Setup Guide: Azure SSO

Note: The MSA agreement must be reviewed and accepted first by the account Admin before going through this process! Trials should complete this SSO Setup process before the expiration date to ensure full functionality post-purchase.

Contents

• Create application
• Assign user access
• SAML configuration
• Download Base64 Certificate
• Return to ActivTrak SSO page
• User provisioning (must be done manually)
• Test your credentials

Create application

1. Navigate to https://portal.azure.com/ and log in
2. Then find Azure Active Directory > Enterprise applications in the sidebar menu
3. Click the + Add new application button in the top left corner
4. Click + Create your own Application
5. Next, click "Integrate any other application you don't find in the gallery (Non-gallery)"
6. Create a name for the instance and click the add button at the bottom left

Assign user access

1. Navigate to Users & groups from the side navigation menu
2. Then click the + Add new users and groups button in the top left corner
3. Select “none selected”
4. A menu bar will appear on the right, add the necessary users, and/or groups. Once the groups/ users are chosen, click the Select button at the bottom left corner of the pane

SAML configuration

1. Navigate to enterprise applications and click on the name of the instance that was just created
2. Select Single Sign-On from the sidebar menu
3. Create your own application SSO (SAML) by clicking SAML as shown below

4. Fill out the fields as follows:
   • Identifier (Entity ID): https://app.activtrak.com/
   • Reply URL (Assertion Consumer Service URL): https://auth.activtrak.com/sso/saml/assertion/
   • Sign on URL: (leave blank)
5. Confirm that only the Identifier & Reply URL are filled in and click Save.

Download Base64 Certificate

1. As shown below, where it says Certificate (Base64), click download

2. Open this in a text editor such as Notepad
3. Copy the text
4. Log in to your ActivTrak dashboard
5. On the panel on the left, go to Settings > Security > Configuration
6. Paste this download into the certificate box between Begin Certificate and End Certificate

Note: Please ensure that only the certificate is being copied & pasted into the box. Extra return characters may cause errors. 

7. Copy the contents below from Azure and paste them into the ActivTrak dashboard
8. Copy the login URL
9. Copy the Azure AD Identifier (which will go into the SAML Issuer ID as shown below)

Return to ActivTrak SSO page

1. Make sure Enabled is selected under Single sign-on
2. Make sure that "Azure AD" is entered in the provider name
3. Grab the login URL you took from Azure and paste it into the login URL field
4. Grab the Azure AD Identifier you got from Azure and paste the SAML Issuer ID
    

User provisioning (must be done manually)

1. On the panel on the left, go to Settings > Access > App Access
2. Select SSO as the Auth. Method in the right-most column for each user who should use single sign-on

Note: The currently logged-in user cannot modify their own SSO settings. If they do, they may be locked out of the account. Another Admin can change this setting for you. Alternatively, please contact support@activtrak.com if you have an account with only a Single Admin.

Test your credentials

1. Go to app.activtrak.com
2. Select SSO
3. Enter your email (You should now authenticate using your Azure Credentials)
4. Once SSO is enabled for the User Account, you will not be able to enter a password for authentication on Activtrak's side.