Setup SSO Provider on Azure AD

Setup SSO Provider on Azure AD


In addition to traditional sign-on methods, the NetBeez dashboard supports single sign-on for Azure. The below steps will walk through the setup procedure.


1. As an administrator, log in to the Azure Active Directory admin center.

2. Click on “Enterprise applications” in the left sidebar navigation.

3. Click on “New application”.


4. Click on “Create your own application”.


5. Give your app a name such as “NetBeez” and select “Register an application...” under “What are you looking to do with your application?”. Then click the “Create” button.


6. On the next screen, select the appropriate “Supported account types” for your organization. In most cases, the “Accounts in this organizational directory only” will be the appropriate option.

7. Next add an entry under “Redirect URI”, first select "Web" from the dropdown. The URI should be your server FQDN followed by “/users/auth/azure_ad/callback” (eg. https://[your server FQDN]/users/auth/azure_ad/callback). Click “Register”.

8. Your application that will facilitate the single sign-on with NetBeez has been created and you should now see it under “Enterprise applications”. Click on the application.

9. Under “Single sign-on” located in the left navigation sidebar you should see some content about “OpenID Connect”, in that content, click Go to application.


10. In order to configure the NetBeez Azure AD setting, you will need the Application (client) ID  and Directory (tenant) ID under the “Essentials” section.

11. Next you will need to create a client secret. Under the “Essentials” section you should see “Client credentials”. Click the link “Add a certificate or secret”.


12. Next you should see a section called “Client secrets”, click on the “New client secret” button.


13. Give your secret a description and pick your preferred expiration time. Then click the “Add” button. You should now see your secret under “Client secrets”, you will need the “Value” for your secret, this is the last piece of information required to configure the NetBeez Azure AD setting.

It is recommended that you maintain at least one local NetBeez administrator account.



14. Last we need to configure NetBeez with the information of the application you created in Azure. Navigation to “Settings” and then “Enterprise Authentication”. Expand the “Azure AD SSO” setting and enter the following information.

    a. Application (client) ID: enter into Client ID.

    b. Directory (tenant) ID: enter into Tenant ID.

    c. Client secret Value: enter into Client Secret.

    d. Roles: 

Role Mapping On

If role mapping is on, the following fields are required:

  • Admin Group ID
  • Read-Only Group ID
  • Read-Write Group ID

Role Mapping Off

If role mapping is off, no fields are required in this section. Click the Default Role dropdown and select which permission all new users should receive. After a new user logs in and receives their default role, an administrator can change their permissions on under the Settings > Users tab. 

15. Click the “Save” button. Your Enterprise Authentication should now be enabled, and you should now see the “Log in with Azure AD” button on the login prompt.



Role-Based Access Control

Enhance your security and control with RBAC(Role-Based Access Control) for Azure SSO. This feature allows administrators to define and manage user roles and permissions, ensuring that only authorized users have access to sensitive information. With RBAC for Azure SSO, you can customize access based on your organization's needs.

To set up role-based access control for Azure SSO, you will need to create the groups inside Azure and assign users to the groups. Then the group IDs will need to be added to the NetBeez dashboard.

Create Groups

  1. Login to Azure Portal
  2. Under Azure Services, click Azure Active Directory
  3. Click Add + and select Group
  4. Fill out the options
  5. Click Create

Note: Create a group for Admin, Read/Write, and Read Only

Create Group Claim

  1. Login to Azure Portal
  2. Under Azure Services, click Azure Active Directory
  3. Click Enterprise Authentication
  4. Click on your application's name
  5. Click on Single Sign-on
  6. Click on Edit in the Attributes and Claims box
  7. Click + Add Group Claim
  8. Select "Security Groups"

Add User To Groups

  1. Login to Azure Portal
  2. Under Azure Services, click Azure Active Directory
  3. Click Users on the sidebar
  4. Click on a user's name
  5. Click on the number next to Group Memberships
  6. Click + Add Memberships 
  7. Click on a group to add the user to
  8. Click Select

Connect To NetBeez Dashboard

  1. Log in to the NetBeez dashboard as an administrator
  2. Navigate to the Settings page
  3. Navigate to Enterprise Authentication
  4. Toggle Azure AD SSO on
  5. Fill in the tenant ID, client ID, and client secret
  6. Toggle role mapping on
  7. Fill in the group ID for admin, read/write, and read-only (The object ID from Azure is the group ID) mceclip0.png
  8. Click Save Settings

Have more questions? Submit a request


Please sign in to leave a comment.