Setting up Microsoft SSO at a Tenant Level
This guide details how to set up Microsoft SSO integration in Wristband.
Microsoft Entra ID Support
Wristband supports the following security protocol for Microsoft SSO:
- OIDC
Each tenant can have unique Microsoft SSO identity providers. Configuration is done at the Tenant Level in the Wristband dashboard, with activation on a per-tenant basis.
Setting Up a Tenant-level Google SSO Integration
This guide details how to set up Google SSO integration in Wristband.
1. Locate Your External IDP Callback URL
- In the Wristband dashboard, enter Tenant View for the tenant.
- Navigate to
Identity Providers > Enterprise
. - Select the Microsoft provider icon and click "Create IDP."
Copy the "Redirect URL" from the form.
2. Sign Up For An Account
Create a Microsoft account here. Fill out the form and proceed to the Microsoft Azure dashboard.
3. Copy Your Tenant Identifier
In the Azure dashboard, search for the Microsoft Entra ID service.
Select the Appropriate Tenant
Ensure you switch to the appropriate tenant if needed.
Copy the "Tenant ID" from the Entra ID Overview page.
4. Register a New Application
Click on "App registrations" in the side navigation. Then, click "New registration."
Fill out the following fields:
- Name: Any appropriate value.
- Supported account types: Select
Accounts in this organizational directory only (Default Directory only - Single tenant)
. - Redirect URI: Select the
Web
platform option and paste the External IDP Callback URL from step 1.
Click "Register" to complete registration. You will be directed to the app registration's Overview page.
5. Get the Client Information
Copy the "Application (client) ID" (Client ID) from the app registration's Overview page.
Click on "Certificates and secrets" in the side navigation. Click "New Client Secret" to create a client secret.
Provide values for the form, selecting a larger "Expires" value if preferred.
Copy the "Value" of the newly created client secret immediately.
6. Configure the Groups Claim (Optional)
To use Microsoft's Groups with Wristband's Role Mapping, configure your Microsoft application to include a "Groups" claim in the ID token.
Click on "Token configurations" in the side navigation. Then, click "Add groups claim."
In the Edit group claims section, provide the following:
- Select
Security Groups
for "Select group types to include in Access, ID, and SAML tokens". - Select
Group ID
under the "ID" accordion dropdown in "Customize token properties by type".
Click "Save" to complete the configurations.
7. Create a Microsoft IDP in Wristband
Return to the Create External IDP Modal in the Wristband dashboard. Fill out the form with the following values:
- IDP Name: Any value desired (must be unique within the tenant).
- Display Name: Any value desired,
Microsoft
is a safe default. - Microsoft Tenant Id: The Tenant ID from step 3.
- Client ID: The Client ID from step 5.
- Client Secret: The Client Secret from step 5.
Click "Create" to finish. The Microsoft External IDP will be in an ENABLED
status.
8. Enable Tenant Overrides for IDP
Enable identity provider overrides for the tenant in the Wristband dashboard:
- Navigate to Tenant Settings.
- Scroll to Override Configurations.
- Enable "Identity Providers" overrides.
Overriding Identity Providers
This will override ALL identity providers from the Application Level for the tenant.
The Microsoft Enterprise SSO integration is now complete. Users will see a Microsoft login button on the Tenant-level Login Page.
Updated 3 months ago