Setting up Single Sign-On (SSO) for users with Azure Active Directory

This article tells you to set up Single Sign-On integration with a Microsoft Azure (Active Directory) AD account, for your EventsAir users (people who work in your team).

Create a new Enterprise Application in Azure
  1. Log into your Microsoft Azure
  2. Under Azure services, find Azure AD in the portal




  3. You should be able to see Enterprise Application as an option on the left.




    After selecting this option, click on the + icon at the top to add a new Enterprise Application. This will the basis for your AD set up. 

  4. Click on +Create your own application and enter a unique name, such as alias-sso [where alias is your EventsAir unique alias].
    Leave the bottom radio button [Non-gallery option] selected and click "Create". This may take a couple of minutes.






  5. Assign users/groups to the Enterprise App. (You'll need to have at least one user in your Azure AD)

  6. Click on the second link under Overview, "2. Set up single sign on", Get Started.

  7. Select SAML, and you should now see the below:






    Set up the link between EventsAir and your Azure AD

    Log into EventsAir, and keep the two screens (EventsAir and Azure AD) open side-by-side so you can copy information across. 

  8. In EventsAir, go to Application Setup





  9. Select External Connections





  10. Select Single Sign-On from the left-hand menu and tick the checkbox for Enable SSO.



    Leave the User Authentication mode as SSO and Login page. This allows EventsAir technical support and your Success Specialist to sign in and help as required within your environment as needed. When you create an EventsAir from your own organization, you can set this to login via SSO only.


  11. Return to the Azure AD SAML set-up to fill in more details:
    Go to Box1 and select Edit
    Add your unique identifier (the one you entered earlier, e.g. alias-sso)
    From the EventsAir SSO set-up, scroll down to Reply URL and copy the URL
    Back in Azure AD SAML Box 1, paste the URL into the "Add reply URL" field
    Click Save in Azure AD.

  12. Still in Azure AD, jump to box 3 and select Edit.

  13. Click +New Certificate, then Save and close the window. This will generate a new certificate for you to download.

  14. Return to the same Box 3 and now select the Download link, next to Certificate (Base 64).
    When you open the downloaded Certificate file in Notepad, you should see something like the below. You need to copy ONLY the numbers and letters BETWEEN the "begin certificate" line and the "end certificate" line. [i.e. as shown highlighted in bold here]

    ----BEGIN CERTIFICATE---
    T3VyIG1pc3Npb24gaXMgc2ltcGxlOiB0byBoZWxwIGV2ZW50IHBsYW5uZXJzIGRlbGl2ZXIgd
    GhlIFdPVyBpbiB0aGVpciBldmVudHMgd2l0aCB3b3JsZCdzIG1vc3QgcG93ZXJmdWwgZXZlbn
    QgbWFuYWdlbWVudCBwbGF0Zm9ybS4KCldlIGRvIHRoaXMgYnkgd29ya2luZyB3aXRoIGFuIG
    FtYXppbmcgdGVhbSB0aGF0IHB1c2hlcyB0aGUgbGltaXRzIG9mIHdoYXQncyBwb3NzaWJsZS
    wgZXZlcnkgZGF5LiBPdXIgc3Rvcnkgc3RhcnRlZCBpbiAxOTkwLCB3aGVuIGEgZ3JvdXAgb2YgZ
    XZlbnQgb3JnYW5pemVycyBhbmQgc29mdHdhcmUgZGV2ZWxvcGVycyBzZXQgb3V0IHRvIG
    NoYWxsZW5nZSB0aGUgc3RhdHVzIHF1byBhbmQgY3JlYXRlIHVuaXF1ZSBldmVudCB0ZWN
    obm9sb2d5IHNvbHV0aW9ucyB0aGF0IG1hZGUgdGhlIGltcG9zc2libGUgYSByZWFsaXR5Lgo
    KU2luY2UgdGhlbiwgd2UndmUgZGV2ZWxvcGVkIHNvbWUgb2YgdGhlIGJpZ2dlc3QgaW5ub
    3ZhdGlvbnMgaW4gZXZlbnQgbWFuYWdlbWVudCBoaXN0b3J5LgoKQW5kIGFsb25nIHRoZS
    B3YXksIHdlJ3ZlIHByb3VkbHkgc3VwcGxpZWQgb3VyIHRlY2hub2xvZ3kgdG8gc29tZSBvZiB
    0aGUgbGFyZ2VzdCBldmVudHMgaW4gdGhlIHdvcmxkLg

    ----END CERTIFICATE----


  15. Back in EventsAir, paste this into the box called SAML Signing Certificate (Base64)





  16. From Azure AD Box 4, copy the Login URL, Azure AD Identifier, and Logout URL. Paste each one into the equivalent field in EventsAir. It will look something like this:





  17. From Azure AD Box 1, take the unique identifier (Entity ID) that you entered in Step 11, then look in EventsAir for the heading Azure AD Enterprise Application Information Required. There is a field called "Identifier" where you should paste the unique identifier/Entity ID.





  18. In EventsAir, save the SSO set up, and close the External Connections settings panel.


    Set up a User with Single Sign-On

  19.  Back in Application Setup, click Users.

  20.  To add a user who is provisioned in your Azure AD account, select whether you want SSO Only and Login page (using EventsAir User Name and Password) or SSO Only.






    Ensure the user name as displayed in Azure AD is entered into the SSO Unique User Identifier box. 

  21. Any users who are already provisioned in your Azure AD who also had a user account in EventsAir before you set all this up will need to be updated.

    New users who will be accessing EventsAir also need to be added. If not, and they try to access EventsAir via Single Sign-on, they'll get a notification advising them that their account needs to be configured in EventsAir first. (This also triggers an email to your Administrators advising that a new user needs to be provisioned. You can decide who these Administrators should be in your SSO set up, as shown below.)




    Once the Administrator creates this user in the EventsAir user list, they should let the user know that SSO login is now available to them.