To set up SSO for Keepit, you need to first create and configure an SSO application in Azure ADFS. During the configuration you will obtain the IDP URL and certificate needed to configure SSO in Keepit.
Important: Before starting the SSO setup, make sure you have a Microsoft Azure account with Azure AD Premium activated so that you can add non-gallery applications.
I. Create an Azure application for SSO
- Sign in to the Azure portal.
- Browse to Azure Active Directory > Enterprise applications.
- Select +New application at the top.
- Select Non-gallery application.
- Under Add your own application, enter a name for the application, and click Add.
- Select Single sign-on from the application's left-hand navigation menu.
- Under Select a single sign-on method, select SAML.
- In the Basic SAML Configuration box, click the pencil icon to open the configuration window.
- In the Identifier field, enter the identifier that corresponds to your data center:
- In the Reply URL field, enter the URL that corresponds to your data center:
- Select Save.
- In the SAML Signing Certificate box, click Download to the right of Certificate (Base64) and the certificate with a *.cer extension will download to your computer.
- In the Set up SSO Demo box, locate the Login URL. This is the IDP URL that you need to configure SSO in Keepit.Alternatively, you can click View step-by-step instructions to open the Configure sign-on guide on how to configure SSO in Keepit with Azure AD. Here the IDP URL is named SAML Single-Sign On Service URL.
II. Assign users in Azure ADFS
For SSO to be enabled for individual users, you must assign these users to your SSO application in Azure ADFS.
- Sign in to your Azure account.
- Select Enterprise applications.
- Find the application you created for SSO and click the name.
- Under Manage, select Users and groups.
- Click + Add user, and the Add Assignment window will open.
- Select Users and groups None Selected.
- Search for the users you want to be able to use SSO in the field provided, and then select them from the list below. Here you may include the Master Administrator (the Global Admin who is setting up SSO) as well as all other users for whom you want to enable SSO.
- When all desired users appear under Selected members, click the Select button.
- The number of users you selected will appear under Users and groups.
- Select the Assign button.
III. Make sure Azure AD users exists in Keepit
- Sign in to Keepit with a Master administrator account.
- In the left-hand menu, select Users.
- In the list of users, make sure that all the users that were assigned to the Azure application exist in Keepit.If there is no such user, then create a user with the same name and email address (this should be the same as the User Principal name) as the user in Microsoft 365.
Important: Keepit is case sensitive so when creating a new user in Keepit, make sure the email address is in the same case as the email address (User Principal name) in the Active Directory.