Single Sign-On with Azure AD
Let us see how to configure Microsoft Azure AD your system before getting ready to work with Opkey.
Post Configuration, users can sign in using Azure AD credentials.
Configuration Azure AD on your system
- Set up a connection app for Opkey SSO.
- Open the Azure AD login page on the browser and sign in to Azure as an administrator.
- Go to Admin Dashboard.
- Click on the Azure Active Directory icon.
- You’ll be redirected to a page where you need to click on the Enterprise Application.
- Once you’ve been navigated to a new window, click on the “New Application”.
- In this window, click on Azure AD SAML Toolkit icon.
- On getting redirected to a new window, enter a Demo name.
- In the next window, enter details of Entity ID and Assertion Consumer service URL.
- Enter values of Email, First Name, Group, Last Name, Name on the next window.
- Enter details of Signing Option, Signing Algorithm, Notification, and Email Address.
The Azure AD will be configured on your system.
Getting Started with SSO Feature in Opkey
- Login to OpKey Web using valid credentials.
- Navigate to the Admin Console & select the Single Sign-On tab. Configure Single-On page opens.
- From the Single Sign-On page, you need to add and configure Identity Provider.
- Click on Add button to add an Identity Provider.
- Select Identity Provider (as Azure AD from the list) & enter IdP Issuer, Display Name, IdP Single Sign-On URL, and API Key and then click on Add. You can check Verify Signature checkbox if required.
- Identity Provider: Select “ADFS” from the drop-down.
- IdP Entity ID: Identity Provider Issuer from Azure AD, specified earlier.
Single Sign-On Service: Identity Provider Single Sign-On URL from Azure, specified earlier.
- Once the Identity Provider (Azure) has been added successfully, you can view it here.
- Further, you can modify and delete it, as required.
- Click on Modify Single Sign-On button to modify it. Fill in all the required fields (Identity Provider, IdP Issuer, Display Name, IdP Single Sign-On URL, Certificate to Validate Signature, and API Key) and click on Modify.
- A new window will open up where you need to provide the details and click on Modify.
- Once the settings are saved, another option “Allow OpKey Login To” gets enabled which will allow admin to enforce a login type for their users by choosing either of the 3 options as “OpKey Users Only”,“Single Sign-On”, “Both OpKey and SSO Users”. So, according to the option selected, OpKey will allow the user to log in. In case, the user has configured the SSO service.
- Further, you need to create Group(s) on Azure & add people to the Group(s) from Group Management as described below:
Click on the User Management icon on the left panel and select Group Management.
Group Management under the Admin Console of OpKey allows you to manage groups of users. Here you can view the list of existing Groups along with details like Service Provider, Name, Projects, OpKey Admin Privileges & Actions. You can edit & delete existing groups as per requirement but you should have Admin privileges to do that.
- Navigate to the Group Management tab under the Admin Console in OpKey.
A new window will be opened.
- Click on Add Group button. Add Groups page opens.
- Select & fill all required fields & click on Add to create a new Group. You can mark the Opkey Admin checkbox to provide Admin privileges to the Group.
- Here, you can view that a new Group has been created successfully. People belonging to this Group can now work on the assigned OpKey project(s) while logging through Azure AD SSO.
- Now, people belonging to the added Group(s) can log in to OpKey Web using the Azure AD SSO feature.
- Open your OpKey Web login page & click on the Login with Azure link.