Help CenterSingle sign-on (SSO) enables secure and seamless access to your Service Portal for your end users. By configuring SSO for your Service Portal, you can allow your end users to use a single set of credentials, eliminating the need for multiple logins and improving their user experience. This article provides instructions on how to configure SSO for the Service Portal using either Microsoft Azure AD or an Identity Provider (IdP) of your choice that supports Security Assertion Markup Language (SAML).
Note:
- SSO for the Service Portal is available to Atera Enterprise users.
- Once Single Sign-On (SSO) is activated, email and password authentication will no longer be available for your end users
- This article assumes that you have already configured your Service Portal within Atera and that you have admin access to either Microsoft Azure AD or another SAML-compliant IdP. If you have not yet configured your Service Portal, please do so by following the steps outlined in this article
Set up Azure Active Directory SSO for your Service Portal
Configure Azure AD platform settings
Before activating SSO for your Atera account, you'll need to configure your Azure AD platform settings. This section describes:
- Registering Atera in Azure AD
- Configuring Azure AD platform settings
- Adding a client secret
- Creating a user
To register the Atera Service Portal in Azure AD:
1. From the Azure portal, click App registrations.
The App registrations page appears.
2. Click New registration. The Register an application page appears.
3. Enter the Atera Service Portal tenant name (e.g., Atera-Service-Portal-SSO).
4. Select Multi Tenant as the account type.
5. Select Web from the dropdown list. Then enter "https://aterausersportal.firebaseapp.com/__/auth/handler" in the redirect URI.
6. Click Register.
After clicking Register, the Azure portal displays the app registration's overview pane. This is where you'll see the Application (client) ID which uniquely identifies your application in the Microsoft identity platform. We'll be using the Application (client) ID later when we configure SSO for the Service Portal within Atera.
Note: For more information on registering apps, see this article
To configure Azure AD platform settings:
1. From the Azure portal, click App registrations.
2. Select the Atera tenant name.
3. Under Manage, click Authentication. The Authentication page appears.
4. Under Platform configurations, click Add a platform. Then select Web from the Configure platforms slide-out modal.
The Configure Web slide-out modal appears.
5. Under Redirect URIs, enter: "https://aterausersportal.firebaseapp.com/__/auth/handler"
6. Click Configure.
To add a client secret:
1. From the Azure portal, go to App registrations.
2. Select the Atera Service Portal tenant name.
3. Under Manage, click Certificate & secrets. The Certificates & secrets page appears.
4. Click New client secret. Then enter the description and select an expiration date from the Add a client secret slide-out modal.
5. Click Add.
The client secret appears within the Client secrets tab. It's essential to store this password right away as it won't be visible after you exit the page. We'll be using the client secret later when we configure SSO for the Service Portal within Atera.
Note: For more information on client secrets, see this article
To create a user:
1. From the Azure portal, go to Azure Active Directory.
The Overview page appears.
2. Under Manage, click Users. The Users page appears.
3. Click + New user > Create new user. The New user page appears.
4. Under Select template, select the Create user radio button.
5. Under Identity, enter the following information:
-
User name: The user name is the identifier that will be entered to sign in to Azure AD.
Enter the username. Then select the domain name from the dropdown list. - Name: Enter the user's full name.
- First name: Enter end user's first name (optional).
- Last name: Enter end user's last name (optional).
Important: For a successful connection, the username (including domain), first name, and last name must match the user's credentials in the Atera Service Portal. Any discrepancies can cause the connection to fail. To ensure consistency, consider importing users from Azure AD into Atera by following the steps in this article
6. Click Create.
Great stuff! You've configured your platform settings, added a client secret, and created a user. You can now activate SSO in Atera.
Activate Azure AD SSO for the Service Portal in Atera
Note: Only an Admin can activate Azure AD SSO for the Service Portal.
