Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Employee
Employee

SSO with Azure AD

If you use Azure Active Directory as your Identity Provider, you can now use single sign-on (SSO) authentication with the Azure AD to log into the Infinity Portal.

OferY_0-1592777094963.png

 

Azure allows the services hosted on the Infinity Portal to access the portal with the single set of credentials that the user already has.

When you activate the SSO with Azure AD, the sign-in page automatically redirects you to the configured AzureAD sign-in page.

 

For more details see Infinity Portal guide.

Labels (2)
3 Replies
Highlighted
Advisor

Hi Ofer,

A really needed update though I am still missing more information in regards to meta data and user role assignment in Azure AD.

I get sign in error like this in Azure.

The signed in user '{user}' is not assigned to a role for the application '{appId}'({appName}).

I have tried to configure Azure AD Manifest file like for Sandblast Mobile SSO.

SSO Manifest settings.png

 

I know CG SaaS only have two kinds of rules vs. Sandblast Mobile SSO which are "Admin" and "Read-Only"

Azure AD Manifest file.png

 

Thanks

Kim

 

 

Best Regards
Kim
Highlighted
Employee
Employee

Hi Kim,

 

Thank you for your time today.

As concluded today, the missing piece was the mapping of the Infinity roles ("value" field) to the appRoles in the application Manifest file.

You need to define per each Infinity role (Admin/Read-Only) the corresponding Azure application role.

Next, you need to assign the role to the user.

We are working to update the documentation with the above steps.

 

Best regards,

Ofer

Highlighted
Participant

👍