This article describes the steps required to configure Single Sign-On (SSO), using Azure Active Directory (AAD) as the identity provider.
Once this has been successfully configured, users are redirected after entering their username into the Buttonwood Exchange login screen, to Azure Active Directory where they are authenticated via Azure AD instead of being authenticated by the Buttonwood Exchange local identity service.
This process ensures that identity management is performed at the source of truth and streamlines the management of password for users.
Note: Even with SSO configured, users are still prompted to set a local password on account activation. This is for use if SSO is turned off.
- Administrative access to the Azure Portal
- Log in to the Azure Portal
- Navigate to All Services > Identity > App registrations
- Click New registration
- In the Register and application blade, enter the following information:
- Name: A name for the application
- Supported account types: Select Accounts in this organizational directory only
- Redirect URI: Select Web and enter https://adfs.bcx.buttonwood.net/adfs/ls
- Click Register
- A notification displays the status of the registration
- Within the new App registration, click Endpoints
- Record the Federation metadata document endpoint - this will need to be provided to Buttonwood
- Close the Endpoints blade
- From the Manage sub-menu, select Expose an API
- For the Application ID URI, click Set
- In the Set/Edit the App ID URI dialog, enter the following information:
Application ID URI: Enter http://adfs.bcx.buttonwood.net/adfs/services/trust
- Click Save
- Provide the recorded Federation metadata document endpoint to Buttonwood Support who will complete the configuration