Azure AD Single Sign-On (SSO)

Azure AD Single Sign-On (SSO)

Streamline access for all of your Vibe.fyi users. Setup Azure SSO today so they can use their Microsoft credentials to login on any device, on any supported browser, without risking security.

Step 1 - Create Azure user groups and assign users

There are two Vibe.fyi user group types - 1) Admin and 2) Portal. Read more on user groups in this article.
  1. Go to portal.azure.com and click Groups
  2. Add as many user groups as required
  3. Add the correct users into each group

Step 2: Create an Azure Active Directory app

To complete the steps below, you will need your unique Vibe.fyi portal URL. If you have not received your URL, please contact support@vibe.fyi for assistance.
  1. Go to portal.azure.com, and click on Azure Active Directory
    1. Click App Registrations
      1. Click New registration
      2. Enter a Name for your app (e.g. Vibe Portal login)
      3. Set the supported account types to the single tenant option
      4. Under redirect URI
        1. Select Web in the dropdown
        2. Enter the URI using your Vibe.fyi portal URL + /Modules/UserLogin/AzureAdSso.ashx
          (e.g. https://mysite.vibe.fyi/Modules/UserLogin/AzureAdSso.ashx)

      5.  Click Register to create your new app
    2.  Click Authentication
      1. Under the implicit grant and hybrid flows title, check the access token option
      2. Click Save
    3. Click api permissions
      1. Click the add a permission button
      2. Find the Group.Read.All permission in the Microsoft Graph > Delegated permissions option, and click add permissions to add the permission
      3. Click the add a permission button
      4. Find the openid permission in the permission in the Microsoft Graph > Delegated permissions option, and click add permissions to add the permission
      5. For each of the admin permissions (Group.Read.all , openid and User.Read) , grant admin permission
    4. Send your Client ID, Object ID, Tenant ID and Secret Key to support@vibe.fyi so they can be added to the to the Azure Secret Vault*
      1. Click Overview and to find the Client ID, Object ID and Tenant ID 
      2. Click Certificates & Secrets to create or locate your client secret
      3. Get confirmation from the Vibe team after sending the email

Step 3: Map Azure & Vibe.fyi user groups 

Before you can map your Azure groups in the admin console, please click the "Log in with your Microsoft account" button in the portal or admin console. You will see a "You do not belong to the required Azure groups to be able to log in" message which indicates that you are ready to complete each step below.
If your existing Vibe.fyi user groups are ready to map to your Azure user groups, skip to step 3.
Follow these steps to setup new Vibe.fyi user groups:
  1. Log into the Vibe.fyi admin console
  2. Add new portal user groups and admin roles (groups) as required

  3. While editing your group, use the Azure Group Mapping dropdown to locate and select the related Azure user group.
    1. User Groups
    2. Admin Roles

Log in with your Microsoft account

Once Azure AD SSO is setup and connected to Vibe.fyi, the portal and admin console login forms will be replaced by an option to login with a Microsoft account.

 
For increased security, users will need to login using their Microsoft account every 30 days.

Managing SSO Users

New Users
To add a new Vibe portal user, create a new Microsoft account (or choose an existing one) and add the user to the relevant group in portal.azure.com.

Removing Users
To remove a users access to the Vibe.fyi portal, deactivate/delete their Microsoft account OR remove them from the Azure user group that is mapped to a Vibe.fyi user group.
This update will take effect within 30 minutes after which the user will not be able to login to Vibe.

Webinar Recording - June 2022

  1. 1:50 - SSO Benefits
  2. 3:05 - SSO Activation Steps
  3. 6:10 - Mapping Azure groups in the Vibe.fyi admin console
  4. 9:08 - Viewing SSO users in the admin console

    • Related Articles

    • Azure API - SharePoint

      This article assumes that you are signed up for Windows Azure. If not, please sign up at https://signup.azure.com NB: You may need to enter a credit card number, but we don't need you to do anything which costs money, so you won't be charged. Step 1: ...

    • Windows Azure: Outlook 365 calendar

      This document assumes that you are already signed up for Windows Azure. To sign up, go to https://account.windowsazure.com/SignUp . You may be asked to  enter a credit card number, but we don't need you to do anything which costs money, so you won't ...

    • Windows Azure: Yammer API

      Step 1 - Create a Yammer app Login into your office 365 account and register a Yammer app at: https://www.yammer.com/client_applications Enter the following details: "Application Name" "Organization" "Support e-mail" "Website" "Redirect URI" - Please ...

    • Google API - Google Sheets

      Our Google API module helps you to connect your Google Sheets data to your digital signage. NB: The Vibe.fyi support team can setup and add a Google Sheets API client ID & secret on your behalf. If your preference is to manage your own Google Sheets ...

    • Manage Social Media Feeds

      This article covers Facebook, Twitter and Instagram feeds. See Data Integrations for more information on Yammer & Workplace. Before you create a feed, ensure that your administrator has successfully connected your social media accounts to Vibe.fyi ...