In order to activate Single Sign-On, you will need administrator access to all accounts, as well as the technical knowledge to correctly configure authentication and grant access. It may be necessary to contact the IT Manager or Lead Technician within your organization.
Step 1: Azure Active Directory Setup
NOTE: You will need a Premium Active Directory account in order to setup single sign-on.
1. Log in to your Microsoft Azure administrator account.
2. Select Azure Active Directory from the menu on the left.
3. Then select Enterprise Applications
4. Click New Application
5. Click the Non-Gallery applications box, enter a Name (Way We Do) and click Add - This name is used for display purposes.
6. Click configure Single Sign-On and enter the following information:
- Select SAML-based Sign-on as the Single Sign-on Mode
- Identifier - https://[yoursubdomain].waywedo.com
- Reply URL - https://[yoursubdomain].waywedo.com/SAML/AssertionConsumerService
- Tick the box marked Show advanced URL settings
- Sign on URL - https://[yoursubdomain].waywedo.com/Authentication/ExternalSignIn
- Relay State - https://[yoursubdomain].waywedo.com/Authentication/ExternalSignInCallback
- User Identifier - Select user.mail
You will need to replace the [yoursubdomain] text with the sub-domain of your unique URL of your Way We Do account.
7. Click the link to download the certificate
8. Tick the box to activate the certificate
9. Click the Save button at the top of the window
10. Click the link to configure the service provider. A new pane will open that contains the information needed to copy and insert into Way We Do.
Step 2: Activate Way We Do Setup
In a separate tab or window, navigate to your Way We Do account to copy the information from the configuration screen into your single sign on settings.
1. Click the person icon in the top right corner of any page in Way We Do, then click Account in the dropdown menu.
2. Click the menu icon to open the push navigation menu
3. Click Single Sign On
4. Enter a Single sign-on name - This text will appear on the sign-on page once the function is enabled to inform users of the single sign-on option. (e.g. Google Apps Sign-On, Acme Co. Single Sign-On, Company Login)
5. Enter the Identity ID - This was provided in the screen on step 10 above.
6. Enter the SAML SSO URL - This was provided in the screen on step 10 above.
7. Upload the certificate you downloaded by clicking the Select button next to Certificate - The information passed between the Identity Provider and Way We Do needs to be encrypted, so a certificate is used.
8. Optional Settings -
- Enable Passwords - This option disables the regular password function for Way We Do so that users must use single sign-on
- Enable Auto-provisioning - When this is enabled, the email address used to sign-on will be automatically compared to the list of users in Way We Do. If the email address does not match a current user in Way We Do, it will create the option to automatically add a new user account for the person signing in. This is ideal for large organizations since they can simply tell users to log in and it will automatically add them as users in Way We Do.
- NOTE: Users added through single sign-on are added as general users and are not assigned a role in the system. A role can be manually added, and the user can be changed to an Editor or Admin within Way We Do.
9. If you are happy with the settings, you will need to turn on single sign-on by clicking the toggle button over to Yes.
10. Click Save
Step 3: Add Users
1. Navigate back to the Azure Active Directory page. Way We Do should now be listed as an enterprise application. Click it in the menu.
2. Click Users and Groups in the menu, then click Add User. Select the users you would like to add.
The Single Sign-on setup is now complete. Your login screen for Way We Do will include the new SSO (Single Sign-On) option.
NOTE: Signing out of Way We Do will NOT automatically sign a user out of the Microsoft account. If users are on shared computers, they will need to log out of their Microsoft account before another user can log into Way We Do using Single Sign-On.