Back

Setting up Single Sign-On (SSO) in Azure AD (VIDEO)

Setting up SSO in Azure Active DirectorySSO in Azure active directory is the perfect balance of convenience and security Enabling it remove...

4 min read
Published on Nov 2, 2018
Setting up Single Sign-On (SSO) in Azure AD (VIDEO)

Setting up SSO in Azure Active Directory

SSO in Azure active directory is the perfect balance of convenience and security. Enabling it removes an attack surface, since your employees do not need to remember extra passwords, while their daily routine is streamlined, as they are seamlessly logged into their applications.

Why Use SSO?

  • Simplicity - Provides a seamless experience for your employees, faster access to their applications, and ends password fatigue.
  • Security - No more weak or duplicated password, single point of control, a unique and secure identity.
  • Compliance - Helps admins increase control over the data users have access to and aids in HIPAA, SOX and NIST compliance.

How Single Sign On Works - DiagramHow Single Sign-On Works:

Instead of using a username / password combination, SSO uses a central trusted source of authentication to provide tokens that give access to other applications.

  1. User tries to log into an application from their browser.
  2. The application generates a SAML request and sends it to the user’s browser.
  3. The user’s browser sends the request to the identity provider.
  4. The identity provider authenticates the user.
  5. The identity provider generates a SAML response (token) and sends it back to the user’s browser.
  6. Browser sends token to the application.
  7. The application verifies the tokenized credential and grants access.

 

Authentication Scenarios of SSO Applications?

  • 1.None

    • Essentially mandating the use of shared passwords on apps.

    2.Per User Password Extension/Addon (LastPass, Roboform, native browser)

    • Typical – User has combination of personal and work passwords.

    3.Enterprise Password Extension/Add-on (Centralized management)

    • Can assign credtials to user or groups
    • Allows changing of shared account credential to happen rapidly

    4.SAML or Native Azure AD/Office 365 authentication

    • Note – Only option that can stop sign-on of app when user is disabled in Azure AD.

Portal Scenarios

  1. None – Users get invites to apps in their email
  2. Intranet Webpage – Catalog of links on a singe page, or broken down in department (if lucky).
  3. Enterprise Portal – Users see ONLY web apps that they have access to.
  4. Unified Portal – Users see web apps, intranet apps (proxied internally, authenticated first in cloud), and Remote Desktop apps on one unified portal.

Provisioning Scenarios of SSO

  1. Manually – Create user in App on onboarding.  Delete user on offboarding.
  2. SAML Add - Apps that provision user on first logon (if configured in app) will take the first/last name in the SAML request and use that to provision a new account.
    1. Note 1 - This is rarely with app vendors, so not a typical scenario.
    2. Note 2 - While user can’t logon, their account still exists in the app isolated admin portal. Per user fees charged.
  3. SCIM – Provisioning and De-provisioning (user account deleted from app after 30 days of being deleted on Azure AD).
    1. Note - Only about 20 vendors currently supporting (Salesforce, G Suite, Docusign, etc).

The Admin Experience

  • Fast to onboard and offboard users.
  • Time spent configuring SSO with vendors is saved during user tasks.
  • Vastly improved security, compliance and monitoring. (see previous Tech Talks from Matt Soseman and Kevin Martins)
  • Auto provisioning with SCIM (Simple Cloud Identity Management)

The SSO Demo

(Skip to Video)

  1. Agile IT End User Experience
  2. MyApps Enterprise App portal settings in Azure
  3. Tour of App Examples in Azure:
    1. Individual Passwords End User Experience (Zapier)
    2. Shared Passwords distributed to group (No end user demo)
    3. SAML Logon (Bonusly)
    4. SAML Logon (Expensify) – Not all app vendors properly support “SSO”.  It’s more like 1.5 vs single (1) sign on.
    5. SAML + SCIM (Docusign)
    6. Internal Application Proxy (PRTG)

About Agile IT Tech Talks

Agile IT Tech Talks are weekly sessions where we bring in subject matter experts for short, highly focused educational segments, followed by up to an hour of open Q&A where Agile IT clients can discuss their own environments with our engineers and a group of peers. While we release the demos and sessions on our blog, the Q&A benefit is only available to Agile IT Managed Service and Cloud Service Customers. Agile IT is a four time cloud partner of the year and offers fully managed security as a service. To find out more, schedule a free call with a cloud service advisor.

This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

Related Posts

CMMC Documentation Requirements: Avoid Assessment Failure

GIGO: Garbage In, Garbage Out: Why Documentation Can Make or Break Your CMMC Success

Strong documentation is critical to CMMC success. Learn the key evidence assessors expect and how to avoid common documentation failures.

Jul 24, 2025
5 min read
Fast-Track CMMC Certification for Urgent Contracts

How to Fast-Track CMMC Certification for Urgent Contracts with AgileThrive JumpStart

Need urgent CMMC certification? AgileThrive JumpStart accelerates compliance for DoD contractors with fast-track assessments, gap analysis, and rapid audit readiness.

Jul 21, 2025
5 min read
Defending Against Email Compromise

Defending Against Email Compromise: Safeguarding Accounting & Procurement

Discover how to defend accounting and procurement teams from email compromise in the Defense Industrial Base. Learn CMMC-aligned best practices using Microsoft 365.

Jul 15, 2025
4 min read
Technical vs. Process Controls in CMMC Compliance

Understanding Technical vs. Process Controls for CMMC Compliance

Understand the difference between technical and process controls in CMMC compliance. Learn how both work together to protect FCI and CUI data effectively.

Jul 14, 2025
4 min read
20 Essential Questions to Ask a Managed Service Provider

Top Questions to Ask Your Managed Service Provider (MSP)

Looking for a new MSP? Stay ahead with the top questions to ask—from security and scalability to pricing and offboarding. Vet your provider with confidence.

Jul 12, 2025
5 min read
Overview of CMMC 2.0 and Its Levels: DoD Compliance Guide

CMMC 2.0 Explained: Levels, Compliance Requirements, and Key Changes

CMMC 2.0 simplifies cybersecurity requirements for DoD contractors. Explore an overview of its levels, key changes from CMMC 1.0, and what each level means for compliance.

Jul 11, 2025
6 min read

Ready to Secure and Defend Your Data
So Your Business Can Thrive?

Fill out the form to see how we can protect your data and help your business grow.

Loading...
Secure. Defend. Thrive.

Let's start a conversation

Discover more about Agile IT's range of services by reaching out.

Don't want to wait for us to get back to you?

Schedule a Free Consultation

Location

Agile IT Headquarters
4660 La Jolla Village Drive #100
San Diego, CA 92122

Secure. Defend. Thrive.

Don't want to wait for us to get back to you?

Discover more about Agile IT's range of services by reaching out

Schedule a Free Consultation