Follow

SSO with Entra ID (Azure Active Directory)

 

NOTE—Entra ID is the new name for Azure AD.

 

Table of contents

  1. Configuring your Jostle platform with Entra ID 
  2. Entra ID Authentication Tokens
  3. Configuring your Jostle platform with Entra ID (Classic portal)
  4. Pass-through Authentication

Configuring your Jostle platform with Entra ID

To configure your Jostle platform with Entra ID, you'll need to sign in to manage.windowsazure.com and then follow the steps below. 

Adding Jostle to your Directory

  1. Click on Microsoft Entra ID on the left side menu to open the Azure AD window. You can select which directory you want to enable directory integration by clicking Switch directory at the top. A drop-down menu will appear on the right under your username where you can select a different directory.
  2. panel.png
  3. From the column on the left side, under Manage, click on "Enterprise applications" 
  4. Click New application at the top of the window.
  5. A new window (Add an application) will appear on the right. Search there for "Jostle".
  6. Select Jostle from the results and it's app window will appear on the right. Scroll to the bottom and click the Create button.

app.png

Configuring Entra ID SSO for the Jostle platform

Once you have added the Jostle application, the application Quick start window will pop up. (If you ever need to come back to this window, you can find it again by going to Enterprise applications  > Overview > click the Jostle icon > Quick start).

  1. From the column on the left, under Manage, click on “Single Sign-on”
  2. At the top of screen, under Single Sign-on mode, select “SAML-based Sign-on”
  3. Scroll down to Jostle Domain and URLs
  4. In the Sign on URL field, enter: https://login-prod.jostle.us
  5. In the Identifier field, enter: https://jostle.us
  6. Check the box next to “Show advanced URL settings”
  7. In the Reply URL field, enter: https://login-prod.jostle.us/saml/SSO/alias/newjostle.us
  8. Scroll down to User Attributes, and for User Identifier select user.userprincipalname.
  9. Click Save at the top of the window.                                                                                                                                           SSOAzureSetup6.png                                                                                                                                                     
  10. Now scroll back down and under SAML Signing Certificate, verify that the Status is Active* and then navigate over to far right and click the “Metadata XML” link under Download
  11. Send the downloaded metadata file to support@jostle.me

*If the status is not Active, click on “Make new certificate active” and then click Save.

 

Assigning Entra ID users to the Jostle application

When you are ready to assign your users, you have two options.

From the column on the left, under Manage, click "Properties" and you’ll see a Yes/No box next to “User assignment required?”

assigment.png

By default, this is option is set to Yes, and it is the recommended setting. Keeping this default setting will require that you follow the steps below to assign your users before they will be given access to the Jostle application.

However, if you select No, then ANY users in your Active Directory that navigate to the Jostle application will be granted access. Selecting No will not require you to follow the steps below to assign users and is not recommended.

Assigning users

We recommend testing on a test user first, to confirm that Single Sign On is working, before assigning the rest of your organization. Alternatively, you can test a single user from the Quick start window by clicking "Assign a user for testing"

  1. In the Jostle Enterprise application window, under Manage click on "Users and groups"
  2. Click Add at the top of the window
  3. In the Add Assignment window, click "Users"
  4. You can select which users in your directory to to add by clicking the checkbox next to each name. If the user does not exist or they are an external user, click Invite at the top to add them.
  5. Click the Select button at the bottom once you have selected all applicable users and the window will close.
  6. Click the Assign button at the bottom of the Add Assignment window. You can double check how many users have been selected.

Once you've completed your SSO configuration, you’ll need to convert your users from a Jostle-managed password to the SSO authentication. For details on how to do that, go here.

 

IMPORTANT:  Entra ID Authentication Tokens

When working with SSO, Jostle only accepts authentication tokens that are less than 90 days old. Entra ID allows users to stay logged in longer than 90 days, so to avoid problems with accessing Jostle, it is advisable that you reset the expiry of your tokens in Entra ID to under 90 days. For information on how to do this, please see this article from Microsoft Docs: Configurable token lifetimes in Azure Active Directory

And below is a guide for what you'll need to enter in the particular fields when you are in Entra ID > Security > Conditional Access > Select New policy

 

azureSSO_03.png

 

  1. Name - enter “Jostle Access”
  2. Users - the users you want SSO applied to
  3. Cloud apps or action - add the Jostle app
  4. Sign-in frequency - enable (check box)
  5. Period reauthentication - enter any period less than 90 days

Microsoft's complete walkthrough for configuring authentication session management can be found here.

