Configuring Attendee SSO for Azure Active Directory

This article will walk you through the steps for setting up Attendee Single Sign-on (SSO) for Azure Active Directory. First, refer to this article to complete the initial steps of setting up SSO.

Once you've completed the necessary steps follow the instructions below to continue SSO configuration for Azure Active Directory. 

1. Go to your Pigeonhole Live account. Click on your Profile > SSO Configuration.

Screen_Shot_2018-08-06_at_10.24.08_AM.png

2. Click on the Attendees tab and complete the two-step setup.

staging-dashboard.pigeonhole.at_sso_config-attendees_iPad_Pro_.png

3. Configure Attributes on your IdP: Azure Active Directory

Active directory has the name attributes in place and is set to user.userprincipalname by default.

  1. Open the Azure portal and navigation to your Azure Active Directory.
  2. Under User Attributes, click on the Edit icon.

Click on the Unique User Identifier (Name ID). An Edit attribute will be prompted

  • Change the name identifier format to Email Address 
  • Change the Source attribute to user.mail

Screenshot_from_2019-09-11_16-41-34.png 

Click Add New Claim. Fill in the fields as follows:

Screenshot_from_2019-09-11_16-57-19.png
Note: if you already have Name attribute, change the Source Attribute to user.displayname 


4. Fill in the fields with the details you previously obtained from Active Directory or upload the Metadata provided. 

staging-dashboard.pigeonhole.at_sso_config-attendees_disableManager_1_iPad_Pro___1_.png

 

5. After you have completed the steps above, return to your Team Workspace.

By default, your Pigeonholes are not configured to require SSO for attendees. To turn on SSO for your attendees, go to Pigeonhole> More settings > Security, and enable SSO for Attendees. Then click Save.


staging-dashboard.pigeonhole.at_p_8954_security_disableManager_1_iPad_Pro_.png

 

When your event attendees enter your Event Passcode or scan your Event QR code, they will be brought to your corporate Active Directory domain to be authenticated. Only after successful authentication will they be redirected to your Pigeonhole where they can start engaging.

Screen_Shot_2019-11-08_at_2.00.18_PM.png

 

Note: You can only make one sign-in option (SSO for attendees or Pre-created Attendees Profile) available at any one time. The other sign-in option will be disabled when either is selected.