or existing group.

WordPress is now added to Workspace.

If this is the first app you have added with a password-based sign-on option, you need to install a plugin that stores the username and password. This will open a new page, where you have to confirm the installation.

When this is done, you will see the screen that asks for the user login information for WordPress. You only have to provide this information once. After this, it will start up a signed-on WordPress session automatically when you click on the app from your Workspace. After you’ve provided the login information, a WordPress session will start.

login_wordpress.png

Note: If this does not show up, clear your cookies.

Back to top

 

HelloID

HelloID from Tools4ever is an Identity as a Service cloud platform that offers a set of resources to, among other things, manage the access and (access) data of users and offer Single Sign-On. Other components of HelloID are 2-Factor Authentication, extended policies (similar to Multi-Factor authentication), service automation and data management.

As described in the Guide for Admins, you configure Single Sign-On with oAuth2 within the workspace. This way, you configure Microsoft Entra ID as IdP for the Workspace. But you still need to sign in separately to the SSO Provider to acces your apps. This scenario is illustrated below:

hello_id.png

Ideally, you would connect the SSO Provider to Microsoft Entra ID. This way, you can easily add your SSO apps from the SSO Provider directly into the workspace. If you click on the Single Sign-On app in the workspace, you are redirected to the SSO Provider, which checks if you are signed in (in this case with Microsoft Entra ID). As you already have signed in to Workspace 365 with Microsoft Entra ID, you're granted access to the SSO Provider automatically and have one identity as a user. Then you benefit from the full Single Sign-On experience.

 

hello_id_2.png

 

How to configure the Single Sign-On app

HelloID offers the possibility to configure Microsoft Entra ID as IdP with SAML. You can read more on their documentation here to set up the integration with Microsoft 365 and/or Microsoft Entra ID.

Configure Microsoft Entra ID as a SAML IdP

After you created the federation/single sign-on connection with Microsoft Entra ID, you can copy the URL of the desired application from the SSO Provider and create a shortcut within workspace. 

Back to top

 

SecureLogin

SecureLogin is an Identity as a Service cloud platform that offers a set of resources to, among other things, manage the access and (access) data of users and offer Single Sign-On. Other components of SecureLogin are 2-Factor Authentication, extended policies (similar to Multi-Factor authentication), service automation and data management.

As described in the Guide for Admins, you configure Single Sign-On with oAuth2 within the workspace. This way, you configure Microsoft Entra ID as IdP for the Workspace. But you still need to sign in separately to the SSO Provider to acces your apps. This scenario is illustrated below:

 

secure_login.png

Ideally, you would connect the SSO Provider to Microsoft Entra ID. This way, you can easily add your SSO apps from the SSO Provider directly into the workspace. If you click on the Single Sign-On app in the workspace, you are redirected to the SSO Provider, which checks if you are signed in (in this case with Microsoft Entra ID). As you already have signed in to Workspace 365 with Microsoft Entra ID, you're granted access to the SSO Provider automatically and have one identity as a user. Then you benefit from the full Single Sign-On experience.

 

secure_login_2.png

 

How to configure the Single Sign-On app

SecureLogin offers the possibility to configure Microsoft Entra ID as IdP with SAML. You can read more on their documentation here to set up the integration with Microsoft 365 and/or Microsoft Entra ID.

After you created the federation/single sign-on connection with Microsoft Entra ID, you can start getting the unified url of an application and create a shortcut within workspace. 

First, you need to get all the widgets via the API of SecureLogin. Which is also documented here:
https://{{tenantname}}.securelogin.nu/api/documentation

To fetch all the widgets from SecureLogin:

https://workspace.securelogin.nu/api/v1/user/widget

The response should look something like this (which is JSON):

{"data":[{"id":252706,"label":"MailChimp","reference_name":"mailchimp","image":"https:\/\/workspace.securelogin.nu\/images\/widgets\/access\/mailchimp.png","description":"Marketing Automation","settings_complete":true,"requires_browser_extension":false,"start_url":"https:\/\/workspace.securelogin.nu\/api\/v1\/user\/widget\/start\/252706","setup_url":"https:\/\/workspace.securelogin.nu\/api\/v1\/user\/widget\/setup\/252706","created_at":"2019-07-24T11:43:03.000000Z","updated_at":"2019-08-02T08:40:37.000000Z"}],"links":{"first":"https:\/\/workspace.securelogin.nu\/api\/v1\/user\/widget?page=1","last":"https:\/\/workspace.securelogin.nu\/api\/v1\/user\/widget?page=1","prev":null,"next":null},"meta":{"current_page":1,"from":1,"last_page":1,"path":"https:\/\/workspace.securelogin.nu\/api\/v1\/user\/widget","per_page":15,"to":1,"total":1}}

Now that we have listed all the applications, we need to find the "reference_name" of that specific application. In this example that would be:

"reference_name":"mailchimp"

With this value we can create the shortcut url for the workspace:

https://workspace.securelogin.nu/api/v1/user/widget/name/start/{reference_name}

Back to top