Adaptiva.comSupport

Configure Single Sign-On

You can only configure single sign-on (SSO) in an on-premises Adaptiva Server. This does not apply to our SaaS solution.

You can configure Single Sign-On (SSO) to the Adaptiva Admin Portal using SAML (Security Assertion Markup Language) or OIDC (OpenID Connect). This allows you to federate users and assign them roles in the Adaptiva Server.

Enable Single Sign-on using OIDC

Before enabling OIDC in the Admin Portal, verify that your IAM provider supports OpenID Connect and TLS is enabled (by default) on your Adaptiva server.

Create an App Registration in Microsoft Entra

Create an App Registration for the Adaptiva Server to use for federation with Entra ID.

  1. Log in to the Microsoft Entra admin center as a Global Admin or a delegate with App Registration permissions.

  2. In the Search bar, enter App Registrations, and then select App registrations from results.

  3. Select New Registration.

  4. Enter a Name for the application.

  5. Select the appropriate setting in the Supported account types section. Typically, you would select Accounts in this organizational directory only.

  6. From the Select a platform drop-down, select either Web (build 9.3 or later) or Single-page application (SPA) (build 9.1 or 9.2).

  7. Enter the URL as shown in the following example:

    https://AdaptivaServerFQDN[:port]/login/oidc-redirect.

    The AdaptivaServerFQDN[:port] is the name and port used to log in to the Adaptiva Server. For example, "https://cm.onelab.com:9678/login/oidc-redirect".

  8. Click Register.

  9. If your Adaptiva Server is using build 9.1 or 9.2, add another URI:

    a. Select the Redirect URIs link from the Overview page.

    b. Click Add URI.

    c. Enter your URL into the respective field using the following format: https://AdaptivaServerFQDN[:port]/login/oidc-redirect/registration

    d. Select Save.

  10. If the server is accessed using any other names besides the FQDN, create the pair of URIs for each name that you use.

  11. Click Register.

Create a Client Secret (build 9.3 or later)

If your Adaptiva Server is using build 9.3 or later, create a client secret for authentication to Entra ID.

  1. Select Certificates & Secrets on the far-left action pane.

  2. Select + New client secret, under Client secrets on the Clients & secrets page:

  3. Enter a description in the Description field on the Add a client secret dialog, and then select the appropriate expiration timeframe based on the security guidelines of your company.

  4. Select Add to return to the Clients & secrets page.

  5. Record the value of the secret to use in the Adaptiva Server. This secret value never displays again after you leave this page.

Create a reminder on your calendar to create a new App secret before the secret expires.

  1. Select Overview in the left-side pane.

  2. Record the Application (client) ID and the Directory (tenant) ID.

Create an OIDC Provider

Create and configure an OIDC Provider on the Adaptiva Server using the App Registration information you recorded in the previous steps.

  1. Log in to the Adaptiva Server as a Super Admin user.

  2. Select the gear in the upper right, and then navigate to Settings > Security > OIDC Providers.

  3. Select +New to open a new OIDC Providers template, and then configure the following General Settings:

    a. Enter a Name (such as Entra ID or Okta ID) for the OIDC Provider, and then add a detailed Description.

    b. (Optional) Add a logo for the OIDC provider.

  4. Scroll down to OIDC Settings and add the details provided by the Global Admin:

  5. Enter the Tenant URL in the Authority field using the following format: https://login.microsoftonline.com/<tenantID>/v2.0.

    The <tenantID> is the Directory (tenant) ID you recorded earlier.

  6. Enter the Application (client ID) your recorded earlier in the Client ID field.

  7. If your Adaptiva Server is using build 9.3 or later, add the Client Secret that you received from the Azure Global Admin:

    a. Click the Client Authentication Type from the dropdown menu, and select Client Secret (Post).

    b. Enter the Client Secret into the respective field. This is the Client secret (value) you recorded earlier.

    c. Click Save.

Create new Administrator account

After creating the OIDC Provider, register users as Administrators using the following steps:

  1. Log in to the Admin Portal as a Super Admin.

  2. Select the > Settings > Security > Administrators.

  3. Click +New and create an Administrator account.

  4. Select the Admin Type dropdown menu, and select OpenID Connect.

  5. Enter the email address for the user you are creating. The uses this address to send an email invitation to the user, and to match the user with their IAM service identity.

  6. Click the Identity Provider drop-down and select the provider you created earlier.

  7. Enter the first and last name of the user in the User Details section and add any additional information as needed.

  8. Select Save.

  9. Select the More dropdown and click Invite to send an invitation email to the user. Refer to the account activation for information on what the invite user will see.

Register new account

After receiving the invitation email, the user can complete the account registration using the following steps:

  1. Select Register Account in the email. This takes the user to the IAM service login page.

If the user is not already logged in, the IAM prompts them to log in.

  1. Open a new session of the Admin Portal. The login screen now lists the new OIDC Provider.

  2. Select the new login selection to log into the portal using your IAM credentials.

Updating your OIDC Configuration After Upgrading to Build 9.3

If you have upgraded to build 9.3 or later and have already configured OIDC, the following steps must be completed by the Azure Global Admin or a delegate to update your configuration.

Update the App Registration

  1. Log in to the Azure Portal as a Global Administrator or with rights for App Registrations.

  2. Select App registrations.

  3. Locate and select the App Registration created for the Adaptiva Server.

  4. Select Authentication.

  5. Click the trash can icon on the upper-right of the Single-page application section to delete all Redirect URIs.

  6. Select Delete to confirm the deletion.

Create a Platform Configuration

  1. Select + Add a platform.

  2. Select Web.

  3. Enter the following URI in the Redirect URI field:

    https://AdaptivaServerFQDN[:port]/login/oidc-redirect

  4. Select Configure.

Create a Client Secret

Follow the earlier steps to create a client secret.

Update the OIDC Configuration

The following steps must be completed by the Adaptiva Administrator.

  1. Log in to the Adaptiva Admin Portal.

  2. Navigate to > Security > OIDC Providers.

  3. Select the OIDC Provider that you created.

  4. Select the Client Authentication Type in the OIDC Settings section, and then select Client Secret (Post).

  5. Enter the Secret you received from the Azure Global Admin into the Client Secret field. The Show Secret button appears after you enter the Secret into the Client Secret field.

  6. Select Save.

PreviousServer Activation and About

Last updated

Was this helpful?