Submit a ticket My Tickets
Welcome
Login  Sign up
  1. Hoist Apps
  2. Solution home
  3. Hoist Setup
  4. Managing Users

Microsoft single-sign-on

Modified on: Wed, 8 Nov, 2023 at 1:37 PM

Your Hoist portal should be protected by SSO (Single Sign-On) and in this guide, we will be going through how to set this up for Microsoft/Azure Active Directory. This will allow you to either allow everyone in your organisation direct access to Hoist or only allow a certain number of user groups. To complete this work we require a ClientID from an Enterprise Application hosted inside of your Azure portal - if you're unsure, please reach out to your IT or Cloud admin for them to follow this guide.


  • Go to portal.azure.com
  • Search 'Enterprise Applications' in the top search bar
  • Create '+ New Application' along the top
  • Click ‘Create your own application’ on the top-left of the page
  • Give your app a name. We recommend: Hoist - CompanyName
  • Select the middle option, ‘Register an application to integrate with Azure AD (App you're developing)’
  • Supported Account types shouldn’t change, keep it on ‘Single tenant’
  • Redirect URI
    • Select Single-page App
    • For a full implementation:
      • https://ai.companyname.com (this is your choice)
    • For a Trial:
  • Go back to Enterprise Applications and search for your new app

OPTIONAL STEP:If you only want certain people in your organisation to have access, then do this. Otherwise everyone will have access by default.
  • Click on Manage -> Properties on the left hand menu
  • Change Assignment required to ‘Yes’
  • Save
  • Click on Manage -> Users and Groups on the left hand menu
  • Search for the users and add them to the application

CONTINUE HERE IF NOT DOING OPTIONAL STEP
  • Click on Manage -> Single sign-on on the left hand menu
  • Then under the Configure your application properties, click on the ‘Go to application’ button. This will take you to the App Registration (you can also just use the main search bar at the top to go to App Reg and then search for your app with the same name)
  • Click on Manage -> Authentication on the left hand menu
  • Add the additional URI to the Single-page App: https://trial-companyname.hoist.io/confirm-account
  • Under Front-channel logout URL add: https://trial-companyname.hoist.io/logout
  • Select BOTH tick boxes under ‘Implicit grant and hybrid flows’
  • Ensure the toggle is set to ‘Yes’ for Allow public client flows at the bottom of the page
  • Click on Manage -> Certifications & Secrets on the left hand menu
  • Click on ‘Client Secrets’
  • Add new secret
  • Give it a name companyname and select 24 months
  • Click on Manage -> Expose an API on the left hand menu
  • Add a scope
  • The first pop-up wants you to initialise the API, just click next/accept
  • Give it the name ‘access’ which will then add /access onto the end of the URL You should end up with a URL that looks like this for example - api://821u3812u89813129889dkjfs1231/access
  • Who can consent to ‘Admins and users’
  • Application Access under the next two required fields
  • Click on Manage -> API permissions on the left hand menu
  • Add permission
  • Middle option of ‘APIs my organization uses’
  • Search ‘Hoist’ and then select Hoist - Trial - CompanyName
  • Tick the ‘access’ permission and then ‘Add permissions’ button along the bottom and then save
  • Use the left-hand menu and go to the 'Overview' page, it will be the top one
  • COPY the Application (client) ID and send this over to me :-)

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.

Related Articles