Single sign-on in Azure AD

You may need an administrator role in Azure to be able to complete this guide.

Caution: An Office 365 (Azure AD) account with the exact same username (email) as an existing administrator user in the customer portal is required, before proceeding.

If this is not the case, you may become locked out of the customer portal and will accordingly need to contact support to restore access.

Alternatively, you can follow our guide to configure SSO based on custom SAML configuration, and apply the same approach with Azure AD as your identity provider.

  • In the Secure Practice customer portal, click the «Settings» button in the top right corner, and navigate to the «SECURITY» tab at the top.
  • Then, locate the «Single sign-on» section, and click «Activate SSO»:

Enable Azure AD

Customer settings

Safety tip: In order to verify your new sign-on configuration without losing access to revert this setting, in case of any issue, you may open a new browser window in private mode (or another browser), instead of logging out, and perform the following steps from there.
  • Open the customer portal, enter your username in the login prompt. Click «Continue».

Your browser will automatically redirect to your organization's login page for Office 365.

  • After completing your organization's login, you will be prompted to approve the Secure Practice application to access your user profile information:

Distribute add-in

Personal data offered through such basic profile information includes email address, name, title, company, department, phone number, address, language and profile image (if available).

  • Choose «Accept» to grant access (permission only applies to this specific account for now).

Shortcut: If you have already signed in with an Office 365 administrator account, you may see an option to consent on behalf of your organization:

Distribute add-in

Tick this box to skip the remaining steps in this guide, before clicking «Accept».

Are you denied access to providing consent? Your organization may restrict ordinary end-users from approving new applications. This is usually a good idea, since permissions may be exploited through phishing. Try login with an Office 365 administrator account instead.

After completing the approval flow for the first single user, you may want to relieve your colleagues from having to each grant their own permissions.

  • Since our application has now been approved once in your tenant, you can find it in the Azure AD Admin Portal (requires administrator access), in «Enterprise Applications»:

Upload XML manifest

  • Click the «Secure Practice» application, and then the «Permissions» tab in the left menu.
  • Click the «Grant admin consent for (your company)» button to initiate a new approval flow:

Select manifest file

This time, the permissions dialog requests you to «Accept for your organization», rather than simply your individual user account.

  • Click «Accept» in the permissions dialog to approve.

Choose distribution

Finally, you may review the application permission in the Azure AD Admin Portal, by clicking the corresponding Microsoft Graph permission which was created.

Finish off by informing your users

An encrypted copy of user data may be stored in our accounts service, depending on customer configuration, and in line with the data processing agreement. The configuration of single sign-on with Azure AD gives Secure Practice no further access to your organization's directory, apart from the relevant user data when an actual sign-in takes place, based on user interaction.

We are happy to answer any compliance or data protection related questions you may have.