Links
Comment on page

Azure

This guide will show you how to integrate GoodAccess with Azure SSO/SCIM.
This feature is available in the Premium plan and higher.
Please note: Changing the login method to identity provider will permanently delete all Members you invited. Your team Members will be automatically added to GoodAccess upon their first login. Manually added Members will stay.
Remember to grant your Azure users access permissions to GoodAccess. Users without them won't be able to log in.

Step 1 - Adding a new identity provider

Click + Add provider, enter the Provider name, choose your Identity Provider, and click Continue.

Step 2 - Setting up Single Sign-On with SAML

Log in to Azure, and go to Enterprise applications (you can use the searchbar).
Click + New application, and + Create your own application.
Give the application a name, choose Integrate any other application you don't find in the gallery (Non-gallery), and click Create.
In your new application go to Single Sign-On > SAML.

1. Basic SAML Configuration

Click Edit, and copy the details from GoodAccess - (2) GoodAccess links.
  • Identifier - Entity ID
  • Reply URL - Assertion Consumer Service URL
  • Sign on URL - Login URL
  • Relay State - Relay State
Return to GoodAccess, and click Continue.
Return to Azure, and click Save.

2. Attributes & Claims

Click Edit, and edit claims with the value user.mail and user.userprincipalname.

User.mail

  • Name - "email" (without quotes)
  • Namespace - Delete pre-filled URL

User.userprincipalname

  • Name - "name" (without quotes)
  • Namespace - Delete pre-filled URL
Don't forget to Save.

3. SAML Certificates

Download the Certificate (Base64), and open it with a text editor (e.g. Notepad).

4. Set up GoodAccess

Copy the details to GoodAccess - (3) Identity Provider links, and click Continue.
  • Sign in URL - Login URL
  • Entity ID - Microsoft Entra ID Identifier
  • X509 signing certificate - Copy the certificate from the text editor
If you don't want to setup SCIM, skip the next step in GoodAccess, and click Submit to finish the configuration.
You have now successfully set up your Azure SSO with GoodAccess.

Step 3 (optional) - Setting up SCIM

In the application, go to Provisioning > Provisioning, and set Provisioning mode to Automatic.
Expand Admin Credentials, and copy the URL and Token from GoodAccess - (4) User provisioning (SCIM).
Return to GoodAccess, and click Continue, and Submit.
Return to Azure, and click Save to confirm your settings.

1. (optional) Removing groups from provisioning

Open Mappings, and select Provision Azure Active Directory Groups.
Switch the Enabled button to No, and click Save.

2. Starting the provisioning

Go to Overview, and click Start provisioning.
The whole provisioning process will take around 20 minutes to complete depending on the amount of members and groups being added.
You have now successfully set up Azure SCIM with GoodAccess.

Step 4 - Managing user access

In the application, go to Users and groups, and click + Add user/group.
Choose who should have access, and click Assign.