Support

Single Sign-On (SSO) for Dashboard Log In

 

Product: Awair Omni

Note: Awair Business Dashboard is only compatible with Awair Business App and must be activated internally before you can access it. If you’re interested in setting up an Awair Business account with us, please click here to get in touch with our sales team.

Overview

Supported Identity Providers (IdP)

Microsoft Azure Active Directory (AD)

Let us know what Identity Provider you would like to see!

Awair Dashboard SSO Waitlist

 

Introduction

Single Sign-On (SSO) is a more secure authentication and authorization feature that reduces the number of passwords your Organization Members need to create and maintain. IT departments are rightly concerned with re-used passwords stored across multiple 3rd party websites, tools, dashboards, portals, and other programs that employees need to perform their work. SSO allows employees to re-use their work login credentials hosted on your internal Identity Provider (IdP), for example, Microsoft Azure Active Directory (AD). All 3rd party logins in theory are consolidated into the single internally managed system, thus making 3rd party tools, portals, etc. more secure.

In order to start using SSO in the Awair Dashboard:

  1. Contact your Awair Sales or Customer Success representative OR fill out the waitlist form in the table above.
  2. Customer Success will add your company's domain(s) to your Awair Dashboard Organization.
    • The domain(s) are checked during sign-up and sign-in in order to route your employees to your IdP.
    • Note: two Awair Dashboard Organizations cannot share the same domain at this time.
  3. Proceed to the Awair Dashboard "SSO Credentials" page in the left-hand menu.
  4. Click "Enable SSO" and follow the prompts (see more details below).

Dashboard Setup

SSO Credentials Page - Side Menu

sso-credentials-menu.png

Enable SSO Page

sso-enable.png

Choose Identity Provider

sso-choose-idp.png

Client ID & Client Secret

sso-microsoft-ad.png

Microsoft Azure Active Directory (AD) Setup

Azure Portal

https://portal.azure.com/

microsoft-azure-ad-portal.png

Register an application

OAuth 2 Redirect URI: https://awair.okta.com/oauth2/v1/authorize/callback

Copy and paste the URL above into the "Redirect URI (optional)" field (Note: this is REQUIRED, not optional).

microsoft-azure-ad-client.png

Copy Client ID

microsoft-azure-ad-client-id.png

Create Client Secret

Note: write yourself a reminder to create a new Client Secret based on the value you choose for "Expires" because you will need to rotate the Client Secret before this one expires. Otherwise, you will be locked out of the Awair Dashboard web and mobile app.

microsoft-azure-ad-client-secret.png

Copy Client Secret

Copy and paste the Client Secret into the SSO Configuration page of the Awair Dashboard. The Microsoft Azure AD interface will only show you the Client Secret one time, so if you forget to copy and paste it, you will need to create a new one.

microsoft-azure-ad-client-secret-copy.png

Inviting Awair Dashboard Organization Members

Please refer to Awair Dashboard Organization Roles & Permissions for more detailed instructions on inviting and managing Organization Members in the Awair Dashboard.

Invited Members MUST:

  • be registered in your IdP
  • invited via the Awair Dashboard web portal
  • have an email with your supported IdP domain that Awair Customer Success has also added to your Awair Dashboard Organization (see: Introduction - Point #2)

dashboard-invitation.png

Have more questions? Submit a request