If the users and/or resources are both available within Azure AD it's highly recommended to include GoBright as an Enterprise Application. There a few reasons to do this:
Why you should consider adding GoBright in Azure AD
- The application can be used to set up the Office 365 integration
- The application can be used to automatically synchronize users from Azure AD
- Users can log in to the platform automatically (SSO)
- No additional configuration or scripting is required
Using this enterprise application will easily set up a connection, including SSO, while still giving you control over who is allowed to use the application.
Setting up the app
The first step is to add & configure GoBright as an Enterprise application to the AzureAD of your organization. In this way, you can easily connect & manage access to GoBright.
Add GoBright as an Enterprise application:
- Login to your AzureAD via portal.azure.com
- Open 'Enterprise applications':
- Choose 'New application':
- Search for 'GoBright', click the 'GoBright' card, and click 'Sign up for GoBright':
- You will now be redirected, please login with the 'Sign in with Microsoft' button:
- You will be presented with the Microsoft federated login page.
Login once, and accept, this will add the 'GoBright' app to the AzureAD of your organization, still with no permissions.
Please note: the GoBright portal will not recognize you as a user, so the login in will fail, this is correct at this stage.
Assign groups/users to the GoBright Enterprise application:
- Within the now available GoBright Enterprise application, several settings are available
- Use the 'add user' button to add groups or users to access GoBright
Create the integration
Please now go into the portal with your admin account, and go to 'Settings > General > Integrations'.
There create the integration, with following details:
Choose a name of your liking, e.g. 'Office 365' or 'Azure AD'
- External system:
Select 'Office 365'
- Authentication type:
Select 'Modern authentication'
And click 'Link Office 365' and connect the tenants.
Note: if you want to use this integration for synchronizing room calendars as well, then configure the Office 365 integration and make sure 'Link Office 365' is done with the service account!
Test with portal user to log in via Azure AD
If you already have users in your portal which are also present in Azure AD, you need to modify the integration that is selected for those users.
Also you can create one user for testing the Azure AD login flow.
Please make sure that for such user:
- The email address of the user in the portal needs to be the same as in Azure AD
- Make sure the user has the correct integration selected
Once the user is properly configured, you can test login, e.g. by starting an incognito browser session and login to the portal with the properly configured user.
Enabling automatic user creation
To enable automatic user creations, there are two steps involved:
- Configure the Office 365 integration with modern authentication and automatic user creation enabled, and choose the default role for automatically created users.
- The platform needs to know which company domains are related to your environment, for example, '@company.com'.
Please provide these domains to GoBright via the request form.
Supply the following in your request: your organization, the domains you want to use for automatic user creation.
Please request this via this form.
When provided GoBright will configure this, and provide you with feedback.
It is also possible to synchronize users upfront, which might be desirable to do active user management. Please see this article for more information about synchronizing users.