Configuring Attendee SSO for Azure Active Directory

This article will walk you through the steps for setting up Attendee Single Sign-on (SSO) for Azure Active Directory. First, refer to this article to complete the initial steps of setting up SSO.

Once you've completed the necessary steps follow the instructions below to continue SSO configuration for Azure Active Directory. 

1. Go to your Pigeonhole Live account. Click on your Profile > SSO Configuration.

Screen_Shot_2018-08-06_at_10.24.08_AM.png

2. Click on the Attendees tab and complete the two-step setup.

Screen_Shot_2020-02-28_at_3.51.16_PM.png

Configure Attributes on your IdP: Azure Active Directory

Active directory has the name attributes in place and is set to user.userprincipalname by default.

  1. Open the Azure portal and navigation to your Azure Active Directory.
  2. Under User Attributes, click on the Edit icon.

Click on the Unique User Identifier (Name ID). An Edit attribute will be prompted

  • Change the name identifier format to Email Address 
  • Change the Source attribute to user.mail

Screenshot_from_2019-09-11_16-41-34.png 

Click Add New Claim. Fill in the fields as follows:

Screenshot_from_2019-09-11_16-57-19.png
Note: if you already have Name attribute, change the Source Attribute to user.displayname 

 

Fill in the SAML parameters you obtained from Azure

1. Fill in a name for your SSO Profile name according to your organisation's SSO naming convention.

2. Then, fill in the details you obtained from Azure or upload the Metadata file provided, and click save.

 

Screen_Shot_2020-02-28_at_3.53.58_PM.png 

3. After you have completed the steps above, return to your Team Workspace.

By default, your Pigeonholes are not configured to require SSO for attendees. To turn on SSO for your attendees, go to Pigeonhole> More settings > Security. Under Single Sign-On for Attendees, select the Attendee SSO Profile that you want to enable and click save. 

Screen_Shot_2020-02-28_at_3.59.53_PM.png 

When your event attendees enter your Event Passcode or scan your Event QR code, they will be brought to your corporate Active Directory domain to be authenticated. Only after successful authentication will they be redirected to your Pigeonhole where they can start engaging.

Screen_Shot_2019-11-08_at_2.00.18_PM.png

 

Note: You can only make one sign-in option (SSO for attendees or Pre-created Attendees Profile) available at any one time. The other sign-in option will be disabled when either is selected.