Single sign-on (SSO) enables secure and seamless access to your Service Portal for your end users. By configuring SSO for your Service Portal, you can allow your end users to use a single set of credentials, eliminating the need for multiple logins and improving their user experience. This article provides instructions on how to configure SSO for the Service Portal using either Microsoft Azure AD or an Identity Provider (IdP) of your choice that supports Security Assertion Markup Language (SAML).
Single sign-on (SSO) enables secure and seamless access to your Customer Portal for your end users. By configuring SSO for your Customer Portal, you can allow your customers to use a single set of credentials, eliminating the need for multiple logins and improving their user experience. This article provides instructions on how to configure SSO for the Customer Portal using either Microsoft Azure AD or an Identity Provider (IdP) of your choice that supports Security Assertion Markup Language (SAML).
Note:
- SSO for the Service Portal is available to Atera Enterprise users.
- SSO for the Customer Portal is available to Atera Superpower users.
- Once Single Sign-On (SSO) is activated, email and password authentication will no longer be available for your end users.
- This article assumes that you have already configured your Service Portal within Atera and that you have admin access to either Microsoft Azure AD or another SAML-compliant IdP. If you have not yet configured your Service Portal, please do so by following the steps outlined in this article
- This article assumes that you have already configured your Customer Portal within Atera and that you have admin access to either Microsoft Azure AD or another SAML-compliant IdP. If you have not yet configured your Customer Portal, please do so by following the steps outlined in this article
- To ensure SSO works correctly, make sure Popups are enabled in your browser.
Set up Azure Active Directory SSO for your Service Portal
Set up Azure Active Directory SSO for your Customer Portal
Configure Azure AD platform settings
Before activating SSO for your Atera account, you'll need to configure your Azure AD platform settings.
To register the Atera Service Portal in Azure AD:
To register the Atera Customer Portal in Azure AD:
1. From the Azure portal, click App registrations.
The App registrations page appears.
2. Click New registration. The Register an application page appears.
3. Enter the Atera Service Portal tenant name (e.g., Atera-Service-Portal-SSO).
3. Enter the Atera Customer Portal tenant name (e.g., Atera-Customer-Portal-SSO).
4. Select Multi Tenant as the account type.
5. Select Web from the dropdown list. Then enter "https://aterausersportal.firebaseapp.com/__/auth/handler" in the redirect URI.
6. Click Register.
After clicking Register, the Azure portal displays the app registration's overview pane. This is where you'll see the Application (client) ID, which uniquely identifies your application in the Microsoft identity platform. We'll be using the Application (client) ID later when we configure SSO for the Service Portal within Atera.
After clicking Register, the Azure portal displays the app registration's overview pane. This is where you'll see the Application (client) ID, which uniquely identifies your application in the Microsoft identity platform. We'll be using the Application (client) ID later when we configure SSO for the Customer Portal within Atera.
Note: For more information on registering apps, see this article
To configure Azure AD platform settings:
1. From the Azure portal, click App registrations.
2. Select the Atera tenant name.
3. Under Manage, click Authentication. The Authentication page appears.
4. Under Platform configurations, click Add a platform. Then select Web from the Configure platforms slide-out modal.
The Configure Web slide-out modal appears.
5. Under Redirect URIs, enter: "https://aterausersportal.firebaseapp.com/__/auth/handler"
6. Click Configure.
Nice! Platform configured.
To add a client secret:
1. From the Azure portal, go to App registrations.
2. Select the Atera Service Portal tenant name.
2. Select the Atera Customer Portal tenant name.
3. Under Manage, click Certificate & secrets. The Certificates & secrets page appears.
4. Click New client secret. Then enter the description and select an expiration date from the Add a client secret slide-out modal.
5. Click Add.
The client secret appears within the Client secrets tab. It's essential to store this password right away as it won't be visible after you exit the page. We'll be using the client secret later when we configure SSO for the Service Portal within Atera.
The client secret appears within the Client secrets tab. It's essential to store this password right away as it won't be visible after you exit the page. We'll be using the client secret later when we configure SSO for the Customer Portal within Atera.
Note: For more information on client secrets, see this article
To create a user:
1. From the Azure portal, go to Azure Active Directory.
The Overview page appears.
2. Under Manage, click Users. The Users page appears.
3. Click + New user > Create new user. The New user page appears.
4. Under Select template, select the Create user radio button.
5. Under Identity, enter the following information:
-
User name: The user name is the identifier that will be entered to sign in to Azure AD.
Enter the username. Then select the domain name from the dropdown list. - Name: Enter the user's full name.
- First name: Enter end user's first name (optional).
- Last name: Enter end user's last name (optional).
Important: For a successful connection, the username (including domain), first name, and last name must match the user's credentials in the Atera Service Portal. Any discrepancies can cause the connection to fail. To ensure consistency, consider importing users from Azure AD into Atera by following the steps in this article
Important: For a successful connection, the username (including domain), first name, and last name must match the user's credentials in the Atera Customer Portal. Any discrepancies can cause the connection to fail. To ensure consistency, consider importing users from Azure AD into Atera by following the steps in this article
6. Click Create.
Great stuff! You've configured your platform settings, added a client secret, and created a user. You can now activate SSO in Atera.
Activate Azure AD SSO for the Service Portal in Atera
Activate Azure AD SSO for the Customer Portal in Atera
Note: Only an Admin can activate Azure AD SSO for the Service Portal.
Note: Only an Admin can activate Azure AD SSO for the Customer Portal.
