Microsoft Azure SSO Setup

Information on adding Microsoft Azure SSO as an identity provider to allow for single sign-on access to the InsCipher Connect portal.

If your organization already has a Microsoft Azure SSO account, we can integrate it with the InsCipher Connect® portal for a faster and more secure login experience for your users.

Setup Requirements

In order to connect your MS Azure account with the InsCipher Connect® portal for a streamlined SSO login experience, you will need to follow the step below. As there is a cost to support this integration, we ask clients interested in implementing this functionality to contribute to the cost. Please contact your InsCipher implementation specialist should you have questions.

Type

We utilize OAuth and not SAML. You will need to create a user group and associate your filing team's Microsoft accounts to that group.

Callback URL

Please add this callback URL for InsCipher in your Microsoft Azure settings:

CallBack URL: https://surpluslines.inscipher.com/sso/connect/check/azure

Required parameters

The following information will need to be securely sent to the InsCipher implementation team in order to connect your Microsoft Azure SSO account:

  • Application (client) ID
  • Client Secret
  • Tenant Id

How to get your Application (client) ID
Go to your MS Azure settings > Properties > Application ID


How to get your Client Secret
Go to your MS Azure settings > Certificates and secrets > + New client secret


How to get your Tenant ID
Go to your MS Azure settings > External Identities > Tenant ID


Once Activated

After the MS Azure SSO integration is enabled, your users will no longer be able to log in using their legacy usernames/passwords. If users try to edit their passwords, they will see a message like this:

Therefore, should you wish to implement this with your organization, it will be important that users are aware of this change.

Once enabled, the process is pretty straightforward. On the main login screen, https://surpluslines.inscipher.com, would just click the "LOGIN with SSO" button, add their Microsoft exchange email, then they would be directed (the first time) to add their Microsoft password to login. After that, our system would drop a cookie so that future logins will only require them to add their email.


Ongoing Maintenance

Should any of the credentials provided to InsCipher be changed, these would need to be updated in the portal. This can be done by either contacting support or by going to the User settings and clicking on the "AUTHENTICATION PROVIDERS SETUP" button on the top right of the page: