Set up SSO with Azure Active Directory
Single Sign-on (SSO) on Alooba through Azure Active Directory can be easily configured following the steps in this document.
Once configured, your users can be managed within Active Directory and will be able to access Alooba while logged into Active Directory.
Enable Single Sign-On in your Alooba Account
In the Settings page of your Alooba Account click on the button to configure Active Directory:
You will need to enable SSO the first time you click the configure button:
Once SSO has been enabled it will generate unique URLs that will need to be entered into Active Directory.
Add a new enterprise application in Active Directory
In the Azure Active Directory page, click on Enterprise applications in the sidebar:
You should now see the list of the existing enterprise applications in your Active Directory. Continue the integration by clicking the New application button:
Click on the Create your own application button:
Name the application as “Alooba” and select the option to Integrate any other application you don’t find in the gallery. Click on the create Create button at the bottom of the panel to proceed. This step may take some time to complete.
Enable Single Sign-on
After the Enterprise application is created it should be ready to set up single sign-on.
Click on the second box in the Getting Started section with the text Set up single sign on:
Continue by clicking on the box with the title SAML. It should take you to the page for configuring SAML.
Active Directory SAML Configuration
Click on the Edit button in the first section to open the form for the URLs that were generated during SSO activation on the Alooba settings page.
Click Add identifier and Add reply URL buttons to activate the inputs then copy the generated URLs from Alooba with the matching labels and click on the Save button on the top left of the Basic SAML configuration panel in Active Directory:
Identity Provider Configuration
After saving the basic SAML configuration, some settings from Active Directory will need to be entered in the Alooba configuration too.
Copy the App Federation Metadata Url from Active Directory:
Paste the URL into the field with the matching label on the Alooba settings page:
After entering the App Federation Metadata Url in Alooba, it should automatically fill out the rest of the fields after deselecting the field:
Click on the Save button to complete the configuration.
Add your organization’s domain to show the Login with Active Directory button on Alooba’s login page for any user attempting to login from that domain.
Also, enable the Force SSO toggle to ensure all users from your domain can only log in using the SSO integration and disable logging in with a password.
Your Alooba account is now configured with SSO through Azure Active Directory. All users, including your existing ones, attempting to log in to Alooba with an email address from your registered domain(s) will be directed to log in through Active Directory.
Granting Users Access To Alooba
Note, to grant access to Alooba, the users must be added to the Enterprise application from within Active Directory. Once a new user is granted access through Active Directory, their Alooba user will be created the first time they log in. All new users will be given the ‘Admin’ user permissions within Alooba. Changing specific Alooba permissions and managing Alooba Group accesses must be done within Alooba.
Managing Users with SSO Enabled
For more detailed information on managing users when SSO is enabled, please refer to our User Management with SSO article. This guide provides insights into the nuances of user management in an SSO environment and offers best practices to ensure a seamless experience.