search
Adaptiva.comSupport

Configure SSO with Entra ID

This guide outlines how to integrate the Adaptiva Server with Microsoft Entra ID. It provides configuration steps for both OpenID Connect (OIDC) and SAML (Security Assertion Markup Language), enabling secure single sign-on (SSO). With this integration your users can sign into the OneSite Platform using their Entra credentials adding a layer of security.

hashtag
Create an App Registration in Microsoft Entra

Create an App Registration for the Adaptiva Server to use for federation with Entra ID.

  1. Log in to the Microsoft Entra admin center as a Global Admin or a delegate with App Registration permissions.

  2. In the Search bar, enter App Registrations, and then select App registrations from results.

  3. Select New Registration.

  4. Enter a Name for the application.

  5. Select the appropriate setting in the Supported account types section. Typically, you would select Accounts in this organizational directory only.

  6. From the Select a platform drop-down, select either Web (build 9.3 or later) or Single-page application (SPA) (build 9.1 or 9.2).

  7. Enter the URL as shown in the following example:

    https://AdaptivaServerFQDN[:port]/login/oidc-redirect.

    The AdaptivaServerFQDN[:port] is the name and port used to log in to the Adaptiva Server. For example, https://cm.onelab.com:9678/login/oidc-redirect.

  8. Click Register.

  9. If your Adaptiva Server is using build 9.1 or 9.2, add another URI:

    a. Select the Redirect URIs link from the Overview page.

    b. Click Add URI.

    c. Enter your URL into the respective field using the following format: https://AdaptivaServerFQDN[:port]/login/oidc-redirect/registration

    d. Select Save.

  10. If the server is accessed using any other names besides the FQDN, create the necessary URIs for each name that you use.

  11. Click Register.

hashtag
Create a Client Secret (build 9.3 or later)

If your Adaptiva Server is using build 9.3 or later, create a client secret for authentication to Entra ID.

  1. Select Certificates & Secrets on the far-left action pane.

  2. Select + New client secret, under Client secrets on the Clients & secrets page:

  3. Enter a description in the Description field on the Add a client secret dialog, and then select the appropriate expiration timeframe based on the security guidelines of your company.

  4. Select Add to return to the Clients & secrets page.

  5. Record the value of the secret to use in the Adaptiva Server. This secret value never displays again after you leave this page.

circle-info

Create a reminder on your calendar to create a new App secret before the secret expires.

  1. Select Overview in the left-side pane.

  2. Record the Application (client) ID and the Directory (tenant) ID.

hashtag
Create an OIDC Provider

Follow the steps on the Configure OIDC page, the one-to-one translation of information that is specific to DUO is below:

  • Authority - This is the Tenant URL from Entra that you can copy and paste in the Authority field in the following format:

    https://login.microsoftonline.com/<tenantID>/v2.0

    The <tenantID> is the Directory (tenant) ID you recorded earlier.

  • Client ID - This is the Application (client) ID from the Azure Global Admin.

If using 9.3 or later:

  • Client Secret - This is the Client secret (value) from Entra.

hashtag
Updating your OIDC Configuration After Upgrading to Build 9.3

If you have upgraded to build 9.3 or later and have already configured OIDC, the following steps must be completed by the Azure Global Admin or a delegate to update your configuration.

hashtag
Update the App Registration

  1. Log in to the Microsoft Entra admin center as a Global Admin or a delegate with App Registration permissions.

  2. Select App registrations.

  3. Locate and select the App Registration created for the Adaptiva Server.

  4. Select Authentication.

  5. Click the trash can icon on the upper-right of the Single-page application section to delete all Redirect URIs.

  6. Select Delete to confirm the deletion.

hashtag
Create a Platform Configuration

  1. Select + Add a platform.

  2. Select Web.

  3. Enter the following URI in the Redirect URI field:

    https://AdaptivaServerFQDN[:port]/login/oidc-redirect

  4. Select Configure.

hashtag
Create a Client Secret

Follow the earlier steps to create a client secret.

hashtag
Update the OIDC Configuration

The following steps must be completed by the Adaptiva Administrator.

  1. Log in to the Adaptiva Server as a Super Admin user.

  2. Navigate to > Security > OIDC Providers.

  3. Select the OIDC Provider that you created.

  4. Select the Client Authentication Type in the OIDC Settings section, and then select Client Secret (Post).

  5. Enter the Secret you received from the Azure Global Admin into the Client Secret field. The Show Secret button appears after you enter the Secret into the Client Secret field.

  6. Select Save.

hashtag
Enable Single Sign-on using SAML

hashtag
Create an Enterprise application in Azure

Create an Enterprise application for the Adaptiva Server to use for federation with Entra ID.

  1. Log in to the Microsoft Entra admin center as a Global Admin or a delegate with App Registration permissions.

  2. In the Search bar, enter Enterprise applications and then select Enterprise applications.

  3. Click New application and then click Create your own application.

  4. Enter a name and select the Integrate any other application you don't find in the gallery (Non-gallery) radio button.

  5. Click Create. The application Overview page will appear.

hashtag
Assign Users

  1. Click Assign users and groups.

  2. Click + Add user/group.

  3. Under Users and groups, click the link and check the users or groups you want to grant access to the application.

  4. Click Assign.

  5. In the left-hand navigation, click Single sign-on.

hashtag
Configure SAML single sign-on

  1. On the application's overview page, in the left-hand navigation, select Single sign-on.

  2. Click SAML as the single sign-on method.

  3. On the Set up Single Sign-On with SAML page, under 1. Basic SAML Configuration, click Edit.

  4. Click Add identifier.

  5. Enter the Identifier (Entity ID): https://<AdaptivaServerFQDN>[:port].

  6. Click Add reply URL.

  7. Enter the Reply URL from your service provider's configuration: https://<AdaptivaServerFQDN>[:port]/api/v1.0/authentication/saml-login.

  8. Click Save.

  9. Under 3. SAML Certificates, click the links to download the Certificate and Federation Metadata XML files.

  10. Under Step 4. Set up , record the following links:

    1. Login URL: https://login.microsoftonline.com/[GUID]/saml2

    2. Microsoft Entra Identifier: https://sts.windows.net/[GUID]/

    3. Logout URL: https://login.microsoftonline.com/[GUID]/saml2

hashtag
Create the SAML Provider in the Admin Portal

Follow the steps on the Configure SAML and enter the following information from Entra into the SAML Settings section below:

  • Issuer ID: enter the Microsoft Entra Identifier

  • Authentication Request URI: enter the Login URL

  • Attribute Consuming Service Index: leave blank

  • Name ID Format: Leave default

  • Public Key Info: Open the certificate file (.cer) and copy and paste the contents into the window.

  • Audience: Enter the same as the Identifier Entity ID. If you did not specify a port, include :443 to the server address.

hashtag
Log in page

After Microsoft Entra and the OneSite Platform have been federated using OIDC or SAML, an SSO button will appear on the login page. Once clicked, users will be redirected to a Entra login page and granted access to OneSite Platform.

PreviousConfigure SSONextConfigure SSO with DUO Security

Last updated

Was this helpful?