Follow

SSO with Azure Active Directory

 

Table of contents

  1. Configuring your Jostle intranet with Azure AD
  2. Azure AD Authentication Tokens
  3. Configuring your Jostle intranet with Azure AD (Classic portal)
  4. Azure AD Connect: Pass-through Authentication

Configuring your Jostle intranet with Azure AD

To configure your Jostle intranet with Azure AD, you'll need to sign in to manage.windowsazure.com and then follow the steps below. 

Adding Jostle to your Directory

  1. Click on Azure Active Directory on the left side menu to open the Azure AD window. You can select which directory you want to enable directory integration by clicking Switch directory at the top. A drop-down menu will appear on the right under your username where you can select a different directory.
  2. From the column on the left side, under Manage, click on "Enterprise applications" and then "All applications".
  3. Click Add at the top of the window.azureportal4a.png
  4. A new window (Add an application) will appear on the right. Search there for "Jostle".
  5. Select Jostle from the results and it's app window will appear on the right. Scroll to the bottom and click the Add button.

azureportal4b.png

Configuring Azure AD SSO for the Jostle platform

Once you have added the Jostle application, the application Quick start window will pop up. (If you ever need to come back to this window, you can find it again by going to Enterprise applications  > Overview > click the Jostle icon > Quick start).

  1. From the column on the left, under Manage, click on “Single Sign-on”
  2. At the top of screen, under Single Sign-on mode, select “SAML-based Sign-on”
  3. Scroll down to Jostle Domain and URLs
  4. In the Sign on URL field, enter: https://login-prod.jostle.us
  5. In the Identifier field, enter: https://jostle.us
  6. Check the box next to “Show advanced URL settings”
  7. In the Reply URL field, enter: https://login-prod.jostle.us/saml/SSO/alias/newjostle.us
  8. Scroll down to User Attributes, and for User Identifier select user.userprincipalname.
  9. Click Save at the top of the window.                                                                                                                                           SSOAzureSetup6.png                                                                                                                                                     
  10. Now scroll back down and under SAML Signing Certificate, verify that the Status is Active* and then navigate over to far right and click the “Metadata XML” link under Download
  11. Send the downloaded metadata file to support@jostle.me

*If the status is not Active, click on “Make new certificate active” and then click Save.

 

Assigning Azure AD users to the Jostle application

When you are ready to assign your users, you have two options.

From the column on the left, under Manage, click "Properties" and you’ll see a Yes/No box next to “User assignment required?”

JostleUserAccessDefaultyes1.png

By default, this is option is set to Yes, and it is the recommended setting. Keeping this default setting will require that you follow the steps below to assign your users before they will be given access to the Jostle application.

However, if you select No, then ANY users in your Active Directory that navigate to the Jostle application will be granted access. Selecting No will not require you to follow the steps below to assign users and is not recommended.

Assigning users

We recommend testing on a test user first, to confirm that Single Sign On is working, before assigning the rest of your organization. Alternatively, you can test a single user from the Quick start window by clicking "Assign a user for testing"

  1. In the Jostle Enterprise application window, under Manage click on "Users and groups"
  2. Click Add at the top of the window
  3. In the Add Assignment window, click "Users"
  4. You can select which users in your directory to to add by clicking the checkbox next to each name. If the user does not exist or they are an external user, click Invite at the top to add them.
  5. Click the Select button at the bottom once you have selected all applicable users and the window will close.
  6. Click the Assign button at the bottom of the Add Assignment window. You can double check how many users have been selected here.

Once you've completed your SSO configuration, you’ll need to convert your users from a Jostle-managed password to the SSO authentication. For details on how to do that, go here.

 

Azure AD Authentication Tokens

When working with SSO, Jostle only accepts authentication tokens that are less than 90 days old. Azure AD allows users to stay logged in longer than 90 days, so to avoid problems with accessing Jostle, it is advisable that you reset the expiry of your tokens in Azure AD to under 90 days. For information on how to do this, please see this article from Microsoft Docs: Configurable token lifetimes in Azure Active Directory

 

Configuring your Jostle intranet with Azure AD (Classic portal)

To configure your Jostle platform with Azure AD using the classic portal, sign in at manage.windowsazure.com and then follow the steps below. 

  1. Click the Active Directory icon on the left side menu. Select which directory you want to enable directory integration in the Directory list. (click the right arrow beside the directory name)
  2. Click on Applications on the top menu.
  3. Click the Add button at the bottom of the page.
  4. A dialog will pop up asking What do you want to do? Click "Add an application from the gallery".
  5. Search for ‘Jostle’.
  6. Select Jostle from the results and click the checkmark on the bottom right.

 

Configuring Azure AD SSO for the Jostle platform

To enable Azure AD single sign-on in the Azure classic portal, go to the Active Directory you have added Jostle to, then click Applications in the top menu and select Jostle.

    1. Click the Quick Start icon on the top menu.
    2. Click "Configure single sign-on" .
    3. A dialog will pop up asking How would you like users to sign on to Jostle? Make sure "Microsoft Azure AD Single Sign-On" is checked and then click the checkmark in the bottom right.
    4. In the Configure Apps Settings dialog:
      • Fill in the Sign On URL as such: https://login-prod.jostle.us/saml/SSO/alias/newjostle.us
      • Fill in the Identifier as such: https://jostle.us
      • Check ‘Configure the certificate used for federated single sign-on (optional).’
      • Click Nextazure_3.png
    5. In the Configure Federated SSO Certificate dialog, check your applicable certificate option and then click Next.   
    6. In the "Configure single sign-on at Jostle" dialog:
      • Download the metadata file. Please email this to support@jostle.me
      • Check "Confirm that you have configured single sign-on as described above"
      • Click Next
    7. In the "Single sign-on confirmation" dialog, enter an email for notifications and click the checkmark.
    8. Click on Attributes at the top menu of the Jostle application (you can always return to this page by going to the directory > Applications > right arrow beside 'Jostle')
      • Edit the saml token attributes for nameid (http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier) by highlighting it and clicking the pencil icon
      • Change the ATTRIBUTE VALUE to user.mail   
      • Click the checkmark
    9. Click ‘Apply Changes’ at the bottom.

 

Assigning Azure AD users to your Jostle platform

We recommend testing on a test user first, to confirm that single sign-on is working, before assigning the rest of your organization.

        1. In the directory view, click Applications in the top menu
        2. Select Jostle from the applications list (double click or click the right arrow icon)
        3. Go to Users in the top menu
        4. Select the users you wish to assign and click Assign in the toolbar at the bottom.

 

Azure AD Connect: Pass-through Authentication

Pass-through Authentication is a feature that can be enabled with Azure AD Connect that allows users to sign in to both on-premises and cloud-based applications using the same passwords. If you would like to learn more, we recommend viewing the video found here.

Below the video you will find further information about Pass-through Authentication and if you’ re interested in implementing this feature, the section titled Next Steps can guide you through the setup process.

Once you have configured Azure AD Connect, you’ll need to modify the Azure SSO Jostle app "Sign On URL" to be as follows:

https://login-prod.jostle.us/saml/login/alias/newjostle.us?idp=<ENTITY ID OF AZURE SSO APP>

Which would look something like:

https://login-prod.jostle.us/saml/login/alias/newjostle.us?idp=https://sts.windows.net/7f83bc6c-b5f4-427e-9979-b4f0b6d89fac/

Once it has been modified, users should access their Jostle intranet using that URL, which they can then bookmark for future use.

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.