¶ Azure SSO
- Overview
- Azure credentials and configuration
- Add-on installation
- Configuration in Splynx
- How it works
¶ Overview
The Azure SSO (Single Sign-On) add-on enables administrator authentication via Microsoft Azure Active Directory (Azure AD) using OAuth 2.0. It allows user verification through their Azure AD account and supports two-factor authentication.
It simplifies login with Azure AD credentials, strengthens security with two-factor authentication, and centralizes access control for Splynx users.
¶ Azure credentials and configuration
To obtain the necessary credentials for configuring the Azure SSO add-on in Splynx, follow these steps:
- Create a new project and configure it according to the Microsoft guide.
After this, you will recieve Client ID and Client Secret Key.
Client ID:
Client Secret Key:
- After this, register the callback URL where you will be redirected after completing authentication with Microsoft:
¶ Add-on installation
You can install the Azure SSO add-on in two methods: via the CLI or the Web UI of your Splynx server.
To install it via CLI, the following commands can be used:
apt-get update
apt-get install splynx-azure-sso
To install the add-on via the Web UI, navigate to Config → Integrations → Add-ons:
Locate or search for the splynx-azure-sso add-on and click the Install icon in the Actions column:
Click the OK, confirm button to begin the installation process:
¶ Configuration in Splynx
After the installation process, configure the add-on in Config → Integrations → Modules list:
Locate or search for the splynx_azure_sso module and click the
Edit (Config) icon in the Actions column:
Under Common settings, enter your Splynx URL (without the trailing slash), along with your Client ID and Client secret key obtained earlier from your Azure account:
¶ How it works
Once all configurations are complete, the admin can log in to the system using Azure AD. The corresponding button will appear on the start page. Then, enter your Outlook credentials to log in to the system.
Microsoft Azure AD uses the OAuth 2.0 Authorization Code Flow to authenticate users.
API is used to interact with Azure AD.
Two-factor authentication (2FA) is implemented using TOTP (Time-based One-Time Password), which is compatible with Google Authenticator.
Steps to Enable 2FA and log In:
-
Go to the admin's Profile and enable 2FA.
-
Install the Google Authenticator app on your phone.
-
Scan the QR code from your profile.
-
Enter the one-time password from the app.
-
Log in again using Azure AD.
After entering your Outlook credentials, the system will prompt you to enter a code from the email.
If the 2FA code is correct, you will be redirected to the Dashboard.