Sign In Solutions integrates with Azure AD, allowing you to push your Azure users as users within your SIS account. This article walks through that set-up process.

For basic details on how to set up SSO or for specific setup instructions for Okta or ADFS, click HERE. We recommend you read this article first to a get a sense of what information is needed and where it can be gathered. Most importantly, it shows instructions for how you can verify your domain which is not covered in this knowledge article.
​
These sections are covered below:

​Related Content

Adding Sign In Solutions as an Application in Azure
​
​
The first step is to add Sign In Solutions as an enterprise application in Azure:
​
1. Sign in to Microsoft Azure. Then, go to Azure Active Directory > Enterprise Applications.
​
​

2. Select Enterprise applications > New Application.
​
​

​
3. Select “Non-gallery application”. This will lead to the “Add your own application” page.
​
​

4. Enter Sign In Solutions as the app name and click “Add” at the bottom of the screen
​
​

​
​SSO Configuration
​
Now that your enterprise application has been created, the next step is to configure its SSO settings:

5. Select “Set up single sign on”.
​
​

​
6. Gather information for your Basic SAML Configuration:
​
You are required to enter the Identifier and Reply URL in this section. For accounts held in our US data center, enter these fields:

Identifier: https://us.tractionguest.com/saml/metadata

Callback URL: https://us.tractionguest.com/sessions/sso/callback
(This is also found in the SAML Configuration section of your Sign In Solutions account)
​
​
​

​
​User Attributes and Claims
​
The next step is to configure email address as your identifier format from the User Attributes and Claims section:
​
7. Click on the pencil icon under User Attributes & Claims to pull up the page shown below. Then click on the three dots to the right of the Unique User Identifier (Name ID) value.
​
​

​
8. Set Email Address as the name identifier format.
​
​

​
​Gathering info for Sign In Solutions

You can now gather details from Azure to plug into the SAML configuration section of Sign In Solutions. These three fields are the Certificate(base64), Login URL, and Azure AD Identifier. This section will show were you can grab these fields:
​

Certificate (Base64)
​
9. You can download the certificate (base64) from the SAML Signing Certificate section. Click the Download button next to Certificate (Base64) section.

10. Copy and paste the entire content from the downloaded certificate. This encompasses all data from the hyphens before BEGIN CERTIFICATE to all the hyphens after END CERTIFICATE.
​
​
​

​
​Login URL and Azure AD Identifier

11. Go to the 'Set up Sign In Solutions' section in Azure. Copy the fields listed for Login URL and Azure AD identifier.
​
​

​
​SSO Setup within Sign In Solutions
​
Now that your SSO app configuration is complete, you will need to enter the certificate, login URL, and Identifier fields that you just copied from Azure:
​
12. Log into your Sign In Solutions account. Then, click the gear icon in the top right corner.

13. Click Preferences, then under the GENERAL Tab, scroll down to Register Domains and verify your domain if you haven't already done so. Instructions can be found in our main SSO knowledge article HERE.
​
​
​

14. Scroll down to SAML Configuration and click ADD NEW IDENTIFY PROVIDER
​
​

​
​
15. Name your setup however you'd like. Then, add the Certificate, Login URL, and Issuer (Azure AD identifier) details you copied from Azure.
​
​Additional Settings (Optional)

This section covers the optional SSO settings that you can configure in Sign In Solutions. These settings aren't required to establish a connection between Guest and Azure, but they can be helpful:

Include Admin Users: Enabling this will force existing ADMIN users to go through SSO in order to access your Sign In Solutions account.

NOTE: We highly recommend adding an ADMIN user in your account whose email domain does not match the domain you registered for SSO. If your SSO setup ever breaks, you will be able to log into your account through this non-SSO user. We also recommend you don't turn this on until you've been able to successfully test the connection.
​
​Provision Users using Identity Provider: This will allow your Azure AD users to log into your Sign In Solutions account, even if they don't already have an existing Sign In Solutions user. By default, these users will be assigned the INVITES permission bundle. However, you can set this to any other custom permission bundle.

​
​
​Attribute Mapping (Optional)
​
Additionally, you are able to map name attributes and assign specific permission bundles to users according to the user roles they're assigned to in your Identity Provider. These settings can be found in section 2 of the SAML configuration window, after you've entered your Identity Provider Details.

Most commonly, you can use this section to map the first and last names of your Azure users into Sign In Solutions:

1. Go to the Attribute Mapping section of your SAML Identity Provider configuration.

2. Toggle on 'Map attributes from Identity Provider' and click ADD NEW ATTRIBUTE MAPPING.
​
3. Add First Name and Last Name.
​
​

4. For the IDP Field, you will need to go back to Azure Microsoft > User Attributes & Claims.
​
5. For the First Name field, copy the link under claim name for the user.givenname value.
​
​

​
6. For Last Name, copy the link under Claim name for user.surname.
​
7. Back in Sign In Solutions, enter your copied links next to their corresponding Guest Field.

​
​Finalizing the Sign In Solutions-Azure SSO integration

Once this is complete, you can finalize the connection from the Register Domains section in Sign In Solutions.

Go to Register Domain, click on SELECT SAML and choose the name of SAML configuration you just created.
​
​

​
The setup is complete and a tile labeled Sign In Solutions should appear under Azure Microsoft. Try signing in by clicking on the tile.