Introduction
It's possible to configure SSO apps with identity providers Microsoft Entra ID (previously called Azure AD), HelloID or SecureLogin. In this article, we explain how.
Microsoft Entra ID
Step 1. Create an enterprise application in Microsoft Entra ID
In this example, we will add a WordPress app with a password-based Single sign-on via Microsoft Entra ID.
Sign into portal.azure.com.
Go to Enterprise applications.
Select the application from the list, or if needed, click Add application.
From the dashboard of that application, click Single sign-on.
Here, you can choose a type of sign-on ability. The one we are adding only supports Password-based sign-on.
Click Save on the top left. We have now added the application to your database in Azure.
Go to App registrations.
Select the application you just added.
Click view all quick start guides at the bottom of the page.
Choose an option for Microsoft Graph API to identify users with. For our implementation we use ASP.NET (web application).
Click Make this change for me and then Make updates.
Grant permission as an admin for this application to make the connection. Click on API permissions.
Select Grant admin consent and confirm by clicking Yes. A green checkmark will indicate that admin consent has been granted successfully.
From the menu on the left, go to Overview.
Copy the Application (client) ID serial code.
Add the URL https://account.activedirectory.windowsazure.com/applications/signin/application/Application (client) ID to the Web Redirect URL (Authentication) (the "Application (client) ID" is the client ID of the current SSO app registration)
We are done in Azure. Now we must add the application to Workspace 365.
Step 2. Create an Azure app in Workspace 365
In Workspace, navigate to the App store.
From there, make sure Manage apps is selected.
Click Add new app.
Select the Azure app
Click Add. This will open a new window, where you need to provide information about the application you want to add.
Provide the app with a Name.
The first part of the SSO URL is already provided. At the last part, first type application/ and after the forward-slash, provide the Application (client) ID you copied from Azure (end of step 1).
Click Save.
Step 3. Add the app to Workspace 365
From the App store, search for and select the Azure app you just created.
Add it to your Workspace, either to a new or existing group.
WordPress is now added to Workspace.
If this is the first app you have added with a password-based sign-on option, you need to install a plugin that stores the username and password. This will open a new page, where you have to confirm the installation.
When this is done, you will see the screen that asks for the user login information for WordPress. You only have to provide this information once. After this, it will start up a signed-on WordPress session automatically when you click on the app from your Workspace. After you’ve provided the login information, a WordPress session will start.
Note: If this does not show up, clear your cookies.
HelloID
HelloID from Tools4ever is an Identity as a Service cloud platform that offers a set of resources to, among other things, manage the access and (access) data of users and offer Single Sign-On. Other components of HelloID are 2-Factor Authentication, extended policies (similar to Multi-Factor authentication), service automation and data management.
As described in the Guide for Admins, you configure Single Sign-On with oAuth2 within the workspace. This way, you configure Microsoft Entra ID as IdP for the Workspace. But you still need to sign in separately to the SSO Provider to acces your apps. This scenario is illustrated below:
Ideally, you would connect the SSO Provider to Microsoft Entra ID. This way, you can easily add your SSO apps from the SSO Provider directly into the workspace. If you click on the Single Sign-On app in the workspace, you are redirected to the SSO Provider, which checks if you are signed in (in this case with Microsoft Entra ID). As you already have signed in to Workspace 365 with Microsoft Entra ID, you're granted access to the SSO Provider automatically and have one identity as a user. Then you benefit from the full Single Sign-On experience.
How to configure the Single Sign-On app
HelloID offers the possibility to configure Microsoft Entra ID as IdP with SAML. You can read more on their documentation here to set up the integration with Microsoft 365 and/or Microsoft Entra ID.
After you created the federation/single sign-on connection with Microsoft Entra ID, you can copy the URL of the desired application from the SSO Provider and create a shortcut within workspace.
SecureLogin
SecureLogin is an Identity as a Service cloud platform that offers a set of resources to, among other things, manage the access and (access) data of users and offer Single Sign-On. Other components of SecureLogin are 2-Factor Authentication, extended policies (similar to Multi-Factor authentication), service automation and data management.
As described in the Guide for Admins, you configure Single Sign-On with oAuth2 within the workspace. This way, you configure Microsoft Entra ID as IdP for the Workspace. But you still need to sign in separately to the SSO Provider to acces your apps. This scenario is illustrated below:
Ideally, you would connect the SSO Provider to Microsoft Entra ID. This way, you can easily add your SSO apps from the SSO Provider directly into the workspace. If you click on the Single Sign-On app in the workspace, you are redirected to the SSO Provider, which checks if you are signed in (in this case with Microsoft Entra ID). As you already have signed in to Workspace 365 with Microsoft Entra ID, you're granted access to the SSO Provider automatically and have one identity as a user. Then you benefit from the full Single Sign-On experience.
How to configure the Single Sign-On app
SecureLogin offers the possibility to configure Microsoft Entra ID as IdP with SAML. You can read more on their documentation here to set up the integration with Microsoft 365 and/or Microsoft Entra ID.
After you created the federation/single sign-on connection with Microsoft Entra ID, you can start getting the unified url of an application and create a shortcut within workspace.
First, you need to get all the widgets via the API of SecureLogin. Which is also documented here:
https://##{{tenantname}}.securelogin.nu/api/documentation
To fetch all the widgets from SecureLogin:
https://workspace.securelogin.nu/api/v1/user/widget
The response should look something like this (which is JSON):
{"data":[{"id":252706,"label":"MailChimp","reference_name":"mailchimp","image":"https:\/\/workspace.securelogin.nu\/images\/widgets\/access\/mailchimp.png","description":"Marketing Automation","settings_complete":true,"requires_browser_extension":false,"start_url":"https:\/\/workspace.securelogin.nu\/api\/v1\/user\/widget\/start\/252706","setup_url":"https:\/\/workspace.securelogin.nu\/api\/v1\/user\/widget\/setup\/252706","created_at":"2019-07-24T11:43:03.000000Z","updated_at":"2019-08-02T08:40:37.000000Z"}],"links":{"first":"https:\/\/workspace.securelogin.nu\/api\/v1\/user\/widget?page=1","last":"https:\/\/workspace.securelogin.nu\/api\/v1\/user\/widget?page=1","prev":null,"next":null},"meta":{"current_page":1,"from":1,"last_page":1,"path":"https:\/\/workspace.securelogin.nu\/api\/v1\/user\/widget","per_page":15,"to":1,"total":1}}
Now that we have listed all the applications, we need to find the "reference_name" of that specific application. In this example that would be:
"reference_name":"mailchimp"
With this value we can create the shortcut url for the workspace:
https://workspace.securelogin.nu/api/v1/user/widget/name/start/{reference_name}