Setting up Microsoft SSO at a Tenant Level

📘

Microsoft Entra ID Support

Wristband supports the following security protocol for Microsoft SSO:

• OIDC

Each tenant can have unique Microsoft SSO identity providers. Configuration is done at the Tenant Level in the Wristband dashboard, with activation on a per-tenant basis.

Setting Up a Tenant-level Google SSO Integration

This guide details how to set up Google SSO integration in Wristband.

1. Locate Your External IDP Callback URL

• In the Wristband dashboard, enter Tenant View for the tenant.
• Navigate to Identity Providers > Enterprise.
• Select the Microsoft provider icon and click "Create IDP."

Copy the "Redirect URL" from the form.

2. Sign Up For An Account

Create a Microsoft account here. Fill out the form and proceed to the Microsoft Azure dashboard.

3. Copy Your Tenant Identifier

In the Azure dashboard, search for the Microsoft Entra ID service.

🚧

Select the Appropriate Tenant

Ensure you switch to the appropriate tenant if needed.

Copy the "Tenant ID" from the Entra ID Overview page.

4. Register a New Application

Click on "App registrations" in the side navigation. Then, click "New registration."

Fill out the following fields:

• Name: Any appropriate value.
• Supported account types: Select Accounts in this organizational directory only (Default Directory only - Single tenant).
• Redirect URI: Select the Web platform option and paste the External IDP Callback URL from step 1.

Click "Register" to complete registration. You will be directed to the app registration's Overview page.

5. Get the Client Information

Copy the "Application (client) ID" (Client ID) from the app registration's Overview page.

Click on "Certificates and secrets" in the side navigation. Click "New Client Secret" to create a client secret.

Provide values for the form, selecting a larger "Expires" value if preferred.

Copy the "Value" of the newly created client secret immediately.

6. Configure the Groups Claim (Optional)

To use Microsoft's Groups with Wristband's Role Mapping, configure your Microsoft application to include a "Groups" claim in the ID token.

Click on "Token configurations" in the side navigation. Then, click "Add groups claim."

In the Edit group claims section, provide the following:

• Select Security Groups for "Select group types to include in Access, ID, and SAML tokens".
• Select Group ID under the "ID" accordion dropdown in "Customize token properties by type".

Click "Save" to complete the configurations.

7. Create a Microsoft IDP in Wristband

Return to the Create External IDP Modal in the Wristband dashboard. Fill out the form with the following values:

• IDP Name: Any value desired (must be unique within the tenant).
• Display Name: Any value desired, Microsoft is a safe default.
• Microsoft Tenant Id: The Tenant ID from step 3.
• Client ID: The Client ID from step 5.
• Client Secret: The Client Secret from step 5.

Click "Create" to finish. The Microsoft External IDP will be in an ENABLED status.

8. Enable Tenant Overrides for IDP

Enable identity provider overrides for the tenant in the Wristband dashboard:

• Navigate to Tenant Settings.
• Scroll to Override Configurations.
• Enable "Identity Providers" overrides.

🚧

Overriding Identity Providers

This will override ALL identity providers from the Application Level for the tenant.

The Microsoft Enterprise SSO integration is now complete. Users will see a Microsoft login button on the Tenant-level Login Page.