Creating Assure App Registration within Azure AD
1. Browse to https://portal.azure.com with an Azure AD admin account.
2. Select All Services -> Search for App Registrations -> Click on App Registrations
3. If you have already provided Evotix with the endpoint before you can skip this step.
Click Endpoints and copy the Federation Metadata document URL.
You can send the metadata URL to your implementation consultant or Customer Success Manager who will then pass it to our dev-ops team to action.
4. Click New Registration
5. Enter the following settings and click register:
• Name: Assure
• Supported Account Types: Accounts in this organizational directory only (Your Org
name)
• Redirect URI (Web):
• https://ids.uk.sheassure.net/core/signin-fedYOUR_CUSTOMER_KEY
• Replace YOUR_CUSTOMER_KEY with your customer key provided by your
Evotix Project Manager or Customer Support Analyst.
• Example: If your customer key was “customertest” your Redirect URI would
be https://ids.uk.sheassure.net/core/signin-fedcustomertest
6. Within Branding set the Home Page URL to
• https://uk.sheassure.net/YOUR_CUSTOMER_KEY
• Replace YOUR_CUSTOMER_KEY with your customer key provided by your Evotix
Project Manager or Customer Support Analyst.
• Example: If your customer key was “customertest” your Home Page URL would be
https://uk.sheassure.net/customertest
7. Within API Permissions ensure you have the Microsoft Graph User.Read Delegated
permission only.
8. Within Expose an API set the
Application ID URI using the set link.
It will default to the application id prepended by api:// e.g. api://fc3afc11-2d05-4494-af0b-4354ab111090
9. All done. Once the Evotix tech team have the metadata XML URL (from step 2), the Application ID URI (from step 8) and confirmation of you completing these steps. They will enable SSO on your site and once
completed you will see a slightly different login screen:
FAQ
• I have a user in Assure and Azure AD; How do I login in using or link an Azure AD User
to Assure?
• Create/Edit the user in Assure ensuring the User Principal Name (UPN) within
Azure AD matches the Email field in Assure:
10. I am getting an Azure AD error that the user is not authorized to access. “User
account from identity provider does not exist in tenant”
• If you have strict application policies within Azure AD ensure that you have
given the user access to the Application. This error is likely an issue with the
Azure AD Application setup rather than a setting within Assure.
11. I am getting an Azure AD error saying the application is not found in the current
directory.
• Assure could be configured with the wrong federation metadata you
provided. Please double check the directory ID in the error dialog against the
federation metadata URL you provided and update support if there is a
mismatch.
• Your application within Azure AD could be mis-configured, please check the
three URLS carefully that you entered into the app registration. It is most
likely that the “Application ID URI” is incorrect.
12. I am getting an Assure Error “User not found or authorized for access”
• If you have clicked the Microsoft button, it is likely that the SSO handshake
has been completed and is not an Azure AD configuration issue. Please ensure
you have a “linked” user account as described above.
13. Does Assure support other SSO protocols like SAML or other SSO providers?
• Assure supports SAML, OKTA and Azure AD configurations.
14. When I click the Microsoft login button I get taken straight back to the login screen.
• Your application within Azure AD could be mis-configured, please check the
three URLS carefully that you entered into the app registration. It is most
likely that the “Redirect URI” is incorrect.
15. Can I provision groups within Azure AD such as admins or super users for Assure?
• All permissions and groups, including Admins and Users are handled within
Assure. All Azure AD needs to do is provide authentication to Assure.
16. Does the “Is Current User” checkbox on Assure users affect SSO logins?
• Yes, if you uncheck the “Is Current User” on the user you will get the Assure
error “Error: User not found or authorised for access.” (As shown above in step 12)
17. Does Assure support auto provisioning from Azure AD?
• All user provisioning is done through Assure. There is currently no support for
Auto provisioning.
18. Can I use a user object property, such as “email”, instead of the UPN to authenticate
with Assure?
• Yes. It is important to note that if this once this is configured Assure will
prefer the Email Property but will fall back to the UPN property if there is no
Email configured on an individual user object.