Technical Resources
Single Sign-On with SAML
About Single Sign-On
SSO is an alternative security tool to two-factor authentication. Instead of sending a notification to your phone to authenticate, single sign-on uses SAML, a markup language that allows you to access multiple web applications using a single set of login credentials. FrameFlow now has the option to verify your account through Microsoft once at the beginning of the day, instead of having to use authentication like two-factor authentication multiple times throughout the day. This article will explain the procedure needed to begin using single sign-on to authenticate more conveniently.
Prerequisites to Azure Setup
1. Before starting the setup process, please verify that FrameFlow is already installed and set up through IIS. Then, log into portal.azure.com and check that your first Azure AD is already set up in Active Directory.
Azure Setup
2. From portal.azure.com, click on "Microsoft Entra ID".
3. Select "Enterprise Applications" from the menu.
4. Click on "New Application" in the menu bar. This will open the Azure AD gallery, which has a search bar.
5. Type "SAML tool" into the search bar and select "Azure AD SAML Toolkit".
6. After the application is created, click on "Users and Groups" to grant SAML access to your team.
7. Click on "Add User/Group".
8. Click on "Users > None Selected".
9. Here, you can begin adding the users you want to have access to Single Sign-on. When you're done adding users, click "Select".
10. To apply your changes, click "Assign".
11. Click on "Single Sign-On".
12. Choose "SAML".
13. Click on the pencil icon to edit Basic SAML Configuration.
14. Enter the URL to your FrameFlow installation as the Identifier (Entity ID).
15. Click "Add Reply URL" and enter the same URL with "/saml.asp" at the end.
16. Enter the URL of your FrameFlow installation as the sign-on URL.
17. Click Save.
18. Once saved, close the "Basic SAML Configuration" window.
19. Scroll down to "SAML Certificates" and click Download (Base64) on the certificate.
20. Scroll down to part four: setup.
21. Make note of the login URL and the Azure AD identifier.
Setup Within FrameFlow
1. Log into FrameFlow as normal and go to Settings > Login and Security Settings.
2. In the section labeled "SAML", check "Allow SAML".
3. In the "Installation URL" field, enter the URL to your FrameFlow installation.
4. Enter the login URL you copied in step 22 into the Login URL field. The Azure AD identifier goes in the box labeled "Issuer".
5. Click the key button and select the certificate you downloaded above.
6. Press the "Upload Now" button, then click "Save Changes".
Now, when you're logged out of FrameFlow, you'll be greeted with an option that says "Sign in with SSO". Clicking this will take you to the login URL where you can sign in using your Azure credentials. After logging in, you're redirected back into FrameFlow where you are also signed in. Accounts are automatically generated in FrameFlow and added to the Everyone group.