Azure SSO¶

Tip

More information can be found here

Configure Azure Single sign-on (SSO)¶

Step 1¶

Browse to Identity Applications App registrations and select New registration.

Specify a name.

Specify Supported account types.

Under Redirect URI specify Web and type the URL of your TrustView instance.

Specify the redirect URI¶

<trustview endpoint>/azuresso

Tip

Example: https://trustview.local/azuresso

Select Register to complete the initial app registration.

You will now see the newly created app registration.

Save the clientID, ObjectID (subscription ID) and Tenant ID as you will need it for the configuration in TrustView.

Step 2¶

You then need to add a secret. Go to Certificates & secrets and click New client secret.

Save the secret value.

You have now created a client that can be used for Azure SSO in TrustView.

Step 3¶

But before you are ready, you need to add another API permission:

Select API permissions

Click Add a permission

Click Microsoft Graph

Click Application permissions

Select permission GroupMember.Read.All and User.Read.All

Click Add permissions

Tip

If you can’t find the necessary permissions, you can search for them, in the search field.

Lastly the newly added permission, has to be granted. Click Grant admin consent for <domain>.

Step 4¶

Log into TrustView with a global admin user and browse to Global settings.

You then need to type in the clientID, ObjectID, Tenant ID and the secret created.

Type clientID into client ID

Type objectID into subscription ID

Type tenant Id into tenant ID

Type secret into client secret

Click update.

Step 5¶

Under Users, organizations and contacts in TrustView, you can see a button to settings for Azure single sign-on (SSO), where it will be possible to map Azure groups to TrustView Overview of roles.

On the login page a link to Azure SSO will be visible:

Log on with Azure Single sign on? Click here.