Azure
Please note: Changing the login method to identity provider involves permanently deleting all existing members. Your team members will be automatically added to GoodAcces upon their first login. Currently added devices will be retained.
In case you have problem with login in with SSO (white page; Error: not_a_saml_app) try to clear your cookies and caches, then try to log in with SSO again. If the problem persists, please contact our support.

Step 1

In the GoodAccess Control Panel, go to Settings, switch to the Login & Security tab and click on Azure.

Step 2

Gather the following details to be used later:
  • Entity ID
  • Assertion Consumer Service URL
  • Login URL
  • Relay State

Step 3

Create your application in Azure - Enterprise Applications

Step 4

Enter the name and choose "Integrate any other application you don't find in the gallery (Non-gallery)".

Step 5

Open your new app and continue with the single sign-on and SAML.

Step 6

Open the Basic SAML Configuration and enter the details from step 2:
  • Identifier (Entity ID) - Service Provider Links Entity ID
  • Reply URL (Assertion Consumer Service URL) - Assertion Consumer Service URL
  • Sign on URL - https://sign.goodaccess.com/
  • Relay State - "/" (enter slash)
Delete automatically added URL from Identifier (Entity ID)
Don't forget to Save.

Step 7

Continue with Edit User Attributes & Claims and edit following:
USER.MAIL
  • Name - Enter "email"
  • Namespace - Leave blank
  • Source - Choose Attribute
  • Source Attribute - Enter "user.mail"
USER.PRINCIPALNAME
  • Name - Enter "name"
  • Namespace - Leave blank
  • Source - Choose Attribute
  • Source attribute - Enter "user.userprincipalname"

Step 8

Download the Azure certificate and gather the Login URL and Azure AD Identifier for the next step.

Step 9

In the GoodAccess Control Panel enter the following details from the previous step:
  • Sign in URL - Login URL
  • Entity ID - Azure AD Identifier
  • X509 Signin certificate - Upload Azure certificate
Don't forget to Save Changes.

Step 10

You can now connect with Azure SSO.