This article will walk you through the steps for setting up Attendee Single Sign-on (SSO) for Azure Active Directory. First, refer to this article to complete the initial steps of setting up SSO.
Once you've completed the necessary steps follow the instructions below to continue SSO configuration for Azure Active Directory.
1. Go to your Pigeonhole Live Workspace. Click on your Profile on the top-right corner of the page > SSO Configuration.
2. Click on the Attendees tab and complete the two-step setup.
Configure Attributes on your IdP: Azure Active Directory
Active directory has the
name attributes in place and is set to
user.userprincipalname by default.
- Open the Azure portal and navigation to your Azure Active Directory.
User Attributes, click on the
Click on the Unique User Identifier (Name ID). An Edit attribute will be prompted
- Change the name identifier format to Email Address
- Change the Source attribute to user.mail
Click Add New Claim. Fill in the fields as follows:
Note: if you already have Name attribute, change the Source Attribute to user.displayname
Fill in the SAML parameters you obtained from Azure
1. Fill in a name for your SSO Profile name according to your organisation's SSO naming convention.
2. Then, fill in the details you obtained from Azure or upload the Metadata file provided, and click save.
3. After you have completed the steps above, return to your Team Workspace.
By default, your Pigeonholes are not configured to require SSO for attendees. To turn on SSO for your attendees, go to Pigeonhole> More settings > Security. Under Single Sign-On for Attendees, select the Attendee SSO Profile that you want to enable and click save.
When your event attendees enter your Event Passcode or scan your Event QR code, they will be brought to your corporate Active Directory domain to be authenticated. Only after successful authentication will they be redirected to your Pigeonhole where they can start engaging.
Note: You can only make one sign-in option (SSO for attendees or Registrant Profiles) available at any one time. The other sign-in option will be disabled when either is selected.