Configuration of Single Sign On with Azure Active Directory

Configuration of Single Sign On with Azure Active Directory

Relevant for: Organisation Administrators (see "User Roles in the Cockpit").

Configure Azure AD

Prerequisites

  1. You must have an Azure Active Directory tenant. 
  2. You know your Appylsia workspace subdomain.

Steps

  1. Create a new Azure AD App registration in the Azure portal and name it “Applysia” for example
  2. After you have created the app registration, navigate to the app registration overview page and locate the Application (client) ID. Save this ID, as you will need it later.
  3. Click on “Add a certificate or secret” and create a new secret. Save the value of the secret for later.
  4. From the registration overview page click on “Add a Redirect URI” and then on “Add a platform”. Create three platform with this values:
    1. Create a platform of type “Web” and enter https://<YOUR_SUBDOMAIN>.applysia.app/auth/sso/openid_connect/callback as redirect URI. Replace <YOUR_SUBDOMAIN> with the workspace of your organization.
    2. Create a platform of type iOS / macOS and enter de.applysia.app as Bundle ID.
    3. Create a platform of type Single-page application and enter https://applysia.app/callback.html as redirect URI
  5. In the app registration overview page, navigate to the API permissions section, and add the following delegated permissions:
    1. Microsoft Graph > User.Read
    2. Microsoft Graph > email
    3. Microsoft Graph > openid
    4. Microsoft Graph > profile
  6. In the app registration overview page, navigate to the Token configuration  and click “Add optional claim”. Select “ID” as token type and add this claims:
    1. email
    2. family_name
    3. given_name

Configure Applysia

Prerequisites

  1. You are an organisation admin.
  2. You completed the configuration in the Azure AD admin center. And obtained the following values:
    1. Your Directory (tenant) ID (Shown in the App registration overview page)
    2. The Client ID and Client Secret of the App registration

Steps

  1. Sign into Applysia and navigate to the organisation settings: https://<YOUR_SUBDOMAIN>.applysia.app/tenant/edit 
  2. Enable OpenID Connect
  3. Enter a Name for your IdP provider e.g. “Azure AD” or “ACME Account”. Your users will see this on the login screen as an additional button with the Text “Login with <Your Directory (tenant) ID>”
  4. As Issuer URL enter “https://login.microsoftonline.com/<Your Directory (tenant) ID>/v2.0
  5. Next enter the Client ID and Client Secret from the Azure AD admin center
  6. Enter https://<YOUR_SUBDOMAIN>.applysia.app/auth/sso/openid_connect/callback as Redirect Url
  7. Enter msauth.de.applysia.app://auth/ as Mobile Redirect Url
  8. You can leave Mobile Client ID blank
  9. If you want to automatically provision new user Accounts when they login via Azure AD the first time. You can enable it here. User accounts that are automatically provisioned are automatically assigned the "Observer" role.
  10. Finally enable the “Email verified override”.

    • Related Articles

    • Active Assessments

      After the administrator has activated the assessment, you must download it again to access the active version. You will now see "Active" highlighted in green in line with the corresponding assessment. Click on the assessment to open it. App version ...

    • Single view files

      You are on the homepage and you can see the files that are shared with you. Clicking on the preview of the desired file will open it in a single view. Please note that you can only open files that are shared with you. You cannot take a closer look at ...

    • Single View Candidates

      Relevant for: Normal Observers, Lead Observers, Moderators (see "Observer roles in the App") To view the individual results of all Candidates, click on the "Details Button" under the Candidates' scores below the consolidated matrix (no matter if ...

    • User roles in the Cockpit

      In the browser-based Cockpit you can manage your Assessments & Templates, the Users of the Software as well as your Workspace. Not every Applysia User has access to the Cockpit, this depends on the User role you have been assigned (for many Users the ...

    • Landing Page overview

      Welcome to the Applysia Support Portal! This is where you can get Support in using our services as well as answers to your questions about our Software. For this purpose, we have created articles on a variety of topics and functions. Applysia ...