Entra (Azure) Single Sign-On

Entra (Azure) Single Sign-On

Streamline Access with Entra Single Sign-On for Vibe.fyi. Scale effortlessly as your organisation grows and simplify user management through centralised control in Azure AD.

Step 1: Azure User Groups

Read First

Vibe is organised into two distinct areas:
  1. Admin Console: Manage technical tasks such as setting up new locations, users, and groups.
  2. Vibe Portal: Workspace for creating and managing content across all Vibe channels.
To establish a basic permission structure, start by adding two Azure groups: ‘Vibe-Admin’ and ‘Vibe-Publishers’. 
  1. Members of the ‘Vibe-Admin’ group have full access to the admin console and portal, with full publishing permissions in the Vibe Portal. 
  2. Members of the ‘Vibe-Publishers’ group will only have full publishing permissions in the Vibe Portal
Within the Vibe Portal, you can use groups to control publisher-level access to Slides, Playlists, and Locations. This can be structured in various ways:
  1. By Roles (e.g., HR, H&S, L&D), where specific teams manage content relevant to their function.
  2. By Locations, aligned with segmentation by country or site, which enables local publishing permissions. This way, onsite users can manage content relevant to their location, ensuring localised messaging across their channels. 
This structure offers flexibility, allowing tailored access control so local teams can manage and publish content specific to their roles or locations.

Add Groups

  1. Go to portal.azure.com and open the Groups section.

  2. Add the required user groups and assign users to each group.
    Alert
    You must include Vibe or Vibe.fyi in the group name.

Step 2: Enable SSO Login

Next, log into your admin console using an admin-level Vibe user account, then follow these steps to activate Azure AD SSO login for your Vibe.fyi application.
  1. Open Developer Tools and navigate to Modules > Global Module Settings.
  2. In the Login Form global module settings, tick the Enable Azure AD SSO login and Use Shared Azure AD App checkboxes.
  3. In the Valid login email domains field, enter the email domain linked to each users work email (e.g.: @myonlinebusiness.com) then click [Add Domain]. Repeat if multiple email domains are required.
  4. Optional - Upate the Login Button Text as needed
  5. Click [OK] to save the global settings.

Step 3: Add Redirect URL

Notes
This step can be performed at any time before the setup process starts, if it is easier to set this redirect URL in advance.
  1. Ask a Vibe developer to your admin console (using an admin-level Vibe user account).
  2. Open Developer Tools > Modules > Global Module Settings in the menu.
  3. In the global module settings, select Login Form.
  4. Click the Add redirect URL to the Azure AD app button.

Step 4: Log in with your Microsoft account

Notes
Permissions are needed to grant admin content for the Vibe.fyi SSO app. Learn more on the Microsoft Learn website where it is stated that in order to grant tenant-wide admin consent, you need a Microsoft Entra user account with one of the following roles:
  1. Privileged Role Administrator, for granting consent for apps requesting any permission, for any API.
  2. Cloud Application Administrator or Application Administrator, for granting consent for apps requesting any permission for any API, except Microsoft Graph app roles (application permissions).
  3. A custom directory role that includes the permission to grant permissions to applications, for the permissions required by the application.
When step 1 and 2 (above) are complete, your Vibe portal and admin console login forms will be replaced with an option to log in with a Microsoft account.
  1. Open your Vibe.fyi portal or admin console
  2. Click [Log in with your Microsoft account] and login with a Microsoft account that has permission to access all Azure groups.
     
  3. You may get a “Need admin approval” message at this point, if you see this message…
    1. Ask an Azure administrator to log into portal.azure.com, go to Enterprise applications and find Vibe site’s customer SSO login
    2. Open the Permissions pane, and click the Grant admin content for (your organisation name) button
    3. Read the list of requested permissions and click the Accept button
    4. Once this this admin consent has been granted, open your Vibe.fyi portal or admin console and click the [Log in with your Microsoft account] button again
  4. When you see the "You do not belong to the required Azure groups to be able to log in" message, send the name of your primary Azure 'administrator' group to your Vibe.fyi support contact (or email support@vibe.fyi) and they will perform the initial Azure / Vibe.fyi group mapping.
Info
When your Vibe.fyi support contact confirms that the initial grouping is complete, any user in the primary admin group can then login using their Microsoft account and proceed to step 4 below.

Step 5: Map Azure & Vibe.fyi user groups 

Idea
If your existing Vibe.fyi user groups are ready to map to your Azure user groups, skip to step 3.
Follow these steps to set up new Vibe.fyi user groups:
  1. Log into your Vibe.fyi admin console using your Microsoft account
  2. Add new portal user groups and admin roles (groups) as required
  3. While editing your group, use the Azure Group Mapping dropdown to locate and select the related Azure user group.
    1. User Groups

    2. Admin Roles

Managing SSO Users

Add Users

To add a new Vibe portal user, create a new Microsoft account (or choose an existing one) and add the user to the relevant group in portal.azure.com.

Remove Users

To remove a users access to the Vibe.fyi portal, deactivate/delete their Microsoft account OR remove them from the Azure user group that is mapped to a Vibe.fyi user group.
This update will take effect within 30 minutes after which the user will not be able to log in to Vibe.

    • Related Articles

    • SharePoint

      This guide assumes that you've registered for Windows Azure. If you haven't done so already, please complete the sign-up process at https://signup.azure.com. Please note that you might be asked to provide your credit card details, but rest assured, ...

    • Viva Engage

      The steps below can be completed after you sign up for Windows Azure. If you haven’t already done so, visit https://signup.azure.com to create an Azure account. Step 1 - Authentication In your Vibe admin console, navigate to Developer Tools > Modules ...

    • Outlook (Microsoft 365)

      Use Outlook (Office 365) to automatically present your activities, events or meeting room bookings on your workplace digital signage channel. Step 1: Azure Active Directory app setup App Registration If you have an existing Azure app, use the steps ...

    • Workplace

      Step 1: Create a custom Workplace App Vibe.fyi connects to Workplace using an 'App' and 'Access token'. To generate the Custom App and Access token (and allow access to all or specified group content on Workplace), please follow the steps below: ...

    • Power Bi

      Combine Power BI’s robust reporting capabilities with Vibe’s dynamic display options. This guide outlines how to integrate Power BI with Vibe in various ways to enhance your data presentation and accessibility. By leveraging these integration ...