Overview: This article provides a walkthrough for configuration Azure AD as an identity provider for Tenfold Single Sign-On (SSO).
Tenfold SSO Configuration with Azure AD
To configure SSO with Azure AD as the Identity Provider for Tenfold, follow these updated steps:
Navigate to Enterprise Applications in Azure AD:
- In the Azure AD Admin Console, go to Azure Active Directory > Enterprise Applications.
Add a New Application:
- Click on + New Application and select Create your own application.
- Enter the name of the application (e.g., Tenfold) and choose Integrate any other application you don't find in the gallery (Non-Gallery). Then click Create.
Configure Single Sign-On (SSO) using SAML:
- In the left-hand menu under your newly created application, click Single sign-on.
- Select SAML as the single sign-on method.
Edit Basic SAML Configuration:
Update User Attributes and Claims:
- In the User Attributes & Claims section, click the pencil icon to edit.
- Find Name Identifier (NameID) and click the pencil icon next to it.
- For Source Attribute, select
user.mail
from the dropdown, then click Save.
Configure SAML Signing Certificate:
- In the SAML Signing Certificate section, download the Federation Metadata XML file by clicking Download next to it.
Assign Users to the Application:
- Go back to the main application screen, and under Manage, select Users and groups.
- Click + Add user/group to assign users who need to use Azure SSO for Tenfold.
- Select the users, click Select, then click Assign.
Upload Federation Metadata XML to Tenfold:
- In the Tenfold dashboard, navigate to the Single Sign-On configuration page.
- Set the Domain to the desired value (e.g., acme.org or tenfold.acme).
- Click Upload file, and select the Federation Metadata XML file downloaded from step 6.
- Click Save.
Final Testing:
- You can now use Azure AD to authenticate Tenfold. After completing this setup, users can log in using Azure AD SSO, and multi-factor authentication (MFA) can be enforced based on your Azure AD policies.