How to set up Single Sign-On with Microsoft Azure Active Directory

This article outlines the steps required to set up Single Sign-On [SSO] with Microsoft Cloud authentication.  Users can then use Microsoft authentication to access the Spoke Phone mobile app, desktop app and account portal.

You will need to have an account with admin access to Microsoft Azure to complete this configuration.

Contents

Create and configure an Azure Enterprise Application

Assign users to the Azure Enterprise Application

Complete your Spoke Phone SSO configuration

 

Create and configure an Azure Enterprise Application

  1. Visit admin.microsoft.com and navigate to Azure Active Directory admin center

  2. Click Enterprise Applications

  3. Select + New application and then + Create your own application

    2021-08-11_10_57_00-SSO.png

  4. Give the new application a name such as Spoke Phone and choose Integrate any other application

    2021-08-11_11_01_45-SSO.png
  5. Ignore any matching gallery applications and select Create

  6. Select Get started in the Set up single sign on tile

  7. Click SAML

    2021-08-11_11_04_33-SSO.png

  8. Edit the Basic SAML Configuration with the following values:
    Identifier (Entity ID)L =  
    urn:amazon:cognito:sp:us-east-1_QElIJGlYT

    Reply URL =  
    https://sso.spokephone.com/saml2/idpresponse


  9. Click Save and close the basic configuration, returning to the Set up Single Sign-On with SAML page

  10. In the SAML Signing Certificate section click Download and save the Federation Metadata XML file locally

    2021-08-11_11_27_50-SSO.png

    Tip - This download should start straight away, but can take a few moments.

Assign users to the Azure Enterprise Application

You can now assign Azure Active Directory users to the new Spoke Phone app created in Azure Active Directory.

    1. Ensure the users in Azure that you wish to have access to Spoke Phone have been added to the new Spoke Phone Azure ap in Enterprise Applications > Spoke Phone > Users and Groups

    2. Ensure that each user you wish to have access has a valid user setup in your Spoke Phone account with the same email address used in Azure.

      TIP: You can download a list of users to a csv file and manipulate that file to upload users directly into the Spoke Account portal. 

Complete your Spoke Phone SSO configuration

    1. Go to your Spoke Phone account portal online and login

    2. Navigate to Other > Advanced and select the SINGLE SIGN-ON tab at the top of the Advanced page

    3. Enter in a Company Name and select Check availability

    4. Select Upload and choose the file (e.g.) Spoke Phone.xml you saved earlier
      Tip: Any changes to the Azure Application (Spoke Phone) may trigger the creation of a new certificate, in which case the XML file will need to be re-downloaded.
      1. Complete the SAML Response Mapping in the Spoke Phone Account Portal as follows:
        Email =  
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

        Tip: If you use the UPN as the email in Azure, the Email mapping is: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
        First Name =  
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

        Last Name =  
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname


Was this article helpful?
0 out of 0 found this helpful