Salesforce

SSO configuration steps in Azure IdP

Printable View
« Go Back

Information

 
Answer
This supplementary document is to help you set up SSO for Tango portal with your Azure Identity Provider (IdP). You must first configure your IdP as an admin to create an entry for Tango portal Single Sign-On (SSO). Consult with your company’s IdP expert for the latest IdP configuration steps and instructions.
 
Note: This document is created in August 2024. We’re only providing a general guidance to get you started. For up-to-date procedure and screenshots, refer to the your IdP documentation.

 

Disclaimer: Tango has no affiliation with  Azure. Tango makes no warranty of any kind, whether express or implied, with regard to any third party products, third party content, or third party services. Tango will not be liable for loss damage, cost or expense, whatsoever resulting from this guide. This guide is provided as a courtesy. To confirm accuracy or completeness of this guide, please consult with  Azure directly.

 

In this article you can find: 


 

Requirements

  • An IdP account with admin permissions

  • A Tango portal account with manage authentication permissions

 

Azure OIDC SSO configuration steps

To set up SSO with Azure OIDC for the Tango platform, you need an administrator account access to your IdP provider. Log in to your IdP and create and entry for the new SSO. Find out Connection display name, Client ID, and OpenID Connection ID Token Issuer URL in your IdP before continuing in Tango portal.

 

To set up Azure OIDC SSO:

  1. Log in to Azure IdP and open Microsoft Azure Welcome page.
     

    azure1.png

     

  2. Go to Microsoft Entra ID.

  3. Click Add > App registration on top, to open the registration page:

    1. Enter a Name such as “Tango Sandbox OIDC”. The name will be shown in the the user-facing login page but can be changed later.

      azure2.png

    2. Select Accounts in this organizational directory only (default).

    3. Click Register. You’ve registered an OIDC application to map to the Tango portal.

  4. From the home page, search and find Enterprise applications.

  5. Click the Tango application you’ve just created:

    1. Go to Manage > Single Sign-On from the left menu.

    2. Click Go to application.

      Azure-go-to-application.png

  6. Click Manage >Token configuration on the left menu.

    1. Click Add optional claim.
      Azure-optional-claim.png

    2. Select ID as the Token type.

    3. Select family_name and given_name for Claim.

    4. Click Add. The two claims will appear under Optional claims.

  7. Go to Overview > Essentials:

    1. Click the link next to Redirect URIs.

      Azure-Redirect URI.png

    2. Click Add a platform.

    3. Select Web.

      Azure-web.png

    4. Enter the URL you got from Tango portal:

    5. Click Configure to go to Platform configurations.

    6. Select these two options:

      • Access tokens (used for implicit flows)

      • ID tokens (used for implicit and hybrid flows)

    7.  Click Save

  8. Go to Overview and copy the following IDs:

    Azure-IDs.png

    • Application (client) ID and save it for later when configuring OIDC in Tango portal. This field will be used as Client ID in Tango portal.

    • Directory (tenant) ID and save it for later when configuring OIDC in Tango portal. This value of this field will be used as part of the OpenID Connection ID Token Issuer URL link in Tango portal.

  9. Go to Overview > Essentials > Managed applications in….

  10. Click Users and groups and make sure your user is included.

    Azure-users-groups.png

  11. Sign in to the Tango portal.

  12. Copy the Client ID and Tenant ID that you’ve configured here. The Tenant ID consists of three parts: Microsoft online link+ Tenant ID+ v2.0 link: https://login.microsoftonline.com/{tenantId}/v2.0/.well-known/openid-configuration.

  13. Continue the SSO configuration in Tango Portal. See how to Add SSO connection in Tango portal.

 

 

Azure SAML SSO configuration steps

To set up SSO with Azure SAML for the Tango platform, you need an administrator account access to Tango platform and the IdP provider. Log in to your IdP and create and entry for the new SSO. Find out Connection display name, Entity ID, and Metadata URL in your IdP before continuing in Tango portal.
 

To set up Azure SAML SSO:

  1. Log in to Azure IdP and open Microsoft Azure Welcome page.

  2. Go to Enterprise applications.

  3. Click New application > Create your own application.

    azure5.png

     

    1. In What’s the name of your app, enter a name, such as “Tango Sandbox SAML”. The name will be shown in the the user-facing login page but can be changed later.

    2. Click Create.

      azure6.png

       

  4. Go to Enterprise applications again and click the Tango application you’ve just created.

  5. Go to Manage > Single Sign-On from the left menu.

  6. Select SAML:

    Azure-saml.png

    1. In Basic SAML Configuration, click Edit and enter the details such as Entity ID and Reply URL. Entity ID will be copied to Tango portal’s Entity ID field to match.

      azure8.png

    2. In Attributes and Claims, click Edit > Add new claim and enter the following attributes:
       

      Attribute

      Value

      given_name

      user.givenname

      family_name

      user.surname

      email

      user.mail

      username

      user.userprincipalname

      email_verified

      true

       

    3. In SAML Certificates, click Edit and copy the App Federation Metadata URL. This metadata URL will be used later in Tango portal.

      Azure-saml-certificate.png

  7. Click Users and groups and make sure your user is included.

    azure11.png

  8. Continue the SSO configuration in Tango Portal.
    See how to Add SSO connection in Tango portal.

 

Add Tango SSO tile to Azure dashboard

As an IdP admin, you can add the newly created Tango SSO tile to your Azure dashboard. To start, make sure you have enabled the SSO in Tango portal. See full instructions in Add SSO connection in Tango portal. Log in to your Azure IdP and follow the instructions below:

To add Tango SSO tile to Azure dashboard:

  1. Log in to Azure IdP and open Microsoft Azure Welcome page.

  2. Select your Tango application (OIDC or SAML) on the list.

  3. Go to Manage > Properties.

  4. Click the application registration link on top to be able to manage additional properties.

    1. For OIDC

      image.png

       

    2. For SAML

      image.png

       

       

  5. Enter a Name for your tile such as “Tango”. The given name will show up in your Azure dashboard later.

  6. Enter the Home page URL. You must get the URL by going to Tango > Authentication and find your newly added SSO. Click ellipsesellipses.png menu and copy the Service provider URL. See full instructions in Add SSO connection in Tango portal.

    image.png

     

  7. Upload Tango’s Logo. Azure recommends 215 x 215 pixels for logo size:

    image.png

  1. (Optional) Toggle on the Assignment required to show Yes. It allows specific users to have access to SSO. If you have selected yes, assign users under Users and groups to see the SSO option when they log in.

    image.png

     

  2. Toggle on Visible to users to show Yes. It allows users to see Tango SSO in their Azure dashboard.

  3. Click Save.

  4. Refresh your dashboard apps to see the newly created “Tango” tile.
    image.png




More resources

TitleSSO configuration steps in Azure IdP
URL NameSSO-configuration-steps-in-Azure-IdP
Powered by