Introduction
Kepion provides simple but secure access through single sign-on (SSO) with Azure AD. This article walks systems admins through setting up SSO with this identity provider.
Step 1. Configure Azure AD
Before you can configure SSO with Azure AD, you need to have created an Azure app registration. Refer to this article if you haven't done so.
Step 2. Configure Kepion
Note: Azure AD is a default identity provider in Kepion. Users can start setting up SSO with it by completing the steps below.
1. Go to Azure AD and select Edit.
2. Select Enable for sign-in.
3. From the Mode dropdown, choose the relevant option:
- Azure AD Standalone: Organization uses Azure AD to manage users and authentication. Users can sign in with their Azure credentials.
- Azure AD Integrated: Organization's on-premises Active Directory (AD) is integrated with Azure AD. Users can sign in with both their domain accounts and Azure credentials.
4. Copy/paste the Tenant ID, Client ID, and Client Secret from your Azure Portal to the according field.
5. (Optional) Enter a number in hours for Session Timeout. If left empty, the session timeout is set to 168 hours (7 days).
Tip: Enter decimals to set the session timeout to smaller units than hours (e.g., 7.5 hours for 7 hours and 30 minutes).
6. (Optional) From the Authentication Prompt dropdown, choose the desired option:
- Select Accounts: Users will be presented with a list of accounts for sign-in or choose to use a different account. This is the default option.
- Force Login: Users will be prompted to enter their credentials, negating single sign-on.
7. Select Save.
Step 3. (Optional) Manage Azure users in Kepion
For those managing Azure users in Kepion, you must fill out the remaining fields. Follow the steps below for instructions.
1. Copy/paste the App Registration ID and Enterprise Application ID from your Azure Portal to the according field.
2. In the Invite Redirect URL field, enter the URL users will be redirected to after accepting the invitation to join the Azure AD.
3. Select Save.
Next steps
You're all done! Ensure users test their Kepion access to verify you've configured SSO correctly.