Setting up an Organisation Workspace SSO on Microsoft Entra ID (Azure Active Directory)

As an Organisation Admin, you can set up and configure an Organisation Workspace SSO. This will allow you to manage the authentication and access control for multiple users within an organisation. For example, the SSO can simplify the login process by allowing the users to sign in once and access multiple applications (including Pigeonhole Live) without the need to enter the login credentials again.

In this documentation, we will navigate the following steps to help you set up your Organisation Workspace SSO to prevent unauthorised access to confidential meetings and events. 

  • Navigation to Organisation SSO Setup Page
  • Create an Application on Azure Active Directory
  • Create a User on Azure Active Directory
  • Add Organisation SSO Profile

Let's get started 🚀

Note: Microsoft has renamed Azure Active Directory to Microsoft Entra ID.

Navigation to Organisation SSO Setup Page

Step 1: Log in to your Pigeonhole Live account to access its dashboard. Click on your Workspace selection list from the top-left corner of the interface.

Step 2: Select your Organisation name from your workspace selection list.

Step 3: Click on the Settings button from the top navigation bar to configure the organisation's Single Sign-On setup.

Step 4: Select the Single Sign-On option from the Organisation Settings to configure access to your workspace via the company‘s identity provider (Azure Active Directory).

While setting up SSO for workspace users, copy the Callback URL and Service Provider Entity ID.

Parameters Description Actions
Callback URL The callback URL is a request parameter. It is the URL to which users are redirected once the authentication is complete. This is where your application receives and processes the response from Azure Active Directory. Copy the Callback URL
Service Provider Entity ID An identity provider (IDP) is a service that keeps and handles digital identities. They offer a way to manage access, adding or withdrawing privileges, while security remains tight. Copy the SP Entity ID.

 

Create an Application on Azure Active Directory

Create an application in the Azure Active Directory Dashboard, which you can use in your application while setting up organisation SSO for your workspace using Pigeonhole Live.

Step 1: Sign in to your Azure account and it will redirect you to its dashboard. Click on the Microsoft Entra ID service option present in the middle of the dashboard.

Microsoft Entra ID is a cloud-based directory and identity management service that provides authentication and authorization services to a variety of Microsoft applications.

Step 2: Click on the Enterprise applications option from the left menu of the interface.

Enterprise application refers to the application identity within your directory (Azure AD). The service principal (enterprise app) can only be granted access to the directory where it exists and acts as an instance of the application.

image8.png

Step 3: Click on the New application to create a new application for SSO.

image27.png

Step 4: Click on the Create your own application button from the left of the interface.

A dialog window will pop up from the right of the interface where you will need to enter the application name and select your objective of creating an application: 

  • Configure Application Proxy for secure remote access to an on-premises application
  • Register an application to integrate with Microsoft Entra ID (App you're developing)
  • Integrate any other application you don't find in the gallery (Non-gallery)

Step 5: After entering the application name and selecting your purpose for creating an application, click on the Create button.

image24.png

Configure Application

After creating an application, you will need to configure the application by pasting the callback URL and service provider entity ID to establish a secure and authorised communication link between Pigeonhole Live and Azure Active Directory and mapping within its directory so that it sends the correct user profile attributes to the application(s).

Step 1: Click on Set up single sign on option from the middle of the interface to enable users to sign into their application using their Microsoft Entra credentials.

image12.png

Start creating your new app integration by selecting an application type as a sign-in method. We have selected the SAML option (as Pigeonhole Live support this method to set up SSO).

Methods Description
Disabled Select disabled SSO, when the application isn't ready to be configured for SSO.
SAML Select SAML whenever possible for existing applications that don't use OpenID Connect or OAuth.
Password-based Select password-based, when the application has an HTML sign-in page. 
Linked Select linked when the application is configured for SSO in another identity provider service. 

 

image6.png

Step 2: After selecting the SAML option, you will be redirected to the Set up Single Sign-On with SAML page. Locate and click on the Edit icon in the Basic SAML Configuration section. 

A Basic SAML Configuration window will pop up from the right of the interface where you will need to enter the required details for SAML configuration.

Step 3: Click on the Add identifier button and paste the Service Provider Entity ID in the identifier field copied from Pigeonhole Live’s Single Sign-On page “Set up your identity provider” section.

Step 4: Click on the Add reply URL button and paste the Callback URL in the reply URL & Sign on URL fields copied from Pigeonhole Live’s Single Sign-On page “Set up your identity provider” section.

 

Step 5: Click on the Save button.

A toast message will display on the top right corner of the interface notifying you about successfully saving the single sign-on configuration.

Step 6: Download the Federation Metadata XML file from the SAML Certificates section.

Assign Organisation Admin

After creating the App (SAML) integration for workspace SSO, you can assign a user as an Organisation Admin to the application that you created on SSO.

Step 1: Click on the Users and groups option from the left menu of the interface.

Step 2: Click on the Add user/group button.

image13.png

Step 3: Click on the None Selected option.

Step 4: A window will pop up in the middle of the interface from where you will need to select the user checkbox and click on the Select button. 

Step 5: Once the user is selected, click on the Assign button. 

This will add your assigned Organisation Admin to the Application that has been set up in Azure Active Directory. 

Add Organisation SSO Profile

After creating an application and user in Azure Active Directory, you can add an SSO profile for your organisation that lets you log into the application server and Data Center with Azure Active Directory credentials.

Step 1: From the Single Sign-On Page, click on the Add Organisation SSO profile button.

 

Step 2: A modal window will appear on the screen, where you must enter the SSO Profile name and upload the IdP metadata file. 

Step 3: Click on the Test configuration button to validate the integration between Azure Active Directory and the SSO setup in Pigeonhole Live is functioning correctly.

 

image16.png

Step 4: You will be redirected to the Azure Active Directory login page. Enter the Organisation Admin credentials (the user you created on Azure Active Directory), and click on the Next button.

You will be again redirected to Pigeonhole Live with a Single sign-on configuration message where you need to click on the Apply new configuration button to add the Workspace Azure Active Directory SSO.

Note: If you wish to discard the new set-up and revert to your old SSO configuration, select Keep existing configuration. 

This will complete the Organisation Workspace SSO setup by adding a new SSO profile.