This article describes the steps required to configure Single Sign-On (SSO), using Azure Active Directory (AAD) as the identity provider.
Once this has been successfully configured, users are redirected after entering their username into the Buttonwood Exchange login screen, to Azure Active Directory where they are authenticated via Azure AD instead of being authenticated by the Buttonwood Exchange local identity service.
This process ensures that identity management is performed at the source of truth and streamlines the management of password for users.
Note: Even with SSO configured, users are still prompted to set a local password on account activation. This is for use if SSO is turned off.
- Administrative access to the Azure Portal
- Administrative access to the Exchange UI
Configuring Azure AD
- Log in to the Azure Portal
- Navigate to All Services > Identity > App registrations
- Click New registration
- In the Register and application blade, enter the following information:
- Name: A name for the application
- Supported account types: Select Accounts in this organizational directory only
- Redirect URI: Select Web and enter https://adfs.bcx.buttonwood.net/adfs/ls
- Click Register
- A notification displays the status of the registration
Configuring Buttonwood Exchange
- Login to the Exchange UI as an administrative user
- Navigate to Manage > Organisation
- Select the Custom Domains tab
- Click Add
- On the Email Verification Code screen, enter and email address which is able to receive emails to the added domain - a verification email is sent to this address
- Click Send
- For the added domain, click Verify
- Use the verification code from the email to verify the domain
- For the verified domain, click Enable SSO
- On the Choose a SSO Provider screen, select Azure Active Directory as the SSO Provider
- Ensure that Azure Active Directory has been configured to accept SSO requests from Buttonwood
Click Enable SSO
- A message indicates the status of the request