2. Azure SSO#
With Azure SSO, you can use just one set of credentials to conveniently access TrustView and any other Azure related apps.
Tip
More information can be found here.
2.1. Configure Azure Single Sign-On (SSO)#
Sign in to the Microsoft Entra admin center (Microsoft Entra) as at least a
Cloud Application Administrator.Browse to
IdentityApplicationsApp registrationsand selectNew registration.Specify a
name.Specify
Supported account types.Under
Redirect URIspecifyWeband type theURLof your TrustView instance.Specify the redirect URI#1<trustview endpoint>/azuressoTip
Example: https://trustview.local/azuresso
Select
Registerto complete the initial app registration.You will now see the newly created app registration.
Save the
clientID,ObjectID (subscription ID)andTenant IDas you will need it for the configuration in TrustView.You then need to add a secret. Go to
Certificates & secretsand clickNew client secret.
Save the
secret value.You have now created a client that can be used for Azure SSO in TrustView.
But before you are ready, you need to add another API permission:
Select
API permissionsClick
Add a permissionClick
Microsoft GraphClick
Application permissionsSelect permission
GroupMember.Read.AllandUser.Read.AllClick
Add permissionsTip
If you can’t find the necessary permissions, you can search for them, in the search field.
Lastly the newly added permission, has to be granted. Click
Grant admin consent for <domain>.Log into TrustView with a global admin user and browse to
Global settings.
You then need to type in the
clientID,ObjectID,Tenant IDand thesecretcreated.
Type
clientIDinto client IDType
objectIDinto subscription IDType
tenant Idinto tenant IDType
secretinto client secretClick
update.Under
Users, organizations and contactsin TrustView, you can see a button to settings for Azure single sign-on (SSO), where it will be possible to map Azure groups to TrustView Overview of roles.On the login page a link to Azure SSO will be visible:
Log on with Azure Single sign on? Click here.