NOTE—if you do not have the Conditional Access (paid) option with Entra ID, then please contact Jostle Support so we can suggest an appropriate workaround for you.

 

Configuring your Jostle platform with Azure AD (Classic portal)

To configure your Jostle platform with Azure AD using the classic portal, sign in at manage.windowsazure.com and then follow the steps below. 

  1. Click the Active Directory icon on the left side menu. Select which directory you want to enable directory integration in the Directory list. (click the right arrow beside the directory name)
  2. Click on Applications on the top menu.
  3. Click the Add button at the bottom of the page.
  4. A dialog will pop up asking What do you want to do? Click "Add an application from the gallery".
  5. Search for ‘Jostle’.
  6. Select Jostle from the results and click the checkmark on the bottom right.azure_newlogo.jpg

 

Configuring Azure AD SSO for the Jostle platform

To enable Azure AD single sign-on in the Azure classic portal, go to the Active Directory you have added Jostle to, then click Applications in the top menu and select Jostle.

    1. Click the Quick Start icon on the top menu.
    2. Click "Configure single sign-on" .azure2.1_newlogo.jpg
    3. A dialog will pop up asking How would you like users to sign on to Jostle? Make sure "Microsoft Azure AD Single Sign-On" is checked and then click the checkmark in the bottom right.
    4. In the Configure Apps Settings dialog:
      • Fill in the Sign On URL as such: https://login-prod.jostle.us/saml/SSO/alias/newjostle.us
      • Fill in the Identifier as such: https://jostle.us
      • Check ‘Configure the certificate used for federated single sign-on (optional).’
      • Click Nextazure_3.png
    5. In the Configure Federated SSO Certificate dialog, check your applicable certificate option and then click Next.   
    6. In the "Configure single sign-on at Jostle" dialog:
      • Download the metadata file. Please email this to support@jostle.me
      • Check "Confirm that you have configured single sign-on as described above"
      • Click Next
    7. In the "Single sign-on confirmation" dialog, enter an email for notifications and click the checkmark.
    8. Click on Attributes at the top menu of the Jostle application (you can always return to this page by going to the directory > Applications > right arrow beside 'Jostle')
      • Edit the saml token attributes for nameid (http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier) by highlighting it and clicking the pencil icon
      • Change the ATTRIBUTE VALUE to user.mail   
      • Click the checkmark
    9. Click ‘Apply Changes’ at the bottom.

 

Assigning Entra ID users to your Jostle platform

We recommend testing on a test user first, to confirm that single sign-on is working, before assigning the rest of your organization.

        1. In the directory view, click Applications in the top menu
        2. Select Jostle from the applications list (double click or click the right arrow icon)
        3. Go to Users in the top menu
        4. Select the users you wish to assign and click Assign in the toolbar at the bottom.

 

Pass-through Authentication

To allow pass-through authentication, you need to modify the Entra SSO Jostle app "Sign On URL" to be as follows:

https://login-prod.jostle.us/saml/login/alias/newjostle.us?idp=<ENTITY ID>

Which would look something like:

https://login-prod.jostle.us/saml/login/alias/newjostle.us?idp=https://sts.windows.net/7f83bc6c-b5f4-427e-9979-b4f0b6w89fac/


You can also add the same URL as your browser home page to by-pass the login screen. 

 

Entra Connect: Pass-through Authentication

Pass-through Authentication is a feature that can be enabled with Entra Connect that allows users to sign in to both on-premises and cloud-based applications using the same passwords. If you would like to learn more, we recommend viewing the video found here.

Below the video you will find further information about Pass-through Authentication and if you’ re interested in implementing this feature, the section titled Next Steps can guide you through the setup process.

Once you have configured Entra Connect, you’ll need to modify the Entra SSO Jostle app "Sign On URL" to be as follows:

https://login-prod.jostle.us/saml/login/alias/newjostle.us?idp=<ENTITY ID >

Which would look something like:

https://login-prod.jostle.us/saml/login/alias/newjostle.us?idp=https://sts.windows.net/7f83bc6c-b5f4-427e-9979-b4f0b6d89fac/

Once it has been modified, users should access their Jostle platform using that URL, which they can then bookmark for future use.

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.