WSFed Single Sign-On using Windows Azure


We strongly recommend to use the automatic setup of oAuth.



Add web apps to your Workspace and access all these apps with one click using Single Sign-On (SSO) via Windows Azure. This way your users will save time on logging in to web apps and so the web apps will become more efficient. After completing the steps in the document, you will be able to create shortcuts to sites and SSO web apps.

1    Enable Workspace with SSO

Workspace 365/Office 365 Administrators are able to enable Single sign-on for their Workspace 365 environment, which helps decreasing login procedures for Workspace users (both for logging into the Workspace as well as the specific Azure Apps inside the Workspace).

1.1   Creating the Azure AD App

Below we describe the steps the Workspace/Office 365 Administrators for enabling Azure Active Directory & Single sign-on.

Make sure Azure AD is enabled for your Office 365 tenant (if not, finish the signup procedure). As an Administrator, you can navigate to the Office 365 admin center à Azure AD to check this. Or log in on with your Office365 credentials.

If you do not have any Directory, create a new one. Click on the Directory name. Go to the “APPLICATIONS” tab, and add a new application.

Select “Add an application my organization is developing”.

Enter sign in URL like https://{subdomain}.{environment}/Sign In where {environment} is your Workspace 365 environment name

Enter App Id URL like https://{subdomain}.{environment}, where {environment} is your Workspace 365 environment name

After Adding the application, you will be redirected to the app overview. Click here on “ENABLE USERS TO SIGN ON”.





1.2        Enable Single sign-on Workspace 365

To enable Single sign-on from Workspace 365, go to the Settings page, and Single sign-on. Select the Single sign-on type to “Web Services Federation”. Paste the created Federation metadata document URL.

Optional is the checkbox of Auto redirect to active directory login page. This option will bypass the Workspace365 login screen and auto redirects to the Active Directory login page.

Click “Done” after all settings are set up correctly. From now on, you will be redirected to the AD login page and login with the Office 365 credentials in Workspace 365.




2      Adding pre-integrated web applications (Single sign-on)

It is possible to add pre-integrated web applications to the WAAD, which makes it possible to Single sign-on to these applications via Workspace 365

2.1    Select and configure SSO app from the gallery

A list of these applications can be found here: More than 2000 applications are available.

Note: you will have to add the “Access Panel Extension” plug-in to your browser, if not having done this already.



Internet Explorer:


  1. go to
  2. Enter your Office 365 credentials.
  3. When logged in, select “Active Directory” item on the left at the main screen.
  4. Click on “Directory”
  5. Go to the “Applications”
  6. Click the “Add” button at the bottom of the page to add a new application.
  7. Choose “Add an application from the gallery”.
  8. Navigate to the application of your choice, select it and continue.



The application is now added to the Active Directory. Click “Configure single sign-on”. Select “Password Single Sign-On”. After this you need to assign users to the application by pressing “Assign users”.

Select the preferred users and click assign. In the pop-up, you can check the box “I want to enter [application name] credentials on behalf of the user”. You will then be asked to fill in the credentials and these will be stored. Fill in the username/email address and password of the user and application and continue

Note: If you choose not to check this box, the user will be asked to fill in the credentials when the App is opened in the Workspace. These credentials will be stored and the user will not be asked again to fill in credentials

Now the app is configured for the selected users. Copy the Single Sign-on URL from the App Dashboard, by pressing Dashboard and the copy button on the lower right.




2.2        Configure the SSO app in Workspace 365

2.2.1        Create SSO app as an Admin

If created here, the SSO App can be used by other users by adding the SSO App using “Add new apps” on the main page afterwards.

  • Click “Add Shortcut” on the settings page.
  • A new shortcut App will be added to the page, open it by clicking the new Shortcut.
  • Enable the App, name the App, set an icon, paste the Single Sign-on URL in the web page field and choose how the App will be opened. Click “Done”.






  • After clicking “Done”, you can manage the access rights to the app. By group or by user.





  • The SSO App is now fully configured at the App store page. Click “Refresh Apps” (upper left of the screen) to make this App available for other Workspace users. They can then find the SSO App when they opened “Add new Apps” on the Workspace main page. From here, the App can be added to the overview.







2.2.2        Create SSO app as an user

If created here, the SSO App will only be available for the user.

  • Click” Add new apps” on the Workspace main page
  • Select the Shortcut App and click “Add to Workspace”
  • Select the Shortcut app again and click “Edit app”
  • Paste the Single Sign-on URL into the webpage field and click “Done”
  • The SSO App is now added to the main page. If you like you can change the App name/icon (Edit app) and decide if it will be opened using a new browser window.

Now you will be able to Single sign-on to the application via the created Tile in the Workspace. Click the tile and the application will be opened.


3         Adding multiple user accounts for single web applications

Some users have multiple user accounts for web applications (for example: multiple WordPress accounts) and want to be able to open them both using Single Sign-on in the Workspace. It is not possible to assign multiple web App user accounts to a Single Sign-on App instance in the WAAD per user. However, it is possible to add multiple SSO App instances to the WAAD, and add the various user credentials to multiple instances.


Let’s assume the first SSO App is configured successfully and added to the Workspace. Account 1 is therefore already working for the user. The Administrator can do the following:


  1. Login to the Azure Portal
  2. When logged in, select “Active Directory” item on the left at the main screen
  3. Click on “Directory” name
  4. Go to the “Applications” tab
  5. Click the “Add” button at the bottom of the page to add a new application
  6. Choose “Add an application from the gallery”
  7. Search for the application and then select the application
  8. Since the App is already added and in use, a notification is shown “Would you like to add another instance?”
  9. Fill in a new App name and Continue. This App is now added to the WAAD.
  10. Follow all steps for configuring the App & adding it to the Workspace as described in “Adding pre-integrated web applications (Single Sign-on)”.


Now you have created 2 SSO Apps in the Workspace for one single web application. Both Apps use a different SSO URL. Both can be added to the Workspace main page of the user and when clicked upon, it will Single Sign-on to the web application using the configured user account from that specific instance.