SAML Single Sign-On (SSO) for Microsoft's Azure Active Directory (Azure AD)

Overview

Security Assertion Markup Language (SAML) stands as an open standard designed for the exchange of authorization data, facilitating seamless Single Sign-On (SSO) access across various applications through a unified authentication process. Gearbox provides SAML-based SSO integration with multiple service providers. This article will guide you through the configuration steps using Azure Active Directory (Azure AD).

Upon activation, users can access their accounts through SSO seamlessly.

You must have Azure Portal access and Gearbox administrative privileges to complete the below steps.

Supported Features

1. SP-initiated SSO

Setup

1. Click on the User Icon (1), then navigate to Settings (2)

SAML Single Sign-On - Admin Dashboard

2. In the sidebar, scroll down to Integrations (3)

3. Locate the SAML Single Sign-On panel and click on it to reveal the settings (1)

4. Enable SAML SSO (1) in Gearbox and click Save (2)

4. Log in to the Azure portal, go to Azure Active Directory, and click Enterprise Applications

5. Click New application to create an application for Gearbox. Azure AD Gallery is displayed

6. Click Create your own application (1) adding the Name of the application (2) and selecting the option to Integrate with any other application you don’t find in the gallery (Non-gallery) (3)

7. Once the application has been created, click Setup single sign-on (1)

8. Select single sign-on method SAML (1)

9. Copy App Federation Metadata URL (1) or Login URL (2) into Gearbox's SAML settings Identity provider metadata URL and Identity provider SSO URL.

1. Please note: Only one URL is needed for this integration to work. Login URL (2) is preferred since this is unlikely to change.
   

10. Download the Base64 certificate (3) and paste the file contents in Gearbox's SAML settings Identity provider certificate

11. Update Signing Option (4) to Sign SAML response and assertion

12. Copy and paste Gearbox's Metadata URL (1) into your browser's address bar to download the metadata file.

13. Upload the metadata file (1) to your Azure application SAML settings, saving the updated configurations

14. Update Attributes & Claims to the following

1. The additional claims "First Name" and "Last Name" are required if you're updating or creating users through SSO.
2. Make sure the required claim "Unique User Identifier (Name ID)" points to the user's email. That will be used to connect to the user in Gearbox.
   

15. To enable encrypted responses, which is required, upload Gearbox's X.509 certificate (1) to your Azure's application under Token Encryption (2) and Activate the encryption certificate (3)

1. Please note: This feature is only available for Azure AD Premium P1 and P2.
   

16. Add Users and groups (1) to configure the access policy

After completing these steps, visiting the Gearbox SSO URL should now connect users via Azure AD for authentication.

• Related Articles

• SAML Single Sign-On (SSO) for Active Directory Federation Service (ADFS)

  Overview Security Assertion Markup Language (SAML) stands as an open standard designed for the exchange of authorization data, facilitating seamless Single Sign-On (SSO) access across various applications through a unified authentication process. ...

• SAML Single Sign-On (SSO) for Okta

  SAML Single Sign-On (SSO) for Okta Overview Security Assertion Markup Language (SAML) stands as an open standard designed for the exchange of authorization data, facilitating seamless Single Sign-On (SSO) access across various applications through a ...

• Adding Vehicle Service Part(s)

  Overview Gearbox enables you to add service parts to an asset, ensuring that when a specific service type is selected, these parts are automatically included in the service job card. Please follow the steps below to learn how to add parts to an ...

• Two Factor Authentication (2FA)

  Overview Gearbox allows you to enable Two Factor Authentication (2FA) on your Gearbox account using the Microsoft, Google or other Authenticator apps for additional security of your account. If you have a preferred Authenticator application or do not ...

• Netcorp Integration

  Overview Gearbox seamlessly integrates with Netcorp via API every night to retrieve odometer and hourmeter readings. These readings play a crucial role in Gearbox for calculating Services Due and tracking running costs per hour/kilometre. Automatic ...