Connecting AchieveIt SSO to Microsoft Azure Active Directory

Using Microsoft Azure Active Directory as the SSO Provider for AchieveIt

This article will guide you through the requirements for allowing your users to login to AchieveIt through your organization’s Azure Active Directory (Azure AD) instance.

TL;DR – A Quick Summary

  1. Add a new app registration in Azure AD, enter AchieveIt as the name for the application, enter https://achieve-it.auth0.com/login/callback as Redirect URI.
  2. Create a new client secret. Save it for the next step.
  3. Send AchieveIt your Azure AD domain, Application (client) ID, and client secret. We will configure the connection using the information you provide.
  4. Once we’ve completed the configuration, your team must test it to ensure you can login to AchieveIt with SSO credentials.

For all the details, see below.

Adding AchieveIt to Azure AD

  1. Create a new application

    Login to Microsoft Azure Portal and choose Azure Active Directory from the sidebar.

1.png

Then under MANAGE, select App registrations.

mceclip1.png

Then click on the + New registration button to add a new application. Enter AchieveIt as the name for the application, select Web as Redirect URI type, and enter https://achieve-it.auth0.com/login/callback as Redirect URI. Register the application.

mceclip2.png

  1. Configure the permissions

Once the app registration has been created, you may have to configure permissions. Inside the App registration blade navigate to API permissions. Ensure the app has User.Read permission. This is the default and should already be granted.

mceclip3.png

  1. Create the client secret

Click on Certificates & secrets from the App registration blade. Click + New client secret. Enter a name and choose the desired duration.

If you choose an expiring secret, make sure to record the expiration date in your calendar, as you will need to renew the secret before that day in order to ensure users don't experience a service interruption.

mceclip4.png

Click on Add and the client secret will be displayed. Make sure to copy this value before leaving this screen, otherwise you may need to create a new one.

  1. Send AchieveIt Azure AD domain, Application (client) ID, and client secret

Send AchieveIt your Azure AD domain, Application (client) ID, and client secret. We will configure the connection using the information you provide.

  1. AchieveIt Configuration 

AchieveIt will configure the connection using the information you provide. After we contact you to let you know the configuration is complete, the final step is for your team to test the configuration and ensure you can login to AchieveIt with SSO credentials.