SSO with Azure AD
Learn how to enable and configure single sign-on (SSO) with Azure Active Directory (Azure AD).
Table of Contents
Provision new users and sign onto AutoElevate with your Azure AD identity provider. Setup with a single click and a quick mapping of your Azure users/groups to AutoElevate roles. This mapping allows you to manage the roles of your AutoElevate users, which have access, right from Azure AD.
Important notes about setting up SSO with Azure AD
- Only an AE Administrator can enable this service.
- Only an Azure AD user with proper permissions, such as a Global Administrator, can accept permissions and add users.
- Azure AD multi-factor authentication (MFA) is required to log in with the ID Provider. This can be enabled under Users > Per-user MFA in Azure AD or with Conditional Access.
- This feature is only for Admin, Technicians, and those who wish to provide access to the AE Admin Portal and not end users.
- Only one role can be assigned to a user account and is required to access the AE Admin Portal.
- AE user email must match the Azure AD user account.
Enable Azure AD SSO
- From the Settings screen in the AE Admin Portal https://msp.autoelevate.com, you will need to edit the Single Sign On option (pencil icon)
- Then click the ENABLE SSO WITH AZURE AD button. It will redirect you to log in to your Microsoft account and accept permissions (requires a user with appropriate permissions, such as Global Administrator). You will also have the option to consent on behalf of your organization.
- Now you can assign Azure AD users to the proper AutoElevate role by Going to Enterprise Applications in Azure AD and searching for and Clicking on the AutoElevate app that has been added.
- Click on Assign users and groups.
- Click on the user/group >Click Select a role: None Selected > Select role on the right (default roles) >Click Select (bottom right) >Click Assign (bottom left)
- Once these steps are taken, it can take from 30 seconds to a minute to add and propagate through the system.
- Once complete, the user can log in from the AE Admin Portal using LOG IN WITH AZURE AD on the AE Admin Portal login page.
The default setting for Company Access is All Companies. To customize this, navigate to the Users screen in the AE Admin Portal for each user.
When setting up a co-managed user or one with restricted company access, follow these steps:
- Begin by creating the user in the AE Admin Portal, specifying their role and company access. Make sure to click 'SAVE' without sending an email.
- Proceed to Azure AD to finalize the setup by assigning the appropriate role to the user.
- For a co-managed user, you can include them in your Azure AD tenant as an external user.
From the User screen Actions menu, you can Remove Password for existing users to enforce SSO.