Configuring SSO via the Enhanced Web Interface: Microsoft Azure

Configuring SSO via the Enhanced Web Interface: Microsoft Azure

Configuring SSO via the Enhanced Web Interface: Microsoft Azure

2025-02-05

Version 1.1


Prerequisites

If you don't have an account in Azure AD, you can register for a free account here: https://azure.microsoft.com/

Obtain the redirectUri for the account by adding your account ID at the end of the below redirectUri:

https://auth.eagleeyenetworks.com/login/oauth2/code/<account ID>

Configure a new application in Azure AD


  1. Log in to the Azure console (https://portal.azure.com/#home) and navigate to Manage Microsoft Entra ID (previously known as Azure ID).

  2. Go to App Registrations in the left panel and create a new registration.

  3. Provide the following information under the Register an Application wizard:

    1. Name the application.

  1. Set the Supported Account Type to Accounts in this Organizational Directory Only.

  1. Use the redirectURI as obtained in Prerequisites.


  1. On the Application Overview screen, create a client credential using the
    Add a Certificate or Secret option. 





  1. Click New Client Secret.


  1. Enter a description of the secret and an expiration date.




  1. Copy the Value field to a text file and save it.


IMPORTANT: This is the Client Secret cannot be retrieved again after leaving the screen.

 

You can find the Application (Client) ID on this screen as well.




  1. Navigate to the API Permissions on the left panel and select Add a Permission.





 Select the Microsoft Graph API.


  1. Add Email and OpenId permissions.



  1. Navigate to Token Configuration from the left panel and click Add Optional Claim.




  1. In the Add Optional Claim wizard, select Adding verified_primary_email is optional.








  1. You can also update the consent page using the "Branding & Properties" tab in the left panel.

  2. Assign users to the application. Navigate to ”Home > Manage Microsoft Entra ID > Enterprise Applications” and select your application. Go to "Assign Users and Groups" and assign users as shown below to the application. 








Configure SP-initiated SSO settings for Azure Active Directory

Use the instructions in this section to configure the organizational Microsoft SSO.

1. Update the "Client ID" (Application (client) ID) and "Client Secret" with values you got from the Azure AD application created in Prerequisites


2. You can find the <tenant-id> on the Overview page.

SP initiated SSO flow:

Test logging in to the application:

  1. Provide a non-admin user account at the identifier-first page.

  2. Login with Azure AD and provide consent.

AlertEnsure you have the same user on the Azure AD side.

IDP-initiated SSO flow,

  1. Update the homepage URL in Branding & Properties as follows:

https://auth.<domain-branding>/sso?issuer=<registration-id>&target_link_uri=<webapp-url>.

Infowebapp-url can be https://webapp.eagleeyenetworks.com (Based on the domain branding you can use different values for this. Make sure values are URL encoded.)


Ex: https://auth.eagleeyenetworks.com/sso?issuer=00032511&target_link_uri=https://webapp.eagleeyenetworks.com

  1. Then navigate to the Enterprise application tab as previously done and select your application

  2. Click Manage.

  3. Select Properties

  4. Update Visible to users to Yes.

IDP initiated SSO flow:

  1. Go to https://myapplications.microsoft.com?tenantId=<tenant-id>.

  2. Log in with a user from your EEN account.

  3. Click Your Application.

    • You should be redirected to your application for sign-in.

Configure auto-user provisioning for Azure AD

  1. Select Add new users if they do not already exist.

  2. Click Save Changes.

IDP initiated SSO with auto user provisioning flow:

Test logging in to the application:

  1. Go to https://myapplications.microsoft.com?tenantId=<tenant-id>.

  2. Log in with a user that does not have an EEN account.

  3. Click Application.

    • You should be redirected to the application and auto-provisioned.


Info


For support please email: support@een.com 

or give us a call at: 512-473-0501

Eagle Eye Knowledge Base

US: +1-512-473-0501 

EU: 31 (0) 20 26 10 461

ASIA PACIFIC: +81-(3)-6869-5477

#1 In Cloud Media Video Surveillance Worldwide

Copyright Eagle Eye Networks. All rights reserved.



    • Related Articles

    • Microsoft Azure SSO Integration: Classic WebApp

      Microsoft Azure SSO Integration 2024-05-14 Version 2.0 Description This guide is for configuring the integration of Microsoft Azure with an Eagle Eye VMS account. There are a few prerequisites before the account can utilize the feature: The Eagle Eye ...
    • Configuring SSO via the Enhanced Web Interface: Okta

      Configuring SSO via the Enhanced Web Interface: Okta 2025-02-05 Version 1.1 Description Single Sign On allows Users to easily log in to all their applications with the same credentials. Eagle Eye Networks supports the use of SSO applications for the ...
    • EE AN022 Configuring SSO in the Eagle Eye Cloud VMS Enhanced Web Interface

      EE AN022 Configuring SSO in the Eagle Eye Cloud VMS Enhanced Web Interface SSO Configuration Click the banner to view the full Application Note. This application note is intended for users of the Eagle Eye Cloud VMS, and specifically those using the ...
    • EE AN014 Implementing SSO in the Eagle Eye Cloud VMS

      Eagle Eye Application Note - AN014 Implementing Single Sign-On (SSO) in the Eagle Eye Cloud VMS Single-Sign-On Click the banner to view the full Application Note. This Application Note is intended for Resellers of the Eagle Eye Cloud VMS whose ...
    • EE AN023 Smart Video Search in the Enhanced Web Interface of the Eagle Eye Cloud VMS

      EE AN023 Smart Video Search in the Enhanced Web Interface of the Eagle Eye Cloud VMS Video Search Click the banner to view the full Application Note. This Application Note is intended for all end users of the Eagle Eye Cloud VMS who have a need to ...