Setting up an Organisation Attendee SSO on Microsoft Entra ID (Azure Active Directory)

As an Organisation Admin, you can add an Attendee SSO profile so that the participants can seamlessly access an event without going through the repetitive login process across different applications on the attendee’s end. This not only enhances convenience but also ensures accountability by verifying the identification of each attendee.

In this documentation, we will navigate you through the following steps to help you set up your Organisation Attendee SSO to prevent unauthorised access to confidential meetings and events.

  • Navigation to Organisation SSO 
  • Add Attendee SSO Profile 
  • Create an Application on Azure Active Directory 
  • Edit Attendee SSO Profile 

Let’s get started 🚀

Note: Microsoft has renamed Azure Active Directory to Microsoft Entra ID.

Navigation to Organisation SSO

Step 1: Log in to your Pigeonhole Live account to access its dashboard. Click on your Workspace selection list from the top-left corner of the interface.

image17.png

Step 2: Select your Organization name from your workspace selection list.

image4.png

Step 3: Click on the Settings button from the top navigation bar to configure the organisation's Single Sign-On setup.

image18.png

Step 4: Select the Single Sign-On option from the Organisation Settings to configure access to your workspace via the company‘s identity provider (Azure Active Directory).

image9.png

Add Attendee SSO Profile

Adding an attendee SSO Profile ensure a seamless login experience for attendees while maintaining security measures specified by the organisation. It creates a more efficient, user-friendly, and secure authentication process for accessing interactive events and engagement features.

Step 1: From the Single Sign-On Page, click on the Add attendee SSO profile button.

image36.png

Further, you will need to follow the actions for the parameters listed on the attendee SSO profile as shown in the following table:

Parameters Description Actions
Callback URL The callback URL is a request parameter. It is the URL to which users are redirected once the authentication is complete. This is where your application receives and processes the response from Azure Active Directory. Copy the Callback URL
Service Provider Entity ID An identity provider (IDP) is a service that keeps and handles digital identities. They offer a way to manage access, adding or withdrawing privileges, while security remains tight. Copy the SP Entity ID.

 

image14.png

Create an Application on Azure Active Directory

Create an application in the Azure Active Directory Dashboard, which you can use in your application while setting up organisation SSO for your attendees using Pigeonhole Live.

Step 1: Sign in to your Azure account and it will redirect you to its dashboard. Click on the Microsoft Entra ID service option present in the middle of the dashboard.

Microsoft Entra ID is a cloud-based directory and identity management service that provides authentication and authorization services to a variety of Microsoft applications.

image33.png

Step 2: Click on the Enterprise applications option from the left menu of the interface. 

Enterprise application refers to the application identity within your directory (Azure AD). The service principal (enterprise app) can only be granted access to the directory where it exists and acts as an instance of the application.

image2.png

Step 3: Click on the New application to create a new application for SSO.

Step 4: Click on the Create your own application button from the left of the interface.

image39.png

A dialog window will pop up from the right of the interface where you will need to enter the application name and select your objective of creating an application: 

  • Configure Application Proxy for secure remote access to an on-premises application
  • Register an application to integrate with Microsoft Entra ID (App you're developing)
  • Integrate any other application you don't find in the gallery (Non-gallery)

Step 5: After entering the application name and selecting your purpose for creating an application, click on the Create button.

image22.png

Configure Application

After creating an application, you will need to configure the application by pasting the callback URL and service provider entity ID to establish a secure and authorised communication link between Pigeonhole Live and Azure Active Directory and mapping within its directory so that it sends the correct user profile attributes to the application(s).

Step 1: Click on Set up single sign on option from the middle of the interface to enable users to sign into their application using their Microsoft Entra credentials.

Start creating your new app integration by selecting an application type as a sign-in method. We have selected the SAML option (as Pigeonhole Live support this method to set up SSO).

Methods Description
Disabled Select disabled SSO, when the application isn't ready to be configured for SSO.
SAML Select SAML whenever possible for existing applications that don't use OpenID Connect or OAuth.
Password-based Select password-based, when the application has an HTML sign-in page. 
Linked Select linked when the application is configured for SSO in another identity provider service. 

