How can we help?

Configuring Auvik single sign-on with Azure AD

Follow

Auvik allows you to use Azure AD for authentication into Auvik. This enables your users to log in with their Azure AD credentials—they don’t have to remember another set of credentials and you can manage their access from a central location.

A different set of authentication methods are supported at each site, and different single sign-on (SSO) configurations are supported in each site. The authentication method for a site applies to users who belong to a specific site site. The authentication level determines which site a user belongs to and controls which authentication method they can use.

Auvik supports SAML 2.0 for SSO. There are 4 steps involved:

  1. Creating an application for Auvik in Azure AD
  2. Configuring SAML in Auvik and Azure AD
  3. Testing the configuration for a single user
  4. Granting your users access to Auvik in Azure AD
  5. Enabling SSO and migrating your users to SSO in Auvik

1. Creating an application for Auvik in Azure AD

If you’re logging into Auvik with a Microsoft account, skip to the next section.

  1. Log in to the Azure portal.
  2. Go to Azure Active Directory > Enterprise applications.
  3. Click Create your own application.
  4. Enter Auvik as the name of the application and select Integrate any other application you don't find in the gallery for What are you looking to do with your application?
  5. Click Create.
  6. Go to Properties.
  7. Set Enabled for users to sign-in to Yes. 
  8. Set User assignment required to Yes.
  9. Set other properties as desired.
  10. Click Save.
  11. Proceed to the next section.

Refer to Azure AD documentation on how to add a non-gallery application for detailed instructions.

2. Configuring SAML in Auvik and Azure AD

Obtaining SAML configuration information and certificate from Azure AD

First, you need the Login URL, Azure AD Identifier, and SAML Signing Certificate from Azure AD.

  1. Log in to the Azure portal.
  2. Go to Azure Active Directory > Enterprise applications.
  3. Search and select Auvik.
  4. Under Manage, select Single sign-on.
  5. Select SAML. You should see the following page:

    001.png

  6. Under SAML Signing Certificate, click Download beside Certificate (Base64) to save the certificate.
    1. Click Add a certificate.
    2. Set Signing Option to Sign SAML Assertion.
    3. Set Signing Algorithm to SHA-256.
    4. Click New Certificate.
    5. Click Save.
    6. Click on the ellipsis (...) beside the newly created certificate to show the menu and select Make certificate active.
    7. Click Yes to confirm.
    8. Click on the ellipsis (...) beside the newly created certificate to show the menu and select PEM certificate download.
  7. Under Set up Auvik, copy the Login URL and Azure AD Identifier.

For additional instructions, see Azure AD documentation on how to setup a SAML application.

Keep the tab open because you’ll need to use values from Auvik to complete the SAML configuration in Azure AD.

Configuring SAML in Auvik

Now you’ll configure SAML in Auvik.

 

  1. Go to the desired site dashboard.
  2. Click Settings in the Auvik navigation menu.
  3. Click the Authentication tab.
  4. Click Browse on the IdP Signature Certificate field to upload your SAML Signing Certificate from Azure AD.
  5. Enter the Azure AD Identifier in the IdP Issuer URI field and the Login URL in the IdP Single Sign-On URL field.
  6. Click Save.
  7. Copy the Audience URI, ACS URL, and RelayState.

Completing SAML configuration in Azure AD

Finally, we’ll complete the SAML configuration in Azure AD.

  1. Edit Basic SAML Configuration of the Auvik application.
  2. Enter the following values:

    Azure AD field name

    Auvik field name

    Identifier (Entity ID)

    Audience URI

    Reply URL (Assertion Consumer Service URL)

    ACS URL

    Relay State

    RelayState

  3. Click Save.
  4. Edit User Attributes & Claims.
  5. Edit the Name identifier value.
  6. Set the name identifier format to EmailAddress and the source attribute to user.mail.
  7. Click Add new claim and add the following SAML claims:

     

    Name

    Name Format

    Source

    Source Attribute

    firstName

    Unspecified

    Attribute

    user.givenname

    lastName

    Unspecified

    Attribute

    user.surname

    email

    Unspecified

    Attribute

    user.mail

    002.png

8. Click Save.

For additional instructions, see Azure AD documentation on how to setup a SAML application.

3. Testing your SAML configuration

Once SAML configuration is complete in Auvik and Azure AD, we’ll test the configuration in Auvik. SSO will be temporarily enabled for the test user in Auvik. 

Testing your SAML configuration in Auvik is only available for SAML configurations that aren’t in use.

  1. In Azure AD, grant your test user access to the Auvik SAML application.
    1. Log in to the Azure portal.
    2. Go to Azure Active Directory > Enterprise applications.
    3. Search and select Auvik.
    4. Under Manage, select Users and groups.
    5. Click Add User.
    6. Select your test user.
    7. Click Select.
    8. Click Assign.
  2. In Auvik, go to the desired site dashboard.
  3. Click Settings in the Auvik navigation menu.
  4. Click the Authentication tab.
  5. Click Test SSO.
  6. Select the test user.
  7. In an incognito browser window, log into Auvik with your test user using your test user’s Azure AD credentials. You must complete the test in 30 minutes. If you don’t respond in 30 minutes, we’ll restore the previous settings.
  8. In Auvik, click on whether the test user was able to log in.

For additional instructions, see Azure AD documentation on how to assign users or groups to enterprise applications.

4. Granting your users access to Auvik in Azure AD

Users whose accounts have been migrated to SSO can only log in using their Azure AD credentials. Please make sure all users that you want to use SSO in Auvik are in your Azure AD and are configured to have access to the Auvik application.

To grant your other users access to the Auvik application in Azure AD:

  1. Log in to the Azure portal.
  2. Go to Azure Active Directory > Enterprise applications.
  3. Search and select Auvik.
  4. Under Manage, select Users and groups.
  5. Click Add User.
  6. Select your desired users.
  7. Click Select.
  8. Click Assign.

For additional instructions, see Azure AD documentation on how to assign users or groups to enterprise applications.

5. Enabling SSO and migrating your users to SSO in Auvik

Select the authentication method you want users on this site to use:

  1. Go to the desired site dashboard.
  2. Click Settings in the Auvik navigation menu.
  3. Click the Authentication tab.
  4. Select the desired Authentication Method:
    • Password, Google account, and Microsoft account
    • Single sign-on for selected users
    • Single sign-on for all users
  5. Click Save.

Users whose accounts have been migrated to SSO can only log in through their Azure AD credentials. Please make sure all users that you want to use SSO in Auvik are Azure AD and are configured to have access to Auvik. Currently, Auvik SSO does not support just-in-time provisioning. You must invite the user to Auvik.

If Single sign-on for selected users is selected, this will start the user migration wizard to let you select the users that you want to migrate to SSO. There are three options:

  1. All users that belong to this site
  2. All users that belong to an email domain
  3. Select individual users

After selecting users to migrate, you will be asked to confirm your selection and then to start the migration. You can migrate more users to SSO at a later time by editing the user. You can also specify that a user must use SSO when you invite them.

If Single sign-on for all users is selected, this will start the user migration wizard to confirm the users will be migrated to SSO and start the migration. Any users that were not migrated will lose authorization to the site. Selecting this option will prevent you from inviting new users that already have an Auvik account—for example, consultants—because they’ll be using a conflicting authentication method. In this scenario, select Single sign-on for selected users.

If your browser tab or window is closed while the migration is in progress, you can view the progress from the Authentication Method pane.

  1. Go to the desired site dashboard.
  2. Click on Settings in the Auvik navigation menu.
  3. Click on the Authentication tab.

Under Authentication Method, click the See Status link.

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request