How to setup Single Sign On (SSO) with Azure AD
What is Single Sign On (SSO)
Definition: Single sign-on (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials.
Specifically, SSO allows users of your organisation to log in to Spark with their usual credentials, typically the Microsoft Azure AD credentials they are using to log into their computer in the morning. The benefit is that they do not need to manage another account / password for Spark.
Additionally, this helps enforce all your security requirements (multi factor authentication, etc.) and easily prevents users who left the organisation continued access to Spark.
Setting Up SSO (Azure AD)
Below are the steps required to successfully set-up Single Sign On for your Spark workspace using Microsoft Azure AD.
Provide Email domains
Spark implementation of SSO relies on recognising email domains. We'll therefore need to understand all the domains potentially used by users of your organisation
See examples below:
- mycompany.com
- mycompany.co.uk
- mycompany.fr
- mycompany.de
Identify the Azure AD administrator
The first user to log into Spark with SSO need to have Azure AD administrative rights in order to approve the Spark application into your IT domain.
Step 1: Contact us at support@getskore.com to provide the list of email domains and the name of your administrator
Configuration Session
A Spark agent will setup the system for you and test with your administrator during an online meeting. This takes 15 minutes.
Step 2: Azure AD administrator and Spark agent organise a configuration session.
Ready to go!
Once the administrator has approved Spark and testing is complete, users are ready to go!
Step 3: Users enter their email on the Spark login page, and be directed to their usual organisation's login page.
The Azure administrator will be presented with a screen that looks like that. The user will approve for the entire organisation.
(Before this is authorised user will be presented with a message similar o this one
Next Steps...
Adding new users
Users can be invited to Spark by a workspace admin, or the workspace can be setup to allow users to join.
Removing users
If an employee leaves the business, the users account will need to be manually removed from the Spark platform. Nevertheless, providing the account is disabled on your Azure AD already, the user will not be able to access Spark.
Changing user licence / permissions
Changing a users licence / permissions (member, editor) is performed in Spark and is not related to SSO.
See article: Adding new users into your workspace
Notes:
- Spark does not support automatic provisioning from Azure AD groups
Related Articles
How to setup Two Factor Authentication in Skore
What is 2 Factor Authentication (2FA) ? "2FA" is a way to secure an account by making sure the user trying to login really is the user. This is done by asking a second security question that is generated from another source. At Skore, we do it ...How to hand-over a workspace to a client
You are a consulting company working with your clients. You have finished the engagement and the client would like to keep access to the workspace. Workspace clean up Before handing over the workspace you may want to "clean up" the content ...Process map page settings
Feature available to: Editor • Admin What are the page settings These are the settings that relate to the canvas/page that a process is developed onto. You can configure these settings based upon your mapping preferences and for printing/PDF ...Importing Nimbus processes into Skore
Introduction Spark provides the capability to import Nimbus content into Spark. The Nimbus importer will do the "heavy lifting" for you: convert all process content. You will be required to carry out some manual tidying and splitting tasks. Please ...Decision boxes / diamonds in Skore
Introduction Users that are new to Skore may ask how they draw, or represent, a decision diamond commonly found in other types of process mapping. Skore is based on the Universal Process Notation (UPN) which doesn’t use decision diamonds but does ...