 

Step 2: After selecting the SAML option, you will be redirected to the Set up Single Sign-On with SAML page. Locate and click on the Edit icon in the Basic SAML Configuration section. 

 

A Basic SAML Configuration window will pop up from the right of the interface where you will need to enter the required details for SAML configuration.

Step 3: Click on the Add identifier button and paste the Service Provider Entity ID in the identifier field copied from Pigeonhole Live’s Single Sign-On page “Set up your identity provider” section.

 

Step 4: Click on the Add reply URL button and paste the Callback URL in the reply URL field copied from Pigeonhole Live’s Single Sign-On page “Set up your identity provider” section.

Note: If you expect attendees to access a Pigeonhole that is custom-branded with a custom URL, you need to add the custom URL as an additional Reply URL. For example, if your custom branded Pigeonhole has a custom URL like https://acme.pigeonhole.at/, then you must add https://acme.pigeonhole.at/auth as an additional Reply URL. Otherwise, your attendees will not be able to access the Pigeonhole.  Learn more about Custom Branding 

 

Step 5: Click on the Save button.

 

A toast message will display on the top right corner of the interface notifying you about successfully saving the single sign-on configuration.


Step 6:  Ensure that you have the name and emailaddress attribute under Attributes and Claims. By default, Microsoft Entra ID should already provide these values. 

Screenshot 2024-10-09 at 2.50.52 PM.png

 

Step 7: Download the Federation Metadata XML file from the SAML Certificates section.

 

Assign Attendee

After creating the App (SAML) integration for attendees, you can assign a user as an attendee to access an event without going through the repetitive login process across different applications on the attendee’s end. For more information about adding a user in Azure Active Directory, refer to this link.

Step 1: Click on the Users and groups option from the left menu of the interface.

Step 2: Click on the Add user/group button.

Step 3: Click on the None Selected option.

Step 4: A window will pop up in the middle of the interface from where you will need to select the user checkbox and click on the Select button. 

Step 5: Once the user is selected, click on the Assign button.

This will add your assigned Organisation Attendee to the Application that has been set up in Azure Active Directory.

Edit Attendee SSO Profile

After creating an application in Azure Active Directory, you will need to edit an Attendee SSO profile which involves modifying the SAML settings associated with the organisation SSO from Pigeonhole Live.

Step 1: From the Single Sign-On Page, click on the Edit button of your Attendee SSO profile.

Step 2: A modal window will appear on the screen, where you must enter the Attendee SSO Profile name and upload the IdP metadata file.

Step 3: Click on the Save button to save the SAML settings containing your IdP metadata associated with the organisation SSO.

This will complete the Organisation Attendee SSO setup.

Enable SSO for your Attendees

Manage the attendee SSO profiles for your workspaces from Pigeonhole Live events using SSO configuration. 

Step 1: Click on your Organisation selection list from the top-left corner of the interface and select your Workspace name from your Organisation selection list.

Step 2: Click on your Workspace selection list from the top-left corner of the interface and select the Workspace Settings of your selected workspace.

Step 3: Select the Pigeonhole policies option to configure Attendee SSO profile availability.

Step 4: Check the Availability option corresponding to the Attendee SSO profile you added.

Note: Selecting "Default" for the Attendee SSO profile will let you set that attendee profile as the default for every newly created pigeonhole (event).

Step 5: Click on the Save button to save the changes. 

Step 6: Select the Pigeonholes tab from the top navigation bar and this will take you to the Pigeonhole page where you need to set up an Event which will apply the saved SSO configuration for the attendee. 

For Setting up the Pigeonhole Live event, refer to this documentation on- Setting up and Editing your Event Info

Step 7: Click on the Attendees tab from the top menu bar.

Step 8: Navigate to the “Registrant Profiles” section, uncheck the Enable registrant profile for this event option and click on the Save button.

Step 9: Click on the Security tab from the menu bar.

Step 10: Select the Attendee SSO profile which you added for your workspace from organisation settings and click on the Save button.

This will complete the configuration for the Organisation Attendee SSO setup. Now you can Run link (Audience Web App) which will redirect you to access Azure Active Directory Attendee SSO. This is what your attendees entering this Pigeonhole will see when accessing the Pigeonhole link.