How to setup Single Sign On (SSO) with Azure AD

How to setup Single Sign On (SSO) with Azure AD

What is Single Sign On (SSO)

Definition: Single sign-on (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials.

Specifically, SSO allows users of your organisation to log in to Skore with their usual credentials, typically the Microsoft Azure AD credentials they are using to log into their computer in the morning. The benefit is that they do not need to manage another account / password for Skore.

Additionally, this helps enforce all your security requirements (multi factor authentication, etc.) and easily prevents users who left the organisation continued access to Skore.

Setting Up SSO (Azure AD)

Below are the steps required to successfully set-up Single Sign On for your Skore workspace using Microsoft Azure AD.

Provide Email domains

Skore implementation of SSO relies on recognising email domains. We'll therefore need to understand all the domains potentially used by users of your organisation

See examples below:
  1. mycompany.com
  2. mycompany.co.uk
  3. mycompany.fr
  4. mycompany.de


Identify the Azure AD administrator

The first user to log into Skore with SSO need to have Azure AD administrative rights in order to approve the Skore application into your IT domain.

Step 1: Contact us at support@getskore.com to provide the list of email domains and the name of your administrator

Configuration Session

A Skore agent will setup the system for you and test with your administrator during an online meeting. This takes 15 minutes.

Step 2: Azure AD administrator and Skore agent organise a configuration session. 

Ready to go!

Once the administrator has approved Skore and testing is complete, users are ready to go!

Step 3: Users enter their email on the skore login page, and be directed to their usual organisation's login page. 


Next Steps...

Adding new users

Users can be invited to Skore by a workspace admin, or the workspace can be setup to allow users to join.

Removing users

If an employee leaves the business,  the users account will need to be manually removed from the Skore platform. Nevertheless, providing the account is disabled on your Azure AD already, the user will not be able to access Skore. 

Changing user licence / permissions

Changing a users licence / permissions (member, editor) is performed in Skore and is not related to SSO. 


Notes:

  1. Skore does not support automatic provisioning from Azure AD groups

    • Related Articles

    • (Legacy) Setup Skore Connect

      Use Skore to capture processes and requirements at the speed of conversation in live workshops. Categorise each requirement, and automatically create Work Items in Azure Devops. Your development team can take over the work in their own platform. ...

    • How to setup Two Factor Authentication in Skore

      What is 2 Factor Authentication (2FA) ?  "2FA" is a way to secure an account by making sure the user trying to login really is the user. This is done by asking a second security question that is generated from another source.  At Skore, we do it ...

    • How to hand-over a workspace to a client

      You are a consulting company working with your clients. You have finished the engagement and the client would like to keep access to the workspace.  Workspace clean up Before handing over the workspace you may want to "clean up" the content  ...

    • (Legacy) Manage user access (with or without approval)

      There are 3 options to manage how new user can access a workspace Request join (recommended) Allow join Manual Invitation Request join Users of a specific email domain can request access to a workspace in order to visit and view the content. Request ...

    • Process map page settings

      Available in Product Plan: Mapping • Analysis • Management Feature available to: Editor • Admin What are the page settings These are the settings that relate to the canvas/page that a process is developed onto. You can configure these settings based ...