In order to authenticate using Microsoft Azure Active Directory (Single Sign On), the configuration must be added within both Visitor Aware, and your Azure Active Directory.
1) Visitor Aware Single Sign-On Setup
- Navigate to the Single Sign-on page under System Settings -> Settings -> Single Sign-On
- Select "Azure" as the connection type
- Click "Create"
- Copy the value from the redirect path that was generated and is now shown
2) Azure AD Setup
- Navigate to Azure Active Directory -> App registrations.
- Create a new application
- Choose a name
- Select the wanted value for supported account types (it's up to you)
- On platform configuration, select "Client Application (Web, iOS, Android, Desktop+Devices)"
- Enter the "Redirect Path" value that was generated in step #4 above
- Click "Create"
- Click on the newly created app.
- The "Application ID" is what you will need for your "Client/Application ID" variable.
- Click on "Redirect URIs". You will need to whitelist the redirection path for your app here. It will typically be https://domain.com/login/microsoft/callback. Click "Save"
- Select the permissions required for your app in the "API permissions" tab.
- Click "Save"
- In the "Certificates & secrets" tab, click on "new client secret" and enter a description (something like "App Secret").
- Set Duration to "Never Expires". Click "Save".
- Copy the whole key. This will not show again. You will need this value for the "Client Secret / Access Token" variable.
- Go to the active Azure directory and click on the "Enterprise application" link. Then click on the application name
- Under the "Properties" tab, enable user sign-in. Make user assignment required. Click "Save".
- Under the "Users and groups" tab, add users and their roles as needed.
3) Enter the Azure Information into Visitor Aware
- Copy the following values from Azure:
- "Application (client) ID"
- "Client Secret / Access Token"
- Enter the Application ID and Client Secret into your SSO settings page in Visitor Aware
- Ensure that the "Enabled" option is set to "Yes"
- Click "Save" on your Visitor Aware SSO Configuration screen
4) Test Your Connection
Now that your connection is configured in both Azure, and Visitor Aware, copy the Visitor Aware User Login URL, then log out of Visitor Aware, paste the User Login URL into your URL bar, and you should be signed in successfully!
Interested in setting up auto-provisioning for users? Check out this article:
https://visitoraware.freshdesk.com/support/solutions/articles/43000726585-azure-groups-for-visitor-aware-locations-and-roles