Back

Setting up Single Sign-On (SSO) in Azure AD (VIDEO)

Setting up SSO in Azure Active DirectorySSO in Azure active directory is the perfect balance of convenience and security Enabling it remove...

4 min read
Published on Nov 2, 2018
Setting up Single Sign-On (SSO) in Azure AD (VIDEO)

Setting up SSO in Azure Active Directory

SSO in Azure active directory is the perfect balance of convenience and security. Enabling it removes an attack surface, since your employees do not need to remember extra passwords, while their daily routine is streamlined, as they are seamlessly logged into their applications.

Why Use SSO?

  • Simplicity - Provides a seamless experience for your employees, faster access to their applications, and ends password fatigue.
  • Security - No more weak or duplicated password, single point of control, a unique and secure identity.
  • Compliance - Helps admins increase control over the data users have access to and aids in HIPAA, SOX and NIST compliance.

How Single Sign On Works - DiagramHow Single Sign-On Works:

Instead of using a username / password combination, SSO uses a central trusted source of authentication to provide tokens that give access to other applications.

  1. User tries to log into an application from their browser.
  2. The application generates a SAML request and sends it to the user’s browser.
  3. The user’s browser sends the request to the identity provider.
  4. The identity provider authenticates the user.
  5. The identity provider generates a SAML response (token) and sends it back to the user’s browser.
  6. Browser sends token to the application.
  7. The application verifies the tokenized credential and grants access.

 

Authentication Scenarios of SSO Applications?

  • 1.None

    • Essentially mandating the use of shared passwords on apps.

    2.Per User Password Extension/Addon (LastPass, Roboform, native browser)

    • Typical – User has combination of personal and work passwords.

    3.Enterprise Password Extension/Add-on (Centralized management)

    • Can assign credtials to user or groups
    • Allows changing of shared account credential to happen rapidly

    4.SAML or Native Azure AD/Office 365 authentication

    • Note – Only option that can stop sign-on of app when user is disabled in Azure AD.

Portal Scenarios

  1. None – Users get invites to apps in their email
  2. Intranet Webpage – Catalog of links on a singe page, or broken down in department (if lucky).
  3. Enterprise Portal – Users see ONLY web apps that they have access to.
  4. Unified Portal – Users see web apps, intranet apps (proxied internally, authenticated first in cloud), and Remote Desktop apps on one unified portal.

Provisioning Scenarios of SSO

  1. Manually – Create user in App on onboarding.  Delete user on offboarding.
  2. SAML Add - Apps that provision user on first logon (if configured in app) will take the first/last name in the SAML request and use that to provision a new account.
    1. Note 1 - This is rarely with app vendors, so not a typical scenario.
    2. Note 2 - While user can’t logon, their account still exists in the app isolated admin portal. Per user fees charged.
  3. SCIM – Provisioning and De-provisioning (user account deleted from app after 30 days of being deleted on Azure AD).
    1. Note - Only about 20 vendors currently supporting (Salesforce, G Suite, Docusign, etc).

The Admin Experience

  • Fast to onboard and offboard users.
  • Time spent configuring SSO with vendors is saved during user tasks.
  • Vastly improved security, compliance and monitoring. (see previous Tech Talks from Matt Soseman and Kevin Martins)
  • Auto provisioning with SCIM (Simple Cloud Identity Management)

The SSO Demo

(Skip to Video)

  1. Agile IT End User Experience
  2. MyApps Enterprise App portal settings in Azure
  3. Tour of App Examples in Azure:
    1. Individual Passwords End User Experience (Zapier)
    2. Shared Passwords distributed to group (No end user demo)
    3. SAML Logon (Bonusly)
    4. SAML Logon (Expensify) – Not all app vendors properly support “SSO”.  It’s more like 1.5 vs single (1) sign on.
    5. SAML + SCIM (Docusign)
    6. Internal Application Proxy (PRTG)

About Agile IT Tech Talks

Agile IT Tech Talks are weekly sessions where we bring in subject matter experts for short, highly focused educational segments, followed by up to an hour of open Q&A where Agile IT clients can discuss their own environments with our engineers and a group of peers. While we release the demos and sessions on our blog, the Q&A benefit is only available to Agile IT Managed Service and Cloud Service Customers. Agile IT is a four time cloud partner of the year and offers fully managed security as a service. To find out more, schedule a free call with a cloud service advisor.

This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

Related Posts

Microsoft Licensing and CMMC - How Does It Work?

CMMC + Microsoft 365 = 😵‍💫? Maggie has thoughts for you

Not sure which Microsoft 365 licenses you need for CMMC? Agile IT's Chief Operating Officer, Maggie McGrath, has some thoughts for you.

Jul 7, 2025
9 min read
How Does CMMC Compliance Align with NIST SP 800-171?

How Does CMMC Compliance Align with NIST SP 800-171?

Learn how CMMC compliance aligns with NIST SP 800-171. Understand the security controls, certification requirements, and how both frameworks help protect Controlled Unclassified Information (CUI).

Jul 4, 2025
11 min read
CMMC Level 1 - What It Means for Over 139,000 Defense Contractors

CMMC Level 1: What It Means for Over 139,000 Defense Contractors

Over 139,000 DoD contractors must meet CMMC Level 1. Learn what it requires, how to self-assess, and why it's essential for handling Federal Contract Information.

Jul 3, 2025
4 min read
CMMC Compliance — Understanding the Requirements and Why It's Important

CMMC Compliance — Understanding the Requirements and Why It's Important

CMMC compliance is crucial for protecting Controlled Unclassified Information (CUI) in defense contracts. Learn what CMMC is, its certification levels, and why it matters.

Jul 2, 2025
9 min read
CMMC Certification vs. Self-Assessment What You Need to Know

CMMC Certification and Self-Assessment: What Contractors Need to Know

Not all contractors need a third-party CMMC certification. Find out the differences between CMMC certification and self-assessment and which one applies to your organization.

Jul 1, 2025
7 min read
How Much Does It Cost to Achieve CMMC Compliance?

How Much Does It Cost to Achieve CMMC Compliance and Prepare for Certification?

CMMC compliance costs vary by level and organization size. Get a breakdown of certification expenses, hidden costs, and funding options for meeting CMMC requirements.

Jun 30, 2025
7 min read

Ready to Secure and Defend Your Data
So Your Business Can Thrive?

Fill out the form to see how we can protect your data and help your business grow.

Loading...
Secure. Defend. Thrive.

Let's start a conversation

Discover more about Agile IT's range of services by reaching out.

Don't want to wait for us to get back to you?

Schedule a Free Consultation

Location

Agile IT Headquarters
4660 La Jolla Village Drive #100
San Diego, CA 92122

Secure. Defend. Thrive.

Don't want to wait for us to get back to you?

Discover more about Agile IT's range of services by reaching out

Schedule a Free Consultation