This article will guide you through the steps to set up Team Single Sign-on (SSO) for Azure Active Directory. First, refer to this article to complete the initial steps of setting up SSO.
Note: Microsoft has renamed Azure Active Directory to Microsoft Entra ID.
Once you've completed the initial steps, follow the instructions below to continue SSO configuration for Azure Active Directory.
1. In your Workspace, click on your Profile> SSO Configuration.
2. Click on the Dashboard Accounts tab, and complete the two-step setup.
Step 1: Configure Attributes on your IdP: Azure Active Directory
Active directory has the name
attributes in place and is set to user.userprincipalname
by default.
- Open the Azure portal and navigation to your Azure Active Directory.
- Under
User Attributes
, click on theEdit
icon.
Click on the Unique User Identifier (Name ID). You will see the prompt below:
- Change the name identifier format to Email Address
- Change the Source attribute to user.mail
Click Add New Claim and fill in the fields as follows:
Note: if you already have Name attribute, change the Source Attribute to user.displayname
Step 2: Fill in the parameters you obtained from Active Directory
1. Under Provide us you SAML parameters section, click on the Add SAML configuration button.
2. Fill in the details you obtained from Active Directory. You may also choose to upload the metadata file provided.
3. Then, select Test Configuration.
3. You will be redirected to the Active Directory domain to be authenticated.
Continue to log in using your SSO credentials.
4. You will then be redirected to your Pigeonhole Live Workspace.
Select Apply new configuration to save the SSO configuration you have just set up. This indicates that the SSO configuration is successful.
If you wish to discard the new set up and revert to your old SSO configuration, select Keep existing configuration.
5. Inform your account manager of the completed setup.
Your account manager will then turn Team SSO on for your Team Workspace. Your workspace members will receive an email informing them of their new sign-in instructions.