Product: Awair Dashboard
Note: Awair Business Dashboard is only compatible with Awair Business App and must be activated internally before you can access it. If you’re interested in setting up an Awair Business account with us, please click here to get in touch with our sales team.
Overview
This document provides instructions to configure Awair Dashboard to use Azure AD as the 3rd party identity provider. The Azure AD identity provider will authenticate users logging into the Awair Dashboard. This means Awair Dashboard and mobile applications will delegate the authentication responsibility to the Azure AD identity provider. This is also known as Single Sign-On (SSO), where users only need to log in once through their company-designated identity provider, and they will be able to access all applications that are authenticating with the same identity provider.
Configuring SSO includes three main processes:
2. Turn on SSO for Dashboard configuration (handled by Awair Support Team)
3. Configure SSO in the Dashboard (handled by your Organization Manager)
Register an application (Awair Dashboard) with Azure Active Directory Identity Provider
Introduction:
A prerequisite to enabling Azure AD as the identity provider is registering the Awair Dashboard application with Azure AD. For an identity provider to know that a user has access to a particular app, both the user and the application must be registered with the identity provider.
Below are the steps for registering an app with Azure AD. The IT team can register the app as a Single or Multi-Tenant App.
- Single-tenant apps are only available in the tenant they were registered in, also known as their home tenant.
- Multi-tenant apps are available to users in both their home tenant and other tenants.
For more information, please check out this Microsoft documentation
Registering with Azure Active Directory requires you to do the following:
2. Create a client credential for the registered app
Prerequisite:
In your Azure Portal, select the directory in the Azure AD that you would like to work on. We selected the “awairnet.com” as the root directory in the example below.
Register an App:
Step 1: Access the app registrations tool
Step 2: Click on the “New Registration” button
Step 3: Enter the application details and click the “Register” button
Name: Any name that can represent the Awair Dashboard application. We recommend using Awair Dashboard.
Account Types: You can select single or multi-tenants.
Redirect URL: Select “Web” and enter the URL below. Replace the parenthesis {{org_id}} with the organization ID you want to connect to.
https://dashboard.getawair.com/sso/callback?orgId={{org_id}}
Step 4: Copy the Client ID and the Tenant ID. You will need this information for the next steps
Create a client credential for the registered app:
Step 1: Click on the link “Add a certificate or secret"
Step 2: Enter the client’s secret details
Step 3: Copy the client secret immediately
Turn on SSO for Dashboard configuration
For this step, please reach out to the Awair Support Team to assist with activating SSO for your Dashboard! You can send us an email to hello@getawair.com or submit a help request here.
Configure SSO in the Dashboard
Introduction:
This step must be performed by the Organization Manager of the Awair Dashboard. You can configure an Awair Dashboard organization for Single-Tenant or Multi-Tenant SSO.
Prerequisite:
1. Must have an initial Awair user account with the Organization Manager’s permission
2. Must have the following from Azure AD previously configured by the customer’s IT team:
- Single-tenant Azure AD app.
- Client ID
- Client Secret
- Tenant ID
- Multi-tenant Azure AD app.
- Client ID
- Client Secret
Step 1: Click on the left menu - SSO Credentials
Step 2: Copy the callback URL, paste it into a text editor, and Click on the “Enable SSO” button
Step 3: Select the Microsoft Single or Multi Tenant configuration option from the drop-down Menu
Step 4: Enter the client details for single or multi-tenant configuration. This step is slightly different depending on which option you've selected.For single-tenant, you must enter Tenant ID, Client ID, and Client Secret.
For multi-tenant, you must enter Client ID and Client Secret.
Below are examples of Single-Tenant and Multi-Tenant.
Single-Tenant:
Multi-Tenant:
After successful configuration, you will be asked to select the Org and log in with your SSO account. Please note the key icon next to the Org. This means SSO is enabled for the org.