Administration Portal SSO Setup Guides
The following documentation provides step-by-step instructions for configuring Single Sign-on (SSO) for your Symbee Connect Administration portal with some of the commonly used SAML-compliant Identity Providers (corporate directories).
For general reference documentation of Administration Portal SSO, also refer to: Administration User Single Sign-On (SSO).
Configure Admin SSO with Microsoft Azure Active Directory
Follow these steps to allow your Symbee Connect administrators to gain access to the Symbee Connect Admin Portal using their authenticated session with your corporate Microsoft Office 365 Azure Active Directory.
Step 1 - Log into Azure AD, declare a New Enterprise App, and assign to required users
Log into Azure Active Directory
Within the Enterprise Applications section, at the top of the view, select the + Create your own Application option to add a new Application, as there won’t be one listed in the App Integrations Gallery for this.
Give your application a name – for example: Symbee Connect Admin Portal, and select the Integrate any other application you don’t find in the gallery… option
After the Enterprise Application is created, assign it to your required users
Step 2 - Configure SAML SSO settings for your new Enterprise App within Azure
Note: At the same time as below, also log into the Symbee Connect Administration Portal as a full Company Administrator in another tab, and navigate to the Single Sign On configuration page (under the Company dropdown menu, Security Settings / Single Sign-On) as you need the values from this page to populate in the steps below.
- In Azure AD, select the newly created Enterprise Application, and select Single Sign-on in the left navigation bar, and select the SAML method on the right
- Under the main Setup Single Sign-on with SAML configuration page, select Edit on Step 1 (Basic SAML Configuration)
- Copy the Service Provider SAML Audience Entity ID value (a URL) from the Symbee Connect SSO page to the Identifier (Entity ID) field in the Azure Enterprise App
- Copy the Service Provider Assertion Consumer Service (ACS) URL value from the Symbee Connect SSO page to the Reply URL (Assertion Consumer Service URL) field in the Azure Enterprise App
- Leave the Sign On URL, and Relay State fields in the Azure Enterprise App blank (not needed)
- Copy the Service Provider Single Logout (SLO) URL value from the Symbee Connect SSO page to the Logout URL field in the Azure Enterprise App
- Save your updates. See below for reference as an example:
Step 3 - Complete the SAML SSO configuration within Symbee Connect
Note: At the same time as below, within Azure AD, remain in the SAML-based Sign-on page of your newly configured Enterprise App, as you need the values from this page to populate in the steps below.
- In the Security Settings / Single Sign-On screen under the Company dropdown menu in your Symbee Connect Administration Portal…
- Provide a description for your Single Single-On configuration for your internal notes in the Identity Provider Description field provided
- Copy the value from your Enterprise App SAML “4” section named Azure AD Identifier into the Identity Provider Entity Identifier field provided in the Symbee Connect SSO screen
- Copy the value from your Enterprise App SAML “4” section named Login URL into the Identity Provider Single Sign-On Request URL field provided in the Symbee Connect SSO screen
- Copy the value from your Enterprise App SAML “4” section named Logout URL into the Identity Provider Single Logout Response URL field provided in the Symbee Connect SSO screen
For reference – these fields from your Azure Enterprise App SAML configuration screen:
- Copy the value from your Enterprise App SAML “3” section named App Federation Metadata URL into the Identity Provider Metadata URL (if available) field provided in the Symbee Connect SSO screen
For reference – this field from your Azure Enterprise App SAML configuration screen:
- Download the Signing Certificate using the Certificate (Base64) Download link from your Enterprise App SAML “3” section (see above for reference). Save this file locally, then open in a text editor, and copy the contents of the file into the Identity Provider Signing Certificate field provided at the bottom of your Symbee Connect SSO screen.
The completed section of your Symbee Connect SSO screen should look similar to the below:
- Save the updates.
Step 4 - Enable Single Sign-On within Symbee Connect, and test
- After saving your updates above, while still in the Single Sign-On screen in your PODUCT_NAME Administration Portal, check the Single Sign-On Enabled checkbox to enable the single sign-on functionality.
- Optionally you can also check the Single Sign-On Login Required (password-based access disabled) checkbox to block users from signing on with a password, forcing them to only sign in using SSO.
- Log out of the Symbee Connect Administration Portal, and from the Login page, test your Single Sign-On settings using the Or login with your corporate Single Sign On section of the Login window.