Login Start for Free

Custom SSO - Microsoft Azure Active Directory

GL Strings supports Custom SSO configuration with Microsoft Azure Active Directory.

As an add-on to the GL Strings Enterprise tier you have the option to connect with custom SSO (Single Sign On) providers Please get in touch for pricing details.

The following is an example if you want to use Azure Active Directory.

GL Strings Azure AD SSO Integration

  1. Sign in to the Azure portal. If your account is present in more than one Azure AD tenant:

    • Select your profile from the menu in the top right corner of the page then Switch directory.
    • Change your session to the Azure AD tenant where you want to create your application.

    step1.png

  2. Navigate to Azure Active Directory > App registrations to register your app. Select New registration.

    step2.png

  3. When the Register an application page appears, enter your app's registration information:

    • The Name section, can be filled out with any meaningful value eg GL Strings Web
    • In the Supported account types section, select Accounts in this organizational directory only (Default_Directory only - Single tenant) so only accounts in the current tenant can log in. You can choose a different option if it is required.
    • Select Register to create the app.

    step3.png

  4. On the app's Overview page, find the Application (client) ID and Directory (tenant) ID value and record them for later. You'll need to share these values with GL Strings. More on that later.

    step4.png

  5. Select Authentication under Manage on the left

    • Click the Add a platform button, and then select Web in the options provided to the right

    step5.png

  6. Redirect URIs and token type

    • In the Redirect URIs and Front-channel logout URL sections enter the following 2 redirect URIs: https://dashboard.applanga.com/auth/microsoft/callback and https://dashboard.globallinkstrings.com/auth/microsoft/callback
    • In the Implicit grant and hybrid flows section, check ID tokens
    • Select Configure.

    step6.png

  7. Next click the Certificates & secrets option on the left, in the Client secrets section, choose New client secret.

    • Enter a key description (for instance App secret).
    • Select a preferred duration e.g 12 months, 24 months, or Custom.
    • When you click the Add button, the key value will be displayed. Copy the key value and save it in a safe location.

    You'll need this key later to configure the application. This key value will not be displayed again, nor retrievable by any other means, so record it as soon as it is visible from the Azure portal.

    step7.png

  8. The newly generated secret should show up in the list of client secrets. Copy and store the secret value somewhere for the next step.

    step8.png

  9. Next you must grant Admin consent for the permissions required for the app to access a user's profile successfully. To do this click on API permissions on the left. In the page that opens find and click the button Grant admin consent for Default_Directory. Note that Default_Directory is the directory name of your current Azure AD tenant and may be different. Click Yes when prompted to confirm if you want to grant the requested consent.

    step8.png

  10. Please submit your SSO configuration details via this form

    • The form contains fields for your Application (Client) ID, Client secret, Directory (Tenant) ID, a list of domains that should be enabled for your Azure AD configuration and optionally a Session timeout which if specified will determine how long a login session should remain open before users are required to login again.
    • Alternatively and additionally you can provide a list of mail addresses if you want additional accounts to be added that do not belong to a domain.
    • Optionally, you can also provide a list of teams and users roles. Every SSO user newly signing up with GL Strings will be automatically added to these teams with the selected role. The user role and team assignment can be modified later if needed.
    • GL Strings will then need to redeploy your configuration which may take up to 2 weeks. The GL Strings team will confirm once SSO is available. If the change is urgent please let us know so we can expedite your request.
    • All signups completed prior to the SSO configuration deployment will be automatically converted upon their next login.

  11. To login with Azure AD on the GL Strings Dashboard click on the SSO Login link on the bottom of the login page. You will be redirected to the SSO login page. There, enter your domain or email address. This will redirect to the Microsoft account login page. If you are logged in with your account already, you will be redirected back to the GL Strings dashboard.

    step6.png

If you encounter any issues please email support@applanga.com.