Auvik allows you to use Azure AD for authentication into Auvik. This enables your users to log in with their Azure AD credentials—they don’t have to remember another set of credentials and you can manage their access from a central location.
A different set of authentication methods are supported at each site, and different single sign-on (SSO) configurations are supported in each site. The authentication method for a site applies to users who belong to a specific site. The authentication level determines which site a user belongs to and controls which authentication method they can use.
Note: SAML Single Sign-On is not enabled in the Auvik trial.
Auvik supports SAML 2.0 for SSO. There are 5 steps involved:
- Creating an application for Auvik in Azure AD
- Configuring SAML in Auvik and Azure AD
- Testing the configuration for a single user
- Granting your users access to Auvik in Azure AD
- Enabling SSO and migrating your users to SSO in Auvik
1. Creating an application for Auvik in Azure AD
If you’re logging into Auvik with a Microsoft account, skip to the next section.
- Log in to the Azure portal.
- Go to Azure Active Directory > Enterprise applications.
- Click Create your own application.
- Enter Auvik as the name of the application and select Integrate any other application you don't find in the gallery for What are you looking to do with your application?
- Click Create.
- Go to Properties.
- Set Enabled for users to sign-in to Yes.
- Set User assignment required to Yes.
- Set other properties as desired.
- Click Save.
- Proceed to the next section.
Refer to Azure AD documentation on how to add a non-gallery application for detailed instructions.
2. Configuring SAML in Auvik and Azure AD
Obtaining SAML configuration information and certificate from Azure AD
First, you need the Login URL, Azure AD Identifier, and SAML Signing Certificate from Azure AD.
- Log in to the Azure portal.
- Go to Azure Active Directory > Enterprise applications.
- Search and select Auvik.
- Under Manage, select Single sign-on.
- Select SAML. You should see the following page:
- Under SAML Signing Certificate, generate and download a new certificate.
- If the SAML Signing Certificate form asks to fill out required fields in Step 1, enter the following temporary values, so that you can download the certificate.
- Identifier (Entity ID): my.auvik.com
- Reply URL (Assertion Consumer Service URL): https://my.auvik.com/
- If the SAML Signing Certificate form asks to fill out required fields in Step 1, enter the following temporary values, so that you can download the certificate.
-
- Once the required fields are filled, the Edit option will become available. Click the Edit button.
- If a certificate is automatically generated when you create the application, do not use it as it may not be unique to your Azure account. To create a new certificate:
- Set Signing Option to Sign SAML Assertion.
- Set Signing Algorithm to SHA-256.
- Click New Certificate.
- Click Save.
- Click on the ellipsis (...) beside the newly created certificate to show the menu and select Make certificate active.
- Click Yes to confirm.
- Click on the ellipsis (...) beside the newly created certificate to show the menu and select PEM certificate download.
- Under Set up Auvik, copy the Login URL and Azure AD Identifier.
For additional instructions, see Azure AD documentation on how to set up a SAML application.
Keep the tab open because you’ll need to replace the temporary values in step 6 with the actual values from Auvik to complete the SAML configuration in Azure AD.
Configuring SAML in Auvik
Now you’ll configure SAML in Auvik.
- Go to the desired site dashboard.
- Click Settings in the Auvik navigation menu.
- Click the Authentication tab.
- Click Browse on the IdP Signature Certificate field to upload your SAML Signing Certificate from Azure AD.
- Enter the Azure AD Identifier in the IdP Issuer URI field and the Login URL in the IdP Single Sign-On URL field.
- Click Save.
- Copy the Audience URI, ACS URL, and RelayState.
Note: If you have configured SAML at the wrong site, delete the SAML configuration and restart at the desired site.
Completing SAML configuration in Azure AD
Finally, we’ll complete the SAML configuration in Azure AD.
- Edit Basic SAML Configuration of the Auvik application.
- Enter the following values:
Azure AD field name
Auvik field name
Identifier (Entity ID)
Audience URI
Reply URL (Assertion Consumer Service URL)
ACS URL
Relay State
RelayState
- Click Save.