To activate Azure AD single sign-on for your Service Portal in Atera:
To activate Azure AD single sign-on for your Customer Portal in Atera:
1. Go to Admin > Employee service > Service Portal. The Service Portal configuration page appears.
1. Go to Admin > Customer service > Customer Portal. The Customer Portal configuration page appears.
2. Click Single sign-on (SSO) on the left-hand menu. The SSO page appears.
3. Click the toggle to enable single sign-on for your Service Portal.
3. Click the toggle to enable single sign-on for your Customer Portal.
4. Select Microsoft Azure AD as your Authentication provider.
5. Enter your Microsoft Azure AD details:
- Client ID: Enter the client ID generated when registering the Service Portal in Azure AD. See how to generate a client ID
- Client Secret: Enter the client secret generated in your Azure AD account. See how to generate a client secret
- Redirect URL: This is the Reply URL we added to your SSO configuration in Azure AD above. There are no additional actions to take here.
6. Click Save.
That's it! SSO should now be enabled for your Service Portal. The next time users log in to the Service Portal, they will be prompted to do so using the Azure AD SSO authentication method.
That's it! SSO should now be enabled for your Customer Portal. The next time users log in to the Customer Portal, they will be prompted to do so using the Azure AD SSO authentication method.
Set up SSO with a SAML-compliant IdP for your Service Portal
Set up SSO with a SAML-compliant IdP for your Customer Portal
Configure IdP platform settings
Before proceeding with the Single Sign-On (SSO) setup for the Atera Service Portal, you must first configure your SAML-compliant platform settings. To configure SAML SSO via Azure AD, please follow these instructions. For an example of how to configure other SAML-compliant IdPs, please follow the instructions in this article and then return here to complete the process for enabling SSO.
Before proceeding with the Single Sign-On (SSO) setup for the Atera Customer Portal, you must first configure your SAML-compliant platform settings. To configure SAML SSO via Azure AD, please follow these instructions. For an example of how to configure other SAML-compliant IdPs, please follow the instructions in this article and then return here to complete the process for enabling SSO.
Configure SAML SSO in your IdP
Once you have configured your IdP platform settings, you can enable SAML single sign-on for the Service Portal in your IdP. We provide a comprehensive explanation of this process using Azure AD as our IdP example.
Once you have configured your IdP platform settings, you can enable SAML single sign-on for the Customer Portal in your IdP. We provide a comprehensive explanation of this process using Azure AD as our IdP example.
1. Log in to the Azure Portal with your credentials and navigate to Azure Active Directory.
The Overview page appears.
2. Under Manage, click Enterprise Applications.
The Enterprise Applications page appears.
3. Click New application. The Azure AD app gallery appears.
4. Click Create your own application. The Create your own application window appears.
5. Enter a name for your Service Portal. Then, under What are you looking to do with your application? select 'Integrate any other application you don't find in the gallery (Non-gallery). When you're finished, click Create.
5. Enter a name for your Customer Portal. Then, under What are you looking to do with your application? select 'Integrate any other application you don't find in the gallery (Non-gallery). When you're finished, click Create.
You will be redirected to the Overview page for the enterprise application you just added.
6. Under Getting started, click Set up single sign on (or, under Manage, click Single sign-on). The Single sign-on page appears.
7. Click SAML. The SAML-based Sign-on page appears.
8. Click the edit icon()˛ next to 1. Basic SAML Configuration. The Basic SAML Configuration window appears.
9. Click Add identifier and enter the following: https://www.atera.com/saml2/service-provider/Atera
10. Click Add reply URL and enter the following: https://aterausersportal.firebaseapp.com/__/auth/handler
11. Click the Save icon () at the top of the window.
Great! You're now ready compete the Azure AD SSO setup for the Service Portal within Atera.
Great! You're now ready compete the Azure AD SSO setup for the Customer Portal within Atera.
Activate SAML-based SSO for the Service Portal in Atera
Activate SAML-based SSO for the Customer Portal in Atera
Note: Only an Admin can activate SAML-based SSO for the Service Portal.
Note: Only an Admin can activate SAML-based SSO for the Customer Portal.
To activate SAML-based single sign-on for your Service Portal in Atera:
To activate SAML-based single sign-on for your Customer Portal in Atera:
1. Go to Admin > Employee service > Service Portal. The Service Portal configuration page appears.
1. Go to Admin > Customer service > Customer Portal. The Customer Portal configuration page appears.
2. Click Single sign-on (SSO) on the left-hand menu. The SSO page appears.
3. Click the toggle to enable single sign-on for your Service Portal.
3. Click the toggle to enable single sign-on for your Customer Portal.
4. Select SAML as your Authentication provider.
5. Enter the following details:
- Entity ID: Enter the Application ID identifier from your SAML-compliant IdP.
- SSO URL: Enter the Login URL from your SAML-compliant IdP.
- Public key certificate: Enter the public key certificate downloaded from your SAML-compliant IdP (Base64).
- Service provider entity ID: Enter the following URL: https://www.atera.com/saml2/service-provider/Atera
- Redirect URL: This is the URL we pasted into the IdP earlier. No further action is required here.
You can refer to the photo below for a visual representation of how the fields are mapped from the IdP to what you need to input into Atera:
6. When you're finished, click Save.
That's it! SSO should now be enabled for your Service Portal. The next time users log in to the Service Portal, they will be prompted to do so using the SAML SSO authentication method.
That's it! SSO should now be enabled for your Customer Portal. The next time users log in to the Customer Portal, they will be prompted to do so using the SAML SSO authentication method.
For more information on configuring SAML-based SSO for the Atera Service Portal, see this article
For more information on configuring SAML-based SSO for the Atera Customer Portal, see this article
Important notes: Depending on the provider, you might also need to fill in fields that appear as optional. We recommend always reading the vendor's documentation to ensure all fields are properly filled in when creating connections for SAML. For example, with OneLogin, you will need to fill in the Recipient field, which should be the same as the ACS validator.