SSO authentication

Concerned products

✅ Attract ✅ Engage ✅ Convert ✅ Predict

Microsoft (MS365 & Azure AD)

✅ Supported

Google (G Suite)

🔳 Not supported

Introduction

This document describes how to configure your enterprise connections to start using Single Sign-On (SSO) to Adway services.

Microsoft (MS365 & Azure AD)

This section describes how to configure Azure Active Directory (AAD) in order to connect to Adway using Single Sign-On (SSO). Simply follow the sections below as a step-by-step guide, and everything that is needed to connect your organization should be done.

1. Create an app

Visit your Azure Portal → Azure Active Directory → App Registration and then click ”New Registration” and you will be presented with the following screen:

• In the ”Name” field, enter the application name (ex: Adway SSO Connection).

• In the ”Who can use this application or access this API?” field, select ”Accounts in this organizational directory only (Single tenant)”

• In the ”Redirect URI” field, select ”Web” from the type dropdown menu and set the redirect URI to "https://adway-connect.eu.auth0.com/login/callback".

• Once done, click ”Register”

2. Create access token

Once the application has been created from the previous section, the next page will show your current settings:

From here, take note of your “Application (client) ID” field value.

Navigate to “Certificates & secrets” on the left-hand menu and click on “New client secret”.

• You can give the new token any name

• You can set an expiration based on your internal AAD security guidelines

• Once done, click “Add”

The new token will now be shown. Note its “Value” down somewhere safe since this is the only time you will be able to access it.

3. Set API Permissions

Navigate to API permissions and add the following permissions

• Directory.Read.All - Allows the app to read data in your organization's directory, such as users, groups and apps. This is used to read the groups which will be created in the next step.

• User.Read - Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.

4. Create ad groups and add users

To decide which of your users that should have access to our system, you need to create two AD groups, one for "users" and one for "recruiters", these groups are used for permission level control. Users who have not been added to either of these groups will not be able to login.

• adway-recruiterwill give the user access to the campaigns for which they are the responsible for.

• adway-user will give the user access to all campaigns and the Insights page.

If your organisation has naming conventions for groups and the ones mentioned above cannot be used, you may create groups with compliant names but make sure to communicate what names they were given as part of the next step.

5. Share the required information with Adway

After you have completed the steps above, you need to share the following information with Adway which is needed for configuration on our side:

• Azure AD Domain

• Application (client) ID

• Access Token Value

• AD Group names if default names were not used