Skip to main content

Azure AD / Entra AD – SSO Configuration Instructions

Sam Abello avatar
Written by Sam Abello
Updated this week

Overview

Single Sign-On (SSO) is the ability for users to authenticate with a Service Provider (Grayscale) through an Identity Provider instead of directly with a username and password. SSO allows Organizations to centrally manage user access and streamline new user onboarding as well as de-provisioning.

Notes:

An Azure AD / Entra AD user with the following administrative access will need to complete these tasks:

  1. Global Administrator

  2. Cloud Application Administrator

  3. Application Administrator, or

  4. Owner of the service principal

A secret SCIM token/password, which will be provided by your Grayscale customer success manager after they have received your SAML configuration details.

Configuration

Step 1 – Create New Enterprise Application

  1. Sign in to the Azure Active Directory admin center.

  2. Navigate to All services > Enterprise applications.

  3. Select New application.

  4. Select Create your own application.

  5. Name the new application (we recommend Grayscale).

  6. Choose the option Integrate any other application you don't find in the gallery (Non-gallery).

  7. Select Create.

Step 2 – Configure App Icon

1. In the Azure portal, open the Grayscale app.

2. In the left sidebar, select Properties.

3. For Logo, upload the Grayscale logo.

4. Select Save and close the Properties panel.

Step 3 – Configure Single Sign-On with SAML

  1. In the Azure portal, open the Grayscale app.

  2. In the left sidebar, select Single sign-on.

  3. In the Select a single sign-on method section, choose SAML.

  4. In the Basic SAML Configuration section, select Edit.

  5. For Identifier (Entity ID), enter grayscale.

    1. If you use a different Entity ID, please tell your Grayscale customer success manager the value that was used. They’ll need this value to properly configure SSO in your Grayscale account.

  6. For Reply URL, enter https://app.gograyscale.com/users/saml/auth.

  7. For Sign on URL, enter https://app.gograyscale.com/users/sso_sign_in.

  8. Select Save and close the Basic SAML Configuration pane.

  9. In the Attributes & Claims section, select Edit.

  10. Select Add new claim.

  11. For Name, enter phone.

  12. For Namespace, enter http://schemas.xmlsoap.org/ws/2005/05/identity/claims.

  13. For Source, choose Attribute.

  14. For Source attribute, choose user.telephonenumber.

  15. Select Save and close the Attributes & Claims pane.

  16. In the SAML Signing Certificate section, download the Federation Metadata XML file and send it to integrations@grayscaleapp.com to complete SSO enablement for your account.

Wait!

Please wait on configuring user provisioning until your Grayscale Implementation Manager has completed SSO enablement for your account. They will email you when they’re ready for you to proceed. They will also send a secret token to your Azure AD admin, which will be required to complete user provisioning setup.

Step 4 – Configure User Provisioning

  1. In the Azure portal, open the Grayscale app.

  2. In the left sidebar, select Provisioning.

  3. If an informational splash screen is displayed, select Get Started.

  4. For Provisioning mode, choose Automatic.

  5. For Tenant URL, enter https://app.gograyscale.com/api/scim/v2.

  6. For Secret Token, enter the token sent to you by your Grayscale customer success manager.

  7. Select Test Connection to verify the credentials.

  8. Select Save and close the Provisioning pane.

Select Start provisioning.

Related Articles
Single Sign On Implementation Considerations
Using SSO On Your Mobile Device
SSO Frequently Asked Questions
Signing in with SSO
Okta – SSO Configuration Instructions
Did this answer your question?