- Edit User Attributes & Claims.
- Edit the Name identifier value.
- Set the name identifier format to EmailAddress and the source attribute to user.mail.
- Click Add new claim and add the following SAML claims:
Name
Name Format
Source
Source Attribute
firstName
Unspecified
Attribute
user.givenname
lastName
Unspecified
Attribute
user.surname
email
Unspecified
Attribute
user.mail
8. Click Save.
For additional instructions, see Azure AD documentation on how to setup a SAML application.
3. Testing your SAML configuration
Once SAML configuration is complete in Auvik and Azure AD, we’ll test the configuration in Auvik. SSO will be temporarily enabled for the test user in Auvik.
Testing your SAML configuration in Auvik is only available for SAML configurations that aren’t in use.
- In Azure AD, grant your test user access to the Auvik SAML application.
- Log in to the Azure portal.
- Go to Azure Active Directory > Enterprise applications.
- Search and select Auvik.
- Under Manage, select Users and groups.
- Click Add User.
- Select your test user.
- Click Select.
- Click Assign.
- In Auvik, go to the desired site dashboard.
- Click Settings in the Auvik navigation menu.
- Click the Authentication tab.
- Click Test SSO.
- Select the test user.
- In an incognito browser window, log into Auvik with your test user using your test user’s Azure AD credentials. Note: do not click the Log In With Microsoft button when testing SSO with Azure AD; that button is used when you log in with your Microsoft 365 account. You must complete the test in 30 minutes. If you don’t respond in 30 minutes, we’ll restore the previous settings.
- In Auvik, click on whether the test user was able to log in.
For additional instructions, see Azure AD documentation on how to assign users or groups to enterprise applications.
4. Granting your users access to Auvik in Azure AD
Users whose accounts have been migrated to SSO can only log in using their Azure AD credentials. Please make sure all users that you want to use SSO in Auvik are in your Azure AD and are configured to have access to the Auvik application.
To grant your other users access to the Auvik application in Azure AD:
- Log in to the Azure portal.
- Go to Azure Active Directory > Enterprise applications.
- Search and select Auvik.
- Under Manage, select Users and groups.
- Click Add User.
- Select your desired users.
- Click Select.
- Click Assign.
For additional instructions, see Azure AD documentation on how to assign users or groups to enterprise applications.
5. Enabling SSO and migrating your users to SSO in Auvik
Select the authentication method you want users on this site to use:
- Go to the desired site dashboard.
- Click Settings in the Auvik navigation menu.
- Click the Authentication tab.
- Select the desired Authentication Method:
- Password, Google account, and Microsoft account
- Single sign-on for selected users
- Single sign-on for all users
- Click Save.
Users whose accounts have been migrated to SSO can only log in through their Azure AD credentials. Please make sure all users that you want to use SSO in Auvik are Azure AD and are configured to have access to Auvik. Currently, Auvik SSO does not support just-in-time provisioning. You must invite the user to Auvik.
If Single sign-on for selected users is selected, this will start the user migration wizard to let you select the users that you want to migrate to SSO. There are three options:
- All users that belong to this site
- All users that belong to an email domain
- Select individual users
After selecting users to migrate, you will be asked to confirm your selection and then to start the migration. You can migrate more users to SSO at a later time by editing the user. You can also specify that a user must use SSO when you invite them.
If Single sign-on for all users is selected, this will start the user migration wizard to confirm the users will be migrated to SSO and start the migration. Any users that were not migrated will lose authorization to the site. Selecting this option will prevent you from inviting new users that already have an Auvik account—for example, consultants—because they’ll be using a conflicting authentication method. In this scenario, select Single sign-on for selected users.
If your browser tab or window is closed while the migration is in progress, you can view the progress from the Authentication Method pane.
- Go to the desired site dashboard.
- Click on Settings in the Auvik navigation menu.
- Click on the Authentication tab.
Under Authentication Method, click the See Status link.