How to Configure Single Sign On (SSO) with Azure/Entra ID in Triofox AI

Enable SSO:

Click on Configure under the "Single Sign On" block in the settings page.

Inside "Single Sign On" toggle on "Enable SAML Single Sign On". From here, configure the settings desired for SSO and then click "Apply". You can always come back to change the settings.

• Force signin via ID Provider: automatically takes user to SSO when logging in from clients and organization URL.
• Enable SSO for windows and mac clients: let users sign in with SSO from windows and mac clients.
• Enable SSO for mobile clients: let users sign in with SSO from mobile clients.

Configure SSO on Azure:

On the Microsoft Azure portal, select Microsoft Entra ID.

Inside Entra ID, click on the "Add" button on the top tool bar and select "Enterprise application"

Select "Create your own application", enter a name, select "Integrate any other application you don't find in the gallery" and select "Create" to create the application.

Inside the application page, select "Single sign-on" under the "Manage" drop down on the left and then choose the card titled "SAML".

Next, click "Edit" on the "Basic SAML Configuration" card. 

1. Select "Add identifier" and copy and paste the link under "Access service provider meta data using the following link" from the Triofox.AI SSO configuration page.
2. Select "Add reply URL" and copy and paste the link under "Assertion Consumer Service (ACS) URL" from the Triofox.AI SSO configuration page.
3. Finally, click "Save" to save your changes.

Now navigate back to the web portal SSO page and select the tab "ID Provider". Click on the gears icon button to open the configuration screen.

• Select "Azure AD" for "Select SAML ID Provider" and click continue.
• For "Azure AD Directory ID", go back to the Microsoft Entra site, select Manage->Properties on the left menu and copy the Tenant ID.
• Paste the Tenant ID into the field "Azure AD Directory ID" and click continue.

Finally, on the Entra ID Enterprise Applications page, select "Users and groups" on the left menu and then click "Add user/group" to select the user you want to access Triofox AI and add them to the application.

Using SSO

To use SSO on web portal, access Triofox.AI from your custom DNS address, which can be set in web portal by accessing Settings->Branding.

You will also see the option to use SSO after entering your username on the normal portal.

Finally, use the "Login via IDP using the following link" link to directly access the SSO sign in page if needed.

If "Enable SSO for windows and mac clients" is toggled on, an option to sign in with SSO will be displayed after the username is entered and the user clicked continue.

If "Enable SSO for mobile clients" is toggled on, an option to sign in with SSO will be displayed after the username is entered and the user clicked continue.