To activate Azure AD single sign-on for your Service Portal in Atera:
1. From Admin (on the sidebar), click Service Portal. The Service Portal configuration page appears.
2. Click Single sign-on (SSO) on the left-hand menu. The SSO page appears.
3. Click the toggle to enable single sign-on for your Service Portal.
4. Select Microsoft Azure AD as your Authentication provider.
5. Enter your Microsoft Azure AD details:
- Client ID: Enter the client ID generated when registering the Service Portal in Azure AD. See how to generate a client ID
- Client Secret: Enter the client secret generated in your Azure AD account. See how to generate a client secret
- Redirect URL: This is the Reply URL we added to your SSO configuration in Azure AD above. There are no additional actions to take here.
6. Click Save.
That's it! SSO should now be enabled for your Service Portal. The next time users log in to the Service Portal, they will be prompted to do so using the Azure AD SSO authentication method.
Set up SSO with a SAML-compliant IdP for your Service Portal
Configure IdP platform settings
Before proceeding with the Single Sign-On (SSO) setup for the Atera Service Portal, you must first configure your SAML-compliant platform settings. To configure SAML SSO via Azure AD, please follow these instructions. For an example of how to configure other SAML-compliant IdPs, please follow the instructions in this article and then return here to complete the process for enabling SSO.
Configure SAML SSO in your IdP
Once you have configured your IdP platform settings, you can enable SAML single sign-on for the Service Portal in your IdP. We provide a comprehensive explanation of this process using Azure AD as our IdP example.
1. Log in to the Azure Portal with your credentials and navigate to Azure Active Directory.
The Overview page appears.
2. Under Manage, click Enterprise Applications.
The Enterprise Applications page appears.
3. Click New application. The Azure AD app gallery appears.
4. Click Create your own application. The Create your own application window appears.
5. Enter a name for your Service Portal. Then, under What are you looking to do with your application? select 'Integrate any other application you don't find in the gallery (Non-gallery). When you're finished, click Create.
You will be redirected to the Overview page for the enterprise application you just added.
6. Under Getting started, click Set up single sign on (or, under Manage, click Single sign-on). The Single sign-on page appears.
7. Click SAML. The SAML-based Sign-on page appears.
8. Click the edit icon()˛ next to 1. Basic SAML Configuration. The Basic SAML Configuration window appears.
9. Click Add identifier and enter the following: https://www.atera.com/saml2/service-provider/Atera
10. Click Add reply URL and enter the following: https://aterausersportal.firebaseapp.com/__/auth/handler
11. Click the Save icon () at the top of the window.
Great! You're now ready compete the Azure AD SSO setup for the Service Portal within Atera.
Activate SAML-based SSO for the Service Portal in Atera
Note: Only an Admin can activate SAML-based SSO for the Service Portal.
To activate SAML-based single sign-on for your Service Portal in Atera:
1. From Admin (on the sidebar), click Service Portal. The Service Portal configuration page appears.
2. Click Single sign-on (SSO) on the left-hand menu. The SSO page appears.
3. Click the toggle to enable single sign-on for your Service Portal.
4. Select SAML as your Authentication provider.
5. Enter the following details:
- Entity ID: Enter the Application ID identifier from your SAML-compliant IdP.
- SSO URL: Enter the Login URL from your SAML-compliant IdP.
- Public key certificate: Enter the public key certificate downloaded from your SAML-compliant IdP (Base64).
- Service provider entity ID: Enter the following URL: https://www.atera.com/saml2/service-provider/Atera
- Redirect URL: This is the URL we pasted into the IdP earlier. No further action is required here.
You can refer to the photo below for a visual representation of how the fields are mapped from the IdP to what you need to input into Atera:
6. When you're finished, click Save.
That's it! SSO should now be enabled for your Service Portal. The next time users log in to the Service Portal, they will be prompted to do so using the SAML SSO authentication method.
For more information on configuring SAML-based SSO for the Atera Service Portal, see this article
Dana Grob Seligman