Single Sign-On (SSO) is a user authentication service that enables users to use one set of login credentials, such as name and password, to access multiple applications. The Dynamic Signal platform offers SAML 2.0 Single Sign-On (SSO) to provide seamless user registration and logon flow. Microsoft Azure is one of the common SSO providers used by clients.
To set up Azure SSO for your Community, see the sections below.
Before starting your SSO configurations, please contact your Customer Success Manager (CSM) to enable SSO for your Community. If you plan to enable user provisioning from Azure Active Directory, refer to the following requirements:
- Enable Divisions – To fully take advantage of the SCIM provisioning, you must enable Divisions for your Community. To Enable Divisions, ask your CSM or see Enable Divisions on the Dynamic Signal Support Site.
- Access to API Page – To access the API page, go to Admin > Advanced > API. If you do not have access to your Community’s API page in the Dynamic Signal app, please ask your CSM to provide you with permissions.
Set Up Azure SSO
To get started you need to create a new enterprise application in Azure Active Directory. Select the Dynamic Signal app from the Azure Marketplace gallery. Once the application is created, you need to go to the Single Sign-On section to make the proper configurations for SSO.
To set up Azure SSO, complete the following steps.
- Log on through your Azure portal, go to Azure Active Directory and click Enterprise Applications.
- To add a new application, click + New Application.
- Search for Dynamic Signal in the search field under gallery applications and enter a name in the Name field.
- Click Add to create the application. The app may take a few seconds to be added.
- Click Single Sign-On in the Manage region and select SAML to begin to configure the application.
- In the Identifier and Reply URL fields, you need to enter the URLs you obtain from the metadata file on the Single Sign-On page of the Dynamic Signal platform Manager app.
- To access the metadata XML file from the Dynamic Signal Manager app, log on to the app with an account that has Manager privileges. Click the hamburger button at the top left and select Manage Community. If you do not have Manager permissions in the Dynamic Signal app, contact your Customer Success Manager.
- In the Dynamic Signal Manager app, go to Admin > Registration > Single Sign-On.
- You can view and download the Service Provider Metadata (XML file) and copy and paste the URLs in the Identifier and Reply URL fields in Step 7. For the Identifer field, copy and paste the entityID in the <md:EntityDescriptor /> tag. For the Reply URL, copy and paste the Location in <md:AssertionConsumerService /> tag.
- Once you have the correct URLs for the Identifier and Reply URL fields, enter a value in the User Identifier field. This value should be unique to all users and should not be changed.
- Click Add Attribute to add the names of all attributes and identifiers in Azure, and ensure that you do not use spaces. Make sure to include the user first name, last name and identifier(s). In the example below, the user identifier is upn or user.principalname and email address or user.mail.
- In the Dynamic Signal Single Sign-On page, enter the names of all attributes and identifiers you defined in Azure in the previous step.
Download the Base64 certificate and Metadata XML.
- You will find the certificate between the <X509Data><X509Certificate> and </X509Data></KeyInfo></KeyDescriptor> tags in the Metadata XML file downloaded in the above step. Add the certificate to the Identity Provider Certificate field on the Single Sign-On page of the Dynamic Signal Manager app.
- In the Service URL & Binding field of the Dynamic Signal Single Sign-On page, add the URL from the metadata file in the step above. You can find the URL in the <SingleSignOnService /> tag in the above Metadata XML file. Ensure that you use the URL for HTTP-POST method.
- Once all the above steps have been completed, save all settings and enable SSO on the platform by selecting the Enable SSO check box.