Configuring Single Sign-on (SSO)

Note: if you are using Azure Active Directory, see Configure Single Sign-on (SSO) using Azure Active Directory.

Single Sign-on (SSO) enables you to configure your tenancy so that Advance automatically signs in users.

Configuring Single Sign-on requires that you both configure your tenancy to use Single Sign-on and register Advance with your Single Sign-on provider.

Prerequisites

To configure Single Sign-on

The process of configuring SSO for Advance depends on the SSO provider your use. Generally you will need to complete the following steps:

1. Register Advance with your single sign-on provider

Each Single Sign-on provider will require different steps to register Advance. However, all SSO providers will need an appropriate redirect URI for Advance.

The redirect URI is the URI for the Advance auth application for your tenancy, with the suffix /.oidc/callback. For example: https://yourtenancy.yourorganization.com/HdaAuth/.oidc/callback

2. Add request claims

You must also configure the request claims for your SSO provider.

2.1 ID Token Claims

The ID Token must have the following claims:

2.2 ID Token Implicit Flow

You must enable the Implicit Flow for the ID token.

4. Set your client secret

You must create a new client secret for the new app registration in your SSO provider. This is used by Advance to authenticate with the provider. Once you create the client secret, make a copy of it; you will need the secret when configuring your Advance tenancy to use SSO.

5. Update your tenancy SSO configuration

Once Advance is registered with your SSO provider, you should now have the following information:

To configure SSO for your tenancy

  1. Log in to the Advance Auth Application
  2. Click the SSO Configuration link in the page header.
  3. Click the Create button.
  4. Enter the following information into the fields:
  5. Click the Save button; Advance redirects you to the SSO Configuration page.
  6. On the SSO configuration page, there is a highlighted URI next to the text The value to provide is. For example, https://yourtenancy.yourorganization.com/HdaAuth/.oidc/callback.
    Check that this matches the Redirect URI you set when registering Advance with Azure AD.

Your tenancy is now configured to use Single Sign-on.