Good Grants can be configured for single sign-on with Microsoft Azure and SAML. This means users of your Microsoft Azure portal don't have to register for a separate set of login credentials on Good Grants. To configure this connection, follow the steps below.
- In your Microsoft Azure portal, create a new application
- Select Set up single sign on
- In the Basic SAML Configuration settings set the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) as below but replace your_Good_Grants_account_domain with the URL of your Good Grants account
- Identifier (Entity ID): https://your_Good_Grants_account_domain/saml/metadata
- Reply URL (Assertion Consumer Service URL): https://your_Good_Grants_account_domain/saml/callback
- Good Grants requires three attributes: firstName, lastName, and email which can be configured in the 'Attributes & Claims' section
Note: you will need to set Name identifier format to Persistent. For the Additional claims please delete any values in the Namespace field. - In the Manage workspace of your Good Grants account, go to Settings > Users > Registration
- Under '3rd party authentication', select the SAML checkbox
- Copy and paste the Azure AD Identifier from Microsoft Azure to the Issuer field
- Copy and paste the Login URL from Microsoft Azure to the Single sign-on service URL
- Download the certificate from Microsoft Azure and copy and paste the text to the X.509 certificate field in Good Grants.
Note: the option to encrypt the assertion is optional. Depending on your identity provider requirements, a SAML public certificate or SAML certificate private key may be required. - Save
A SAML login button will now be visible on your home page. Users who are logged into Microsoft Azure can click this button and be logged in to your Good Grants account automatically. Alternatively you can provide a direct link from your own website to https://your_Good_Grants_account_domain/saml/login.
Tip: be sure and replace the above example URL with your program's domain.