Please note: Changing the login method to identity provider involves permanently deleting all existing members. Your team members will be automatically added to GoodAcces upon their first login. Currently added devices will be retained.
In case you have problem with login in with SSO (white page; Error: not_a_saml_app) try to clear your cookies and caches, then try to log in with SSO again. If the problem persists, please contact our support.
Step 1
In the GoodAccess Control Panel, go to Settings, switch to the Login & Security tab and click on Azure.
Step 2
Gather the following details to be used later:
Entity ID
Assertion Consumer Service URL
Login URL
Relay State
Step 3
Create your application in Azure - Enterprise Applications
Step 4
Enter the name and choose "Integrate any other application you don't find in the gallery (Non-gallery)".
Step 5
Open your new app and continue with the single sign-on and SAML.
Step 6
Open the Basic SAML Configuration and enter the details from step 2:
Identifier (Entity ID) - Service Provider Links Entity ID
Reply URL (Assertion Consumer Service URL) - Assertion Consumer Service URL
Sign on URL - https://sign.goodaccess.com/
Relay State - "/" (enter slash)
Delete automatically added URL from Identifier (Entity ID)
Don't forget to Save.
Step 7
Continue with Edit User Attributes & Claims and edit following:
USER.MAIL
Name - Enter "email"
Namespace - Leave blank
Source - Choose Attribute
Source Attribute - Enter "user.mail"
USER.PRINCIPALNAME
Name - Enter "name"
Namespace - Leave blank
Source - Choose Attribute
Source attribute - Enter "user.userprincipalname"
Step 8
Download the Azure certificate and gather the Login URL and Azure AD Identifier for the next step.
Step 9
In the GoodAccess Control Panel enter the following details from the previous step: