System Administration
      Back to home
      1. Knowledge Base
      2. BalancedComp
      3. System Administration

      What to Do When You Want SSO (Single Sign-On)

      Some clients want to manage how their users log into their BalancedComp system, and we've made it simple! Single Sign-On, aka SSO, improves the user experience while enhancing network security.

       

      Pass this article along to your IT Department. It contains all the steps necessary to establish SSO on your end. BalancedComp will be able to finish the setup quickly after these steps are completed.

      In this article we'll cover:
      1. How to add a new application in Azure AD
      2. How to set up Single Sign-on using SAML

      Instructions for your IT Department:

      To add a new application in Azure AD

      1. Log in to the Azure Portal.
      2. In the Azure Services section:
        1. Choose Azure Active Directory.
      3. In the left sidebar, choose Enterprise Applications.
      4. Choose New Application.
      5. On the Browse Azure AD Gallery page:
        1. Choose Create your own application.
      6. Under What’s the name of your app?
        1. Enter a name for your application.
        2. Select Integrate any other application you don’t find in the gallery (Non-gallery).
        3. Choose Create.

      It will take a few seconds for the application to be created in Azure AD, and then you should be redirected to the Overview page for the newly added application.

      Occasionally, this step can result in a "Not Found" error, even though Azure AD has successfully created a new application. If that happens, in Azure AD navigate back to Enterprise applications and search for your application by name.

      How to set up Single Sign-on using SAML

      1. On the Getting Started page:
        1. Find the Set up single sign on tile.
        2. Choose Get started.
      2. On the next screen, select SAML.
      3. In the middle pane under Set up Single Sign-On with SAML:
        1. Find the Basic SAML Configuration section.
        2. Choose the edit icon
      4. In the right pane under Basic SAML Configuration:
        1. Replace the default Identifier ID (Entity ID) with the Identifier (Entity ID) urn:amazon:cognito:sp:us-east-1_QIaqZejKY.
        2. In the Reply URL (Assertion Consumer Service URL) field, enter           https://us-east-1qiaqzejky.auth.us-east-1.amazoncognito.com/saml2/idpresponse
        3. Choose Save.
      5. In the middle pane under Set up Single Sign-On with SAML:
        1. Find the User Attributes & Claims section.
        2. Choose Edit.
      6. Choose Add a group claim.
      7. On the User Attributes & Claims page:
        1. Find the right pane under Group Claims.
        2. Select Groups assigned to the application.
        3. Leave Source attribute as Group ID.
        4. Choose Save.
      8. In a text editor, note down the Claim names under Additional claims
        1. These will need to be given to BalancedComp to map the claims at their end.
      9. Close the User Attributes & Claims screen by choosing the X in the top right corner.
        1. You’ll be redirected to the Set up Single Sign-on with SAML page.
      10. Scroll down to the SAML Signing Certificate section and do the following:
        1. Copy the App Federation Metadata URL by choosing the copy into clipboard icon.
        2. Email that url to devs@balancedcomp.com, as it is needed to complete the SSO connection our end.