For more details on ScreenCloud's Single Sign-On (SSO), please see Setting Up Single Sign-On (SSO) for Your ScreenCloud Account
Please note: Single Sign-On (SSO) is only available with the Enterprise subscription plan.
1. Set up your Single Sign-On (SSO) details
1.1. Head to the Single Sign-On tab under your Organization page. This tab will only be visible if SSO has been enabled for your account.
1.2. Begin by creating your connection name, which will most likely be your organization name. Please note that there can be no spaces, and it is recommended that you use all lowercase letters. Please note: this cannot be edited once submitted.
1.3. Once you click Continue, you’ll be greeted by additional fields that you can fill in.
2. Determine your ACS URL and EntityID
2.1. The next field that should be filled in is the Slug Name, which is the identifier for your organization login and the text that is used in your SSO URLs that are generated.
2.2. Once you add this, it will help to create your Audience URL (EntityID) and Assertion Consumer Service (ACS) URL.
2.3. Below is an example of how the links will appear when your SSO setup is complete, where [slug name] would instead be your company and connections name.
ACS URL
https://authenticate.screencloud.com/login/callback?connection=[slug name]
EntityID
urn:authO:signage-prod:[slug name]
However, you can use these, by copying the text and inserting your slug name. Following the steps below, you will see where these 2 links are needed to create your connection in your Azure Portal which allows you to then download your IdP metadata XML file.
3. Use your ACS URL and EntityID to obtain your IdP Metadata XML file from Azure
3.1. Go to the Azure portal.
3.2. From the navigation pane, go to Azure Active Directory > Enterprise applications, and then click + New application.
3.3. Under Browse Azure AD Gallery, click Create your own application.
3.4. Enter a name for the application, for example ScreenCloud, and then select ”Integrate any other application you don't find in the gallery (Non-gallery)” of the three options available. End this step by clicking Create.
3.5. Review the overview, and under the Getting Started section, complete the following steps required by Microsoft: Assign users and groups and Add user/group.
Note: Only the users and groups that are assigned in the steps can access the application.
3.6. From the navigation pane, go to Single sign-on, and then click the SAML tile.
The SAML-based Sign-on page appears.
3.7. In the upper-right corner of the Basic SAML Configuration section, click Edit.
3.8. In the Identifier (Entity ID) box and the Reply URL (Assertion Consumer Service (ACS) URL) box, enter the EntityID and ACS URL you obtained from you ScreenCloud SSO setup when you created your slug name.
3.9. In the upper-right corner of the User Attributes & Claims section, click Edit.
3.10. In the Unique User Identifier box, specify user.userprincipalname.
3.11. In the SAML Signing Certificate section, beside Federation Metadata XML, click Download.
The federated metadata file that you download is the IdP metadata file that you will upload to your ScreenCloud SSO setup under Upload IdP Metadata XML option.
Now that you have your XML file, head back to your SSO setup in ScreenCloud.
References:
4. Upload your IdP Metadata file to your ScreenCloud SSO setup
4.1. As you upload your IdP metadata XML file to your SSO setup, it will automatically fill in the additional fields and settings for you. However, to continue the setup manually, please continue further.
4.2. Under Identity Provider you’ll see that your setup’s IdP URL and certificate file (.crt) are attached.
4.3. Attribute Mapping details will be left blank for your Microsoft Azure setup
4.4. Under Other Settings, you’ll also see your algorithms and protocols have been set automatically as well. We recommend that you enable Debug mode so that logs can be created in case of any issues with the setup. For the other toggle options, please feel free to select them according to your preferences. Please note that Force SSO requires that you reach out to support to help set this up.
4.5. Click Save
4.6. Once your configuration details are implemented, you’ll have your 3 ScreenCloud SSO configuration URLs.
5. Create your Single Sign-On SAML login in Azure
5.1. In the Azure portal, on the ServiceNow application integration page, find the Manage section and select single sign-on.
5.2. On the Select a single sign-on method page, select SAML.
5.3. On the Set up single sign-on with SAML page, select the pen icon for Basic SAML Configuration to edit the settings.
5.4. Insert the 3 links obtained with the completion of your SSO setup in ScreenCloud to their correct areas, to the Identifier (Entity ID), Reply URL (Assertion Consumer Service URL), and Sign on URL.
5.5. Click Save
5.6. Your ScreenCloud SSO setup with Microsoft Azure is now complete.
Reference:
6. Set up SCIM with ScreenCloud for Microsoft Azure
SCIM (System for Cross-domain Identity Management) is a standardized protocol designed to simplify the management of user identities in cloud-based applications and services. It enables automatic provisioning, updating, and de-provisioning of user accounts, ensuring that user data is consistently synchronized across multiple systems. By using SCIM, organizations can streamline identity management processes, reduce administrative overhead, and improve security by ensuring that user access is always up-to-date.
Please see the below guide to learn how to configure SCIM settings in both ScreenCloud and Azure AD for smooth and secure data synchronization.