Entra (Azure) Single Sign-On
Streamline Access with Entra Single Sign-On for Vibe.fyi. Scale effortlessly as your organisation grows and simplify user management through centralised control in Azure AD.
Read First
Vibe SSO App Permissions
When you first log in using SSO, our app will request the following permissions:
- User.Read
- offline_access
- Group.Read.All
For all subsequent SSO logins, the app will only request:
- User.Read
- offline_access
Here’s what each permission is used for:
- User.Read: This allows us to retrieve the user's First Name, Last Name, Unique ID, and Email Address for authentication and user management purposes.
- offline_access: This enables us to periodically re-check the groups the validated users belong to. This ensures that any updates to user accounts in Entra (e.g., changes in group memberships) are reflected in the Vibe admin page automatically.
- Group.Read.All: This permission is only required during the first login. It allows us to fetch a list of groups to set up mappings between the user groups in our system and the corresponding Entra groups.
Importantly, we only retrieve groups that contain the word "vibe" to keep the scope of this request focused and relevant. By requesting these permissions, Vibe ensures secure and seamless SSO functionality while respecting the principle of minimal access.
Managing SSO Users
Add Users
To add a new Vibe portal user, create a new Microsoft account (or choose an existing one) and add the user to the relevant group in portal.azure.com.
Remove Users
To remove a users access to the Vibe.fyi portal, deactivate/delete their Microsoft account OR remove them from the Azure user group that is mapped to a Vibe.fyi user group.
This update will take effect within 30 minutes after which the user will not be able to log in to Vibe.
Integration Guide
Step 1: Azure User Groups
Read First
Vibe is organised into two distinct areas:
- Admin Console: Manage technical tasks such as setting up new locations, users, and groups.
- Vibe Portal: Workspace for creating and managing content across all Vibe channels.
To establish a basic permission structure, start by adding two Azure groups: ‘Vibe-Admin’ and ‘Vibe-Publishers’.
- Members of the ‘Vibe-Admin’ group have full access to the admin console and portal, with full publishing permissions in the Vibe Portal.
- Members of the ‘Vibe-Publishers’ group will only have full publishing permissions in the Vibe Portal
Within the Vibe Portal, you can use groups to control publisher-level access to Slides, Playlists, and Locations. This can be structured in various ways:
- By Roles (e.g., HR, H&S, L&D), where specific teams manage content relevant to their function.
- By Locations, aligned with segmentation by country or site, which enables local publishing permissions. This way, onsite users can manage content relevant to their location, ensuring localised messaging across their channels.
This structure offers flexibility, allowing tailored access control so local teams can manage and publish content specific to their roles or locations.
Add Groups
Go to portal.azure.com and open the
Groups section.
Add the required user groups and assign users to each group.
You must include Vibe or Vibe.fyi in the group name.
Step 2: Enable SSO Login
Next, log into your admin console using an
admin-level Vibe user account, then follow these steps to
activate Azure AD SSO login for your Vibe.fyi application.- Open Developer Tools and navigate to Modules > Global Module Settings.
- In the Login Form global module settings, tick the Enable Azure AD SSO login and Use Shared Azure AD App checkboxes.
- In the Valid login email domains field, enter the email domain linked to each users work email (e.g.: @myonlinebusiness.com) then click [Add Domain]. Repeat if multiple email domains are required.
- Optional - Upate the Login Button Text as needed
- Click [OK] to save the global settings.
Step 3: Add Redirect URL
This step can be performed at any time before the setup process starts, if it is easier to set this redirect URL in advance.
- Ask a Vibe developer to your admin console (using an admin-level Vibe user account).
- Open Developer Tools > Modules > Global Module Settings in the menu.
- In the global module settings, select Login Form.
- Click the Add redirect URL to the Azure AD app button.
Step 4: Log in with your Microsoft account
Permissions are needed to grant admin content for the Vibe.fyi SSO app. Learn more on the
Microsoft Learn website where it is stated that in order to
grant tenant-wide admin consent, you need a Microsoft Entra user account with one of the following roles:- Privileged Role Administrator, for granting consent for apps requesting any permission, for any API.
- Cloud Application Administrator or Application Administrator, for granting consent for apps requesting any permission for any API, except Microsoft Graph app roles (application permissions).
- A custom directory role that includes the permission to grant permissions to applications, for the permissions required by the application.
When step 1 and 2 (above) are complete, your Vibe portal and admin console login forms will be replaced with an option to log in with a Microsoft account.
- Open your Vibe.fyi portal or admin console
- Click [Log in with your Microsoft account] and login with a Microsoft account that has permission to access all Azure groups.
- You may get a “Need admin approval” message at this point, if you see this message…
- Ask an Azure administrator to log into portal.azure.com, go to Enterprise applications and find Vibe site’s customer SSO login
- Open the Permissions pane, and click the Grant admin content for (your organisation name) button
- Read the list of requested permissions and click the Accept button
- Once this this admin consent has been granted, open your Vibe.fyi portal or admin console and click the [Log in with your Microsoft account] button again
- When you see the "You do not belong to the required Azure groups to be able to log in" message, send the name of your primary Azure 'administrator' group to your Vibe.fyi support contact (or email support@vibe.fyi) and they will perform the initial Azure / Vibe.fyi group mapping.
When your Vibe.fyi support contact confirms that the initial grouping is complete, any user in the primary admin group can then login using their Microsoft account and proceed to step 4 below.
Step 5: Map Azure & Vibe.fyi user groups
Follow these steps to set up new Vibe.fyi user groups:
- Log into your Vibe.fyi admin console using your Microsoft account
- Add new portal user groups and admin roles (groups) as required
- While editing your group, use the Azure Group Mapping dropdown to locate and select the related Azure user group.
- User Groups
- Admin Roles
Related Articles
SharePoint
This guide assumes that you've registered for Windows Azure. If you haven't done so already, please complete the sign-up process at https://signup.azure.com. Please note that you might be asked to provide your credit card details, but rest assured, ...
Viva Engage
The steps below can be completed after you sign up for Windows Azure. If you haven’t already done so, visit https://signup.azure.com to create an Azure account. Step 1 - Authentication In your Vibe admin console, navigate to Developer Tools > Modules ...
Outlook (Microsoft 365)
Use Outlook (Office 365) to automatically present your activities, events or meeting room bookings on your workplace digital signage channel. Step 1: Azure Active Directory app setup App Registration If you have an existing Azure app, use the steps ...
Power Bi
Combine Power BI’s robust reporting capabilities with Vibe’s dynamic display options. This guide outlines how to integrate Power BI with Vibe in various ways to enhance your data presentation and accessibility. By leveraging these integration ...
Workplace
Step 1: Create a custom Workplace App Vibe.fyi connects to Workplace using an 'App' and 'Access token'. To generate the Custom App and Access token (and allow access to all or specified group content on Workplace), please follow the steps below: ...