This article describes the steps required to configure Single Sign-On (SSO), using Azure Active Directory (AAD) as the identity provider (IdP).
Enabling SSO with Azure AD involves:
- Creating an Azure AD App Registration
- Enabling SSO in Buttonwood Central
Note: With SSO configured, users are still prompted to set a local password when activating their account in Buttonwood Central. This password is used if organisation administrators turn off SSO for a domain.
Configuring Azure AD
Prerequisites
- Administrative access to the Azure Portal
Configuration Steps
- Log in to the Azure Portal
https://portal.azure.com - Navigate to All Services > Identity > App registrations
- Click New registration
- In the Register and application blade, enter the following information:
- Name: A name for the application
- Supported account types: Select Accounts in this organizational directory only
- Redirect URI: Select Web and enter https://adfs.bcx.buttonwood.net/adfs/ls
- Click Register
- A notification displays when the application has been created
- From the app registration Overview blade, click Add an Application ID URI
Alternatively, navigate to Manage > Expose and API - From the Expose an API screen, click Set next to Application ID URI
- On the Set the App ID URI prompt, replace the default value with
http://adfs.bcx.buttonwood.net/adfs/services/trust - Click Save
- A notification displays when the application has successfully saved
Configuring Buttonwood Central
Prerequisites
- Administrative access to the Buttonwood Central
- Azure Active Directory has been configured to accept SSO requests from Buttonwood
- Custom Domain added and verified in Buttonwood Central
Procedure Steps
- Login to the Buttonwood Central
- Navigate to Manage > Custom Domains
- For the domain to be enabled, click Enable SSO
Note: This option does not appear unless the domain has been verified
Note: Organisation administrators can add multiple custom domains but only enable SSO for a subset of domains
- On the Choose a SSO Provider screen, select the following:
- SSO Provider: Azure Active Directory
- SSO Provider: Azure Active Directory
- Click Enable SSO
- A message indicates the status of the request
- The SSO Status for the domain changes to Provisioning and may take a few minutes to process before changing to Enabled