To configure and test Azure AD SSO with ScreenSteps, perform the following steps: For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in ScreenSteps. Configure and test Azure AD SSO for ScreenStepsĬonfigure and test Azure AD SSO with ScreenSteps using a test user called B.Simon.
In this wizard, you can add an application to your tenant, add users/groups to the app, assign roles, as well as walk through the SSO configuration as well. Wait a few seconds while the app is added to your tenant.Īlternatively, you can also use the Enterprise App Configuration Wizard. Select ScreenSteps from results panel and then add the app.In the Add from the gallery section, type ScreenSteps in the search box.To add new application, select New application.
Navigate to Enterprise Applications and then select All Applications. On the left navigation pane, select the Azure Active Directory service. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account. To configure the integration of ScreenSteps into Azure AD, you need to add ScreenSteps from the gallery to your list of managed SaaS apps. Also, please do not forget to accept the response as Answer if the above response helped in answering your query.Identifier of this application is a fixed string value so only one instance can be configured in one tenant. Its always the application that redirects you to AAD, for either authentication or logout and then AAD redirects you back to the application's desired page based on the value mentioned in the redirect_uriĭo let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Don't want the logout to end up with close the window." If there is no user session available, then there is no way to get redirected from AAD to your redirect URI. able to write a uri & repeatable use it and get redirected. Not really clear on this ask " If user does not have a session - is it possible to still get a redirect e.g. If you want to get the logout to work for a particular session, make sure its a single-tenant application and instead of common, you specify the tenant-id there., so that when this request gets fired, it is sent to that specific tenant ID. After the session gets destroyed, the post_logout_redirect_uri is used to get the user and on a page where you can provide another sign-in button, so that the user can re-initiate the sign-in and create a new session. When the logout endpoint is called all the sessions like your application session and also the session of Azure AD gets destroyed. Also, please do not forget to accept the response as Answer if the above response helped in answering your Thank you for reaching out. There is a race condition if multiple apps all attempt to sign out at the same time, but that's not something that happens.ĭo let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Regarding the race condition you mentioned, ideally, there won't be any race condition as AAD does remember the session that it just deleted. If there is no session, no redirects happen, but if there is a session, AAD does redirect the user to the post_redirect_uri as mentioned in the request. If we would use the request " " without a session, it would like take you to the page that says, "Successfully logged out", but it won't redirect, as AAD, won't just redirect without a proper session since that's not a safe practice. Based on the internal discussions, I would say that, without session the logout redirect fails, since otherwise, it's an attack vector for open redirects. It took me some time as was busy trying to find the right answer for you to help you further with your query. I apologize for the delay in my response.
0 kommentar(er)
