Azure AD Single Sign-On (SSO)

Azure AD Single Sign-On (SSO)

Streamline access for all of your Vibe.fyi users. Setup Azure SSO today and use your Microsoft credentials to login on any device, on any supported browser, without risking security.

SSO Webinar

1:50 - SSO Benefits
3:05 - SSO Activation Steps
6:10 - Mapping Azure groups in the Vibe.fyi admin console
9:08 - Viewing SSO users in the admin console

Step 1 - Create Azure user groups and assign users

There are two Vibe.fyi user group types - 1) Admin and 2) Portal. Read more on user groups in this article.
  1. Go to portal.azure.com and open Groups

  2. Add as many user groups as required and add the relevant users into each group

NB: You must include 'Vibe' or 'Vibe.fyi' in the Group Name.

Step 2: Azure Active Directory app setup

To complete the steps below, you will need your unique Vibe.fyi portal URL. If you have not received your URL, please contact support@vibe.fyi for assistance.

Create a new app

  1. Go to portal.azure.com, and click on Azure Active Directory

  2. Select App Registrations in the menu, click + New registration and enter apply the following settings:

    1. Name = Enter a meaningful name for your app (e.g. Vibe SSO)
    2. Supported account types = Choose the single tenant option
    3. Redirect URI = Select Web in the dropdown and enter your Vibe.fyi portal URL+ /Modules/UserLogin/AzureAdSso.ashx
    4.  Click [Register] to create your new app
    5. Take note of the Application (client) ID and Directory (tenant) ID on the Overview page

App Settings

Authentication

  1. In the new app menu, open Authentication
  2. Tick the Access token checkbox
  3. Click [Save]

API permissions

  1. In the new app menu, open API permissions
  2. Click + Add a permission
  3. Open Microsoft Graph > Delegated permissions 
    1. Search for and select Group.Read.All
    2. Click [Add permissions]
    3. Search for and select openid 
    4. Click [Add permissions]
  4. Grant admin permission for each of the added permissions (Group.Read.all , openid and User.Read)

Create client secret

  1. In the new app menu, open Certificates & Secrets 
  2. Click + New client secret 
  3. Enter a meaningful description and set the expiry
  4. Click [Add]

Add Azure app credentials to Vibe.fyi

Send your Application (client) ID, Directory (tenant) ID and client secret value to support@vibe.fyi OR follow the steps below to enter the details directly into your admin console:
  1. Open Overview and copy the Application (client) ID and Directory (tenant) ID
  2. Open Certificates & secrets and copy the Value
  3. Login to your admin console (using an admin level Vibe user account) and:
    1. Open Developer Tools > Modules > Global Module Settings in the menu
    2. In the global module settings, select Azure API
    3. Enter the new azure app details
      1. App ID - Enter Application (client) ID
      2. Key - Enter client secret value
      3. Tenant ID - Enter Directory (tenant) ID
    4. Click [OK]

Step 3: Log in with your Microsoft account

When step 1 and 2 (above) are complete, your Vibe portal and admin console login forms will be replaced with an option to log in with a Microsoft account.
  1. Open your Vibe.fyi portal or admin console
  2. Click [Log in with your Microsoft account] and login with a Microsoft account that has permission to access all Azure groups.
     
  3. When you see the "You do not belong to the required Azure groups to be able to log in" message, send the name of your primary Azure 'administrator' group to your Vibe.fyi support contact (or email support@vibe.fyi) and they will perform the initial Azure / Vibe.fyi group mapping.
When your Vibe.fyi support contact confirms that the initial grouping is complete, any user in the primary admin group can then login using their Microsoft account and proceed to step 4 below.

Step 4: Map Azure & Vibe.fyi user groups 

If your existing Vibe.fyi user groups are ready to map to your Azure user groups, skip to step 3.
Follow these steps to set up new Vibe.fyi user groups:
  1. Log into your Vibe.fyi admin console using your Microsoft account
  2. Add new portal user groups and admin roles (groups) as required
  3. While editing your group, use the Azure Group Mapping dropdown to locate and select the related Azure user group.
    1. User Groups

    2. Admin Roles

Managing SSO Users

Add Users

To add a new Vibe portal user, create a new Microsoft account (or choose an existing one) and add the user to the relevant group in portal.azure.com.

Remove Users

To remove a users access to the Vibe.fyi portal, deactivate/delete their Microsoft account OR remove them from the Azure user group that is mapped to a Vibe.fyi user group.
This update will take effect within 30 minutes after which the user will not be able to log in to Vibe.
    • Related Articles

    • Azure API - SharePoint

      This article assumes that you are signed up for Windows Azure. If not, please sign up at https://signup.azure.com NB: You may need to enter a credit card number, but we don't need you to do anything which costs money, so you won't be charged. Step 1: ...
    • Windows Azure: Yammer API

      This article assumes that you are signed up for Windows Azure. If not, please sign up at https://signup.azure.com. NB: Microsoft may need to enter a credit card number, but we don't need you to do anything which costs money, so you won't be charged. ...
    • Windows Azure: Outlook 365 calendar

      This document assumes that you are already signed up for Windows Azure. To sign up, go to https://account.windowsazure.com/SignUp . You may be asked to enter a credit card number, but we don't need you to do anything which costs money, so you won't ...
    • Outlook (Office 365)

      Use Outlook (Office 365) to automatically present your activities, events or meeting room bookings on your workplace digital signage channel. Step 1: Azure Active Directory app setup App Registration If you have an existing Azure app, use the steps ...
    • Workplace Integration

      Step 1: Create a custom Workplace App Vibe.fyi connects to Workplace using an 'App' and 'Access token'. To generate the Custom App and Access token (and allow access to all or specified group content on Workplace), please follow the steps below: ...