Azure AD Enterprise Application integration (SSO/Office365)

If the users and/or resources are both available within Azure AD it's highly recommended to include GoBright as an Enterprise Application. There a few reasons to do this:

Why you should consider adding GoBright in Azure AD

  • The application can be used to set up the Office 365 integration
  • The application can be used to automatically synchronize users from Azure AD
  • Users can log in to the platform automatically (SSO)
  • No additional configuration or scripting is required

Using this enterprise application will easily set up a connection, including SSO, while still giving you control over who is allowed to use the application.

Setting up the app

The first step is to add & configure GoBright as an Enterprise application to the AzureAD of your organization. In this way, you can easily connect & manage access to GoBright.

Add GoBright as an Enterprise application:

  • Login to your AzureAD via portal.azure.com
  • Open 'Enterprise applications':
    001_-_enterprise_applications.png
  • Choose 'New application':
    002_-_enterprise_applications_-_new_app.png
  • Search for 'GoBright', click the 'GoBright' card, and click 'Sign up for GoBright':
    003_-_enterprise_applications_-_search_app.png
  • You will now be redirected, please login with the 'Sign in with Microsoft' button:
    004_-_login.png
  • You will be presented with the Microsoft federated login page.
    Login once, and accept, this will add the 'GoBright' app to the AzureAD of your organization, still with no permissions.
    Please note: the GoBright portal will not recognize you as a user, so the login in will fail, this is correct at this stage.
    005_-_federated_microsoft_login.png

Assign groups/users to the GoBright Enterprise application:

  • Within the now available GoBright Enterprise application, several settings are available
  • Use the 'add user' button to add groups or users to access GoBright
    006_-_enterprise_app_settings.png

 

Create the integration

Please now go into the portal with your admin account, and go to 'Settings > General > Integrations'.

There create the integration, with following details:

  • Name:
    Choose a name of your liking, e.g. 'Office 365' or 'Azure AD'
  • External system:
    Select 'Office 365'
  • Authentication type:
    Select 'Modern authentication'
    And click 'Link Office 365' and connect the tenants.

Note: if you want to use this integration for synchronizing room calendars as well, then configure the Office 365 integration and make sure 'Link Office 365' is done with the service account!

 

Test with portal user to log in via Azure AD

If you already have users in your portal which are also present in Azure AD, you need to modify the integration that is selected for those users.

Also you can create one user for testing the Azure AD login flow.

Please make sure that for such user:

  • The email address of the user in the portal needs to be the same as in Azure AD
  • Make sure the user has the correct integration selected

Once the user is properly configured, you can test login, e.g. by starting an incognito browser session and login to the portal with the properly configured user.

 

Enabling automatic user creation

To enable automatic user creations, there are two steps involved:

  1. Configure the Office 365 integration with modern authentication and automatic user creation enabled, and choose the default role for automatically created users.
  2. The platform needs to know which company domains are related to your environment, for example, '@company.com'.

Please provide these domains to GoBright via the request form.
Supply the following in your request: your organization, the domains you want to use for automatic user creation.
Please request this via this form.

When provided GoBright will configure this, and provide you with feedback.

 

User synchronization

It is also possible to synchronize users upfront, which might be desirable to do active user management. Please see this article for more information about synchronizing users.

2 out of 2 found this helpful