Simplify password management, improve security, and log in seamlessly with Azure Active Directory SSO!
Note: Single sign-on with Microsoft Azure AD is available to Atera Superpower and Enterprise users.
How Azure Active Directory SSO and Atera work
Before activating Azure Active Directory SSO for your Atera account, you'll first need to set up your Azure Active Directory (AD) platform. This includes registering Atera within your Azure portal, creating a client secret, adding a URI, and creating a user. All these steps are described in this article. Once this is done, you'll be able to connect your Azure AD to Atera for a safe and seamless login experience.
Set up Azure Active Directory SSO
Before activating SSO for your Atera account, you'll need to configure your Azure AD platform settings.
Register Atera in Azure AD
To register Atera in Azure AD:
1. From the Azure portal, click App registrations.
The App registrations page appears.
2. Click New registration. The Register an application page appears.
3. Enter the Atera tenant name.
4. Select the account type.
5. Select Web from the dropdown list. Then enter "https://auth.atera.com/login/callback" in the redirect URI.
6. Click Register.
The Azure portal displays the Atera Overview pane, where you'll find your Client ID (under Essentials) — we'll be using this later!
Note: For more information on registering apps, see this article
Add client secret
To add a client secret:
1. From the Azure portal, go to App registrations.
2. Select the Atera tenant name.
3. Under Manage, click Certificate & secrets. The Certificates & secrets page appears.
4. Click New client secret. Then enter the description and select an expiration date from the Add a client secret slide-out modal.
5. Click Add.
The client secret appears within the Client secrets tab — we'll be using this later!
Note: For more information on client secrets, see this article
Create user
To create a user:
1. From the Azure portal, go to Azure Active Directory.
The Overview page appears.
2. Under Manage, click Users. The Users page appears.
3. Click + New user > Create new user. The New user page appears.
4. Under Select template, select the Create user radio button.
5. Under Identity, enter the following information:
-
User name: The user name is the identifier you'll enter to sign in to Azure AD.
Enter the username. Then select the domain name from the dropdown list. - Name: Enter the technician's full name.
- First name: Enter the technician's first name (optional).
- Last name: Enter the technician's last name (optional).
Note: Please ensure that the user name (including domain), first name, and last name align with the user's credentials within Atera. Otherwise, the connection will fail.
6. Click the Properties tab. Then scroll down to the Email field and enter the technician's email.
7. Click Review + create.
8. Review the new user properties. Then click Create.
Great stuff! You've configured your platform settings, added a client secret, and created a user. You can now activate SSO in Atera.
Activate Azure Active Directory SSO
Note:
- Only an Admin can activate Azure AD SSO.
- Activating Azure AD SSO will disable 2FA for all users on the account.
To activate single sign-on for your account:
1. From Admin (on the sidebar), click Security and Authentication.
The Security and Authentication page appears.
2. Click the Authentication dropdown icon ().
3. Select the Single sign-on (SSO) radio button.
4. Under SSO protocol, select Microsoft Azure AD.
5. Enter your Azure AD details:
- Microsoft Azure AD Domain: Enter the domain set up in your Azure AD account.
- Alias domain names: Enter any alternative domain names. To enter more than one, separate them using commas.
- Client ID: Enter the client ID generated when registering Atera in Azure AD. See how to generate a client ID
- Client Secret: Enter the client secret generated in your Azure AD account. See how to generate a client secret
- Redirect URL: Enter the Redirect URL you have stored within the app registration in your Azure AD account ("https://auth.atera.com/login/callback").
6. Click Save.
Nice! SSO is enabled for your account.
Deactivate Azure Active Directory SSO
Two-factor authentication is enabled by default. If you've enabled SSO, and you'd like to return to two-factor authentication, you can remove your SSO connection.
Note:
- Removing your SSO connection will delete all Azure-related information from Atera (Microsoft Azure AD Domain, Application (Client) ID, and Client Secret).
- Only an Admin can deactivate Azure AD SSO.
To deactivate Azure Active Directory SSO:
1. From Admin (on the sidebar), click Security and Authentication.
The Security and Authentication page appears.
2. Click the Authentication dropdown icon ().
3. Select the Two-factor authentication (2FA) radio button. A confirmation window appears.
4. Click Enable authentication app.
Two-factor authentication is enabled for all users on your account.