Links

Azure

This guide will show you how to integrate GoodAccess with Azure SSO.
This feature is available in the Premium plan and higher.
Please note: Changing the login method to identity provider will permanently delete all Members you invited. Your team Members will be automatically added to GoodAccess upon their first login. Manually added Members will stay.
Remember to grant your Azure users access permissions to GoodAccess. Users without them won't be able to log in.
You may set up Single Sign-On (SSO) in Control Panel > Settings > SSO & MFA > + Add Provider.

Step 1

Go to Azure > Enterprise Applications, click +New Application followed by Create your own application.
Enter a name and choose "Integrate any other application you don't find in the gallery (Non-gallery)".

Step 2

Delete the automatically pre-filled URL in Identifier (Entity ID).
Open your new app, go to Single Sign-On and SAML. Then open Basic SAML Configuration and copy the details from GoodAccess - (2) Service Provider Links.
  • Identifier - Entity ID
  • Reply URL - Assertion Consumer Service URL
  • Sign on URL - Login URL
  • Relay State - Relay State
Don't forget to Save.

Step 3

Continue with Edit User Attributes & Claims and edit the following:
USER.MAIL
USER.PRINCIPALNAME
Name
email
name
Namespace
Leave blank
Leave blank
Source
Attribute
Attribute
Source Attribute
user.mail
user.userprincipalname

Step 4

Download the Azure certificate, gather Login URL and Azure AD Identifier and copy them to GoodAccess - (3) Identity Provider Links.
  • Sign in URL - Login URL
  • Entity ID - Azure AD Identifier
  • X509 signing certificate - Azure certificate

Step 5

Now switch back to GoodAccess and click Continue, then Continue in the next dialog, and finally Submit.
Optionally you may enable automatic user provisioning - SCIM.
Last modified 1mo ago