Logo
Submit a request Sign in
  1. LogmeOnce
  2. FAQs: Team & Enterprise
  3. Getting Started - For Administrators
  • Video Tutorial
  • Submit a Request

Articles in this section

  • How to signup for A LogMeOnce Team/Enterprise edition account
  • LogMeOnce deployment and implementation overview
  • Getting started with LogMeOnce Business/Enterprise edition
  • LogMeOnce top security feature overview
  • LogMeOnce administration overview
  • LogMeOnce deployment and communication plan
  • How to add users/employees 
  • Active Directory Integration
  • Setup Azure Active Directory SSO with LogMeOnce
  • Azure SCIM Integration Configuration
See more

Setup Azure Active Directory SSO with LogMeOnce

Avatar
Support Team
April 13, 2022 20:51
Follow

Setting up federated login for LogMeOnce using Azure includes setting up Azure Identity Provider in LogMeOnce and Configuring LogMeOnce application in Azure.

Using federated login for LogMeOnce enables users to log in to LogMeOnce using their Active Directory or Azure AD using their corporate password. To use Azure AD federation a Premium tier subscription for Microsoft Azure Active Directory is required.

Add Azure Enterprise Application

This section will create a new Enterprise Application in Azure, it will be fully configured for LogMeOnce in the next section.

  • Open Azure Active Directory

As an administrator log in to your Azure AD account.

Azure1.png

  • Click on “Enterprise Applications”
    Azure2.png
  • Click “New Application”

Azure3.png

 

  • Click “Create your own application”
  • Give the application a name, example “LogMeOnce”
    1. Select the “Integrate any other application you don't find in the gallery (Non-gallery)” Radio Button
    2. Click Create

Azure4.png

Note: Creation can take several seconds, go back to Azure Active Directory -> Enterprise Applications and find the Enterprise App with the name example LogMeOnce.

 

Configure the Enterprise Application for Single Sign On

Here we will configure both the Azure Enterprise Application for Single Sign On but also configure LogMeOnce with the necessary information from Azure AD

  • Click on Single Sign-on on the left, and then select SAML on the next step

Azure5.png

  • Basic SAML Configuration, click Edit
    1. Copy the LogMeOnce “Service Provider Entity ID URL” into the Azure “Identifier (Entity ID)”
    2. Copy the LogMeOnce “Assertion Consumer Service URL” into the Azure “Reply URL”

LogMeOnce Identity Provider screen is shown below:

Azure7.png

 

Azure AD Identity Provider Screen is shown below:

Azure6.png

  • Attributes & Claims click on Edit
    1. Click on the only Required Claim to edit
      1. Change the Source Attribute to user.mail
      2. Click SaveAzure8.png
    2. Change the additional claims one by one and remove the Namespace completely and edit the claims to look like the following. The list of attributes to map and additional information are provided in this reference document. How to Create SAML Identity Provider (IdP)

    3. Remember to hit Save after each edit
      Azure9.png

Azure10.png

  • SAML Signing Certificate
    1. Click Download for the “Certificate (Base64)
    2. Upload this Certificate into the LogMeOnce “Identity Provider Certificate”Azure11.png
  • Set up LogMeOnce, Copy the provided URLs from Azure into LogMeOnce
    1. Azure “LoginURL” is the LogMeOnce “Identity Provider Login URL”
    2. Azure “Azure AD Identifier” is the LogMeOnce “Issuer”
    3. Azure “Logout URL” is the LogMeOnce “Identity provider Logout URL”

Azure12.png

 

Add Permissions to the Azure Enterprise Application

The Azure Enterprise Application needs permissions before any user can attempt the first Single Sign On login.

  1. In the Enterprise Application, click Users and groups
  2. Azure13.png
  3. Click Add users/group
  4. Azure14.png
  5. Select either an Azure AD Security group, or individual Azure AD users who should have permissions to sign into LogMeOnce

Testing the Single Sign On

Configuration is completed, SSO can now be tested. If this is the first time a user signs into LogMeOnce a new user will be created automatically in LogMeOnce

  1. In the Enterprise Application go back to Single Sign On
  2. Azure15.png
  3. At the bottom for Step 5 “Test single sign-on" click on Test
  4. The current user needs to have been added to the list of users in the Enterprise Application in the previous section “Add Permissions to the Azure Enterprise Application”

    Click “Test sign in”
  5. Azure16.png
  6. Sign in should log you directly into LogMeOnce
Helpful Articles How to Create SAML Identity Provider (IdP)




Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.

Can't find what you're looking for?

Let us help you!

Submit a request

Copyright © 2011-2020 LogMeOnce. All rights reserved.

Made with ❤️ by viablecube