How to set up Single Sign On (SSO)

Workspace 365/Office 365 Administrators are able to enable Single sign-on for their Workspace 365 environment, which helps decreasing login procedures for Workspace users (both for logging into the Workspace as well as the specific Azure Apps inside the Workspace)

Option 1 (preferred):

• Automatic setup of Single Sign-On(SSO) (KB article at Workspace365)

Option 2: 

Please contact 2tCloud Support before continue these steps below.

This guide has the following prerequisites

• Workspace is set up - How to configure Workspace 365

• Azure Active Directory Configured

1. Below we describe the steps the Workspace/Office 365 Administrators for enabling Azure Active Directory & Single sign-on.

2. Open the Microsoft Azure Portal (https://portal.azure.com)

3. In the top right click the ? and click Show diagnostics

   

4. In the screen that opens copy the info in the line of domainName in the section tenants

5. Open your Azure Active Directory

   

6. Click App registrations

   

7. Click on the Add button on the top of the page

   

8. Choose a name for the new application, select Web app / API and fill in the Sign-on URL.
   The Sign-on URL will be "https://workspace365.2tcloud.com/%Environmentname%/SignIn". If you environment name is demo2 the url will be https://workspace365.2tcloud.com/demo2/SignIn. If you URL is different use that URL.
   

9. Open the created App.

10. Copy and store the Application ID for now. Open Reply URLs

    

11. Add the following URL and afterwards click Save:
    https://workspace365.2tcloud.com/%Environmentname%/OAuth2/HandleAuthorityResponse 
    E.g. https://workspace365.2tcloud.com/demo2/OAuth2/HandleAuthorityResponse

    

    hier stond eerst een SLASH erachter, maar dat gaf foutmeldingen, zonder SLASH / lukt het wel!
    

12. In the API ACCESS section open Required Permissions. Click add and select Office 365 Exchange Online.

    

13. In the second step select all Delegated permissions and click Done.

    

14. Repeat step 12 and 13 for the permissions in Office 365 Sharepoint Online.

15. Open the Windows Azure Active Directory
    optional:

    

    

    
    check Read and write directory data and save the change

    

    
    

16. Click Grant Permissions in the overview to actually assign the permissions.

    

17. Go to the keys (or Certificates & Sectrets) section and fill in a description, select a duration and click save

    

18. Copy the key in the Value field and store this.

    

19. We are done in the Microsoft Azure portal. Log in to the Workspace 365 portal as an admin and go to Single sign-on

    1. In the case 'Settings' is not working, go to: 
       https://workspace365.2tcloud.com/%Environmentname%/SingleSignOnSettings
       

20. Select the Single sign-on type to OAuth2.
    In the Authority field fill in the following URL, where %Domainname% has to be replaced with
    the collected DomainName value earlier in the guide: https://login.windows.net/%Domainname%/ (e.g. https://login.windows.net/demo2.onmicrosoft.com/)
    In the Client ID field fill in the stored Application ID
    In the Key field fill in the stored Key.

    

    
    Click Verify after filling in all the required credentials. If you are shown a green screen you were logged in with an administrator account and the check was succesfull. If you get a login screen, log in with admin credentials to verify the settings.
    
    After you see a Green screen you can check the I have seen the GREEN screen telling the verification was successful box and click the Done button on the top left.