Single Sign-On Settings

Single sign-on is a great addition when it comes to user experience as it means users don't have to go through the process of entering their login credentials to get access to the system. In this article, we'll take a look at the various ways you can facilitate single sign-on for your users.

In this article

Also in this section

There are no sub-sections to this page


 

Overview

There are a number of single sign-on solutions supported by S2Hub:

  1. Windows pass-through authentication (traditional SSO)
  2. Azure AD (Office 365)
  3. Shibboleth/SAML 
  4. Token 

Windows pass-through authentication is generally configured by default during your S2Hub installation. At this time Shibboleth/SAML support is possible but only as a non-standard add-on which is configured on a case-by-case basis. Token-based SSO is not very widely used but available for integrating with third party applications (such as Software2's demo site registration which automatically logs a user into AppsAnywhere using token SSO once an account has been created). 

As of the June 2017 release of S2Hub, only the Azure AD SSO is configurable from within S2Hub admin. This configuration will be covered in the rest of this article.

Azure AD 

Overview

The single sign-on integration with Azure AD means that admins have the ability to allow anyone with an Microsoft Office 365 account linked to the same domain as S2Hub to be automatically logged into AppsAnywhere from an active Office 365 session. 

Before You Begin

In order to enable Azure AD SSO access, you will first need to configure your Azure AD environment to permit S2Hub access. To do this, follow the steps below:

  1. Log into your institution's Azure Portal as a system administrator
  2. On the left hand menu, click Azure Active Directory
  3. On the Azure AD sub menu, click App registrations
  4. Click New application registration

 

 

 

  1. Enter a name for the new app (we recommend AppsAnywhere)
  2. Leave the Application type value as Web app / API
  3. Enter the address of your AppsAnywhere site, including the /sso path in the Sign-on URL box
  4. Click Create

Something To Note

You should only be setting up Azure AD SSO with a production environment, so be sure to use your secure, certified, load balanced address for the Sign-on URL

You will then be directed back to the App registrations screen where you should now see your app in the list.

  1. Click on the AppsAnywhere app you have just created
  2. Make a note of the Application ID displayed in the main pane
  3. On the right-hand menu, click Keys

Another pane will then open where you can create a key that S2Hub will use to authenticate with Azure.

  1. To create a new key, enter appsanywhere into the Key description box in the Description column
  2. Change the duration to Never Expires
  3. Click Save
  4. Make a note of the Value displayed. This will not be available once you leave this screen.

Something To Note

No, that is not our actual key...

Configuring SSO

Now that you have set up Azure to accept communications from S2Hub, you are ready to configure S2Hub to authenticate with Azure.

  1. Log into AppsAnywhere as a user with admin privileges
  2. Click on Return to Admin to access the admin UI
  3. Click on Settings > Single Sign-On Settings
  4. Complete the form as described in the table below
  5. Click Submit

You will then see the notification that the settings have been saved 

If you see an error message instead, contact the support team.

Required Fields

The following fields apply to the Azure AD SSO settings:

Field NameDescriptionIntended ValueExample
Login BehaviourDetermines how and when you want your users to be presented with the Azure login"Manual Redirect" will add a "Login with Office 365" option to the standard login form. "Automatic Redirect" will automatically redirect any user that is not already logged in straight to the Office 365 login page for authentication. "Manual and Automatic Redirect" will offer both options to the user.We imagine most customers will wish to use "Manual and Automatic Redirect"
Client IDThe identifier for the Azure application that you defined in the previous sectionThe "Application ID" value that you made a note of when creating the App registration in Azure95a4e352-8ede-4422-9202-cec15b5edde4
Client SecretThe authentication token that S2Hub uses to communicate with AzureThe key you created against your App registration in Azure in the previous stepspSfTi9sDpBcJ/RCbCf6z/bF2x391GD4cWrGFx1JiMjc=
Short Domain NameThe domain identifier for where user information can be found for users that authenticated with AzureIn order for S2Hub to know which of your LDAP domains it should query for user information when they login through Azure, you should enter the short domain for your LDAP connection, ensuring that it matches one defined in S2HubAPPSANYWHERE

 

 

Creating an Office 365 Tile

One of the big benefits of having Azure AD SSO is that you can now advertise your AppsAnywhere portal as a tile on your institution's Office 365 menu. 

Setting this up is incredibly simple if you follow the instructions below:

  1. Log into your Office 365 Admin interface as an administrator
  2. On the left-hand menu go to Settings > Organization profile
  3. Look for the (possibly 4th) section on the page titled Add customer tiles for your organization
  4. Click Edit

A dialog box will open where any existing custom tiles are listed and you will have the ability to add a new tile.

  1. Click Add a custom tile

You will now see a dialog that allows you to set up your new tile. Enter the information required as follows:

  1. Enter AppsAnywhere as your Tile name
  2. Enter the production-ready, secure, certificated, load-balanced URL of your AppsAnywhere portal in the URL box
  3. Give the tile a Description that your users will see when they hover over the tile
  4. Enter the public URL of an image you wish to use for the tile for the Image URL
  5. Click Save

Useful Tip

We have created a tile-sized version of the AppsAnywhere logo that you can use if you wish, the URL is:

https://1bdb4cc9b0722bc205a3-77fabbc4511a62a47f7610ad5c7c4e62.ssl.cf3.rackcdn.com/images/appsanywhere-office365-tile.png

Your users will now see the AppsAnywhere tile on their Office 365 menu and be able to move straight into AppsAnywhere without having to re-authenticate.


 

Some other articles you might